Merge pull request #244629 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: Taojunshen

articles/azure-maps/authentication-best-practices.md

@@ -28,7 +28,7 @@ When creating publicly facing client applications with Azure Maps, you must ensu
 
 Subscription key-based authentication (Shared Key) can be used in either client side applications or web services, however it's the least secure approach to securing your application or web service. The reason is the key is easily obtained from an HTTP request and grants access to all Azure Maps REST API available in the SKU (Pricing Tier). If you do use subscription keys, be sure to [rotate them regularly] and keep in mind that Shared Key doesn't allow for configurable lifetime, it must be done manually. You should also consider using [Shared Key authentication with Azure Key Vault], which enables you to securely store your secret in Azure.
 
-If using [Azure Active Directory (Azure AD) authentication] or [Shared Access Signature (SAS) Token authentication] (preview), access to Azure Maps REST APIs is authorized using [role-based access control (RBAC)]. RBAC enables you to control what access is given to the issued tokens. You should consider how long access should be granted for the tokens. Unlike Shared Key authentication, the lifetime of these tokens is configurable.
+If using [Azure Active Directory (Azure AD) authentication] or [Shared Access Signature (SAS) Token authentication], access to Azure Maps REST APIs is authorized using [role-based access control (RBAC)]. RBAC enables you to control what access is given to the issued tokens. You should consider how long access should be granted for the tokens. Unlike Shared Key authentication, the lifetime of these tokens is configurable.
 
 > [!TIP]
 >

articles/azure-maps/azure-maps-authentication.md

@@ -4,7 +4,7 @@ titleSuffix: Azure Maps
 description: "Learn about two ways of authenticating requests in Azure Maps: shared key authentication and Azure Active Directory (Azure AD) authentication."
 author: eriklindeman
 ms.author: eriklind
-ms.date: 05/25/2021
+ms.date: 07/05/2023
 ms.topic: conceptual
 ms.service: azure-maps
 services: azure-maps
@@ -112,11 +112,12 @@ When you configure Azure RBAC, you choose a security principal and apply it to a
 The following role definition types exist to support application scenarios.
 
 | Azure Role Definition                    | Description                                                                                                    |
-| :--------------------------------------- | :------------------------------------------------------------------------------------------------------------- |
+| :--------------------------------------- | :------------------------------------------------- |
 | Azure Maps Search and Render Data Reader | Provides access to only search and render Azure Maps REST APIs to limit access to basic web browser use cases. |
-| Azure Maps Data Reader                   | Provides access to immutable Azure Maps REST APIs.                                                             |
-| Azure Maps Data Contributor              | Provides access to mutable Azure Maps REST APIs. Mutability, defined by the actions: write and delete.         |
-| Custom Role Definition                   | Create a crafted role to enable flexible restricted access to Azure Maps REST APIs.                            |
+| Azure Maps Data Reader                   | Provides access to immutable Azure Maps REST APIs. |
+| Azure Maps Data Contributor              | Provides access to mutable Azure Maps REST APIs. Mutability, defined by the actions: write and delete. |
+| Azure Maps Data Read and Batch Role      |  This role can be used to assign read and batch actions on Azure Maps. |
+| Custom Role Definition                   | Create a crafted role to enable flexible restricted access to Azure Maps REST APIs. |
 
 Some Azure Maps services may require elevated privileges to perform write or delete actions on Azure Maps REST APIs. Azure Maps Data Contributor role is required for services, which provide write or delete actions. The following table describes what services Azure Maps Data Contributor is applicable when using write or delete actions. When only read actions are required, the Azure Maps Data Reader role can be used in place of the Azure Maps Data Contributor role.
 
@@ -169,10 +170,6 @@ Disabling local authentication doesn't take effect immediately. Allow a few minu
 
 ## Shared access signature token authentication
 
-[!INCLUDE [preview features callout](./includes/preview-callout.md)]
-
-Shared Access Signature token authentication is in preview.
-
 Shared access signature (SAS) tokens are authentication tokens created using the JSON Web token (JWT) format and are cryptographically signed to prove authentication for an application to the Azure Maps REST API. A SAS token, created by integrating a [user-assigned managed identity] with an Azure Maps account in your Azure subscription. The user-assigned managed identity is given authorization to the Azure Maps account through Azure RBAC using either built-in or custom role definitions.
 
 Functional key differences of SAS token from Azure AD Access tokens:

articles/azure-maps/geographic-scope.md

@@ -47,7 +47,7 @@ GET https://eu.atlas.microsoft.com/search/address/{format}?api-version=1.0&query
 
 ## Additional information
 
-For information on limiting what regions a SAS token can use in see [Authentication with Azure Maps]
+For information on limiting what regions a SAS token can use in, see [Authentication with Azure Maps].
 
 - [Azure geographies]
 - [Azure Government cloud support]

articles/azure-maps/how-to-secure-sas-app.md

@@ -12,7 +12,7 @@ manager: philema
 ms.custom: subject-rbac-steps, kr2b-contr-experiment, devx-track-azurecli
 ---
 
-# Secure an Azure Maps account with a SAS token (preview)
+# Secure an Azure Maps account with a SAS token
 
 This article describes how to create an Azure Maps account with a securely stored SAS token you can use to call the Azure Maps REST API.
 
@@ -305,7 +305,7 @@ The following steps describe how to create and configure an Azure Maps account w
             {
                 "name": "[parameters('accountName')]",
                 "type": "Microsoft.Maps/accounts",
-                "apiVersion": "2021-12-01-preview",
+                "apiVersion": "2023-06-01",
                 "location": "[parameters('location')]",
                 "sku": {
                     "name": "[parameters('pricingTier')]"
@@ -353,7 +353,7 @@ The following steps describe how to create and configure an Azure Maps account w
                     "expiry" : "[variables('sasParameters').expiry]"
                 },
                 "properties": {
-                    "value": "[listSas(variables('accountId'), '2021-12-01-preview', variables('sasParameters')).accountSasToken]"
+                    "value": "[listSas(variables('accountId'), '2023-06-01', variables('sasParameters')).accountSasToken]"
                 }
             }
         ]

articles/cosmos-db/hierarchical-partition-keys.md

@@ -289,6 +289,7 @@ PaymentEvent item = new PaymentEvent()
 PartitionKey partitionKey = new PartitionKeyBuilder()
             .Add(item.TenantId)
             .Add(item.UserId)
+            .Add(item.SessionId)
             .Build();
 
 // Create the item in the container

articles/cosmos-db/throughput-serverless.md

@@ -25,11 +25,11 @@ Azure Cosmos DB is available in two different capacity modes: [provisioned throu
 | Best suited for | Workloads with sustained traffic requiring predictable performance | Workloads with intermittent or unpredictable traffic and low average-to-peak traffic ratio |
 | How it works | For each of your containers, you configure some amount of provisioned throughput expressed in [Request Units (RUs)](request-units.md) per second. Every second, this quantity of Request Units is available for your database operations. Provisioned throughput can be updated manually or adjusted automatically with [autoscale](provision-throughput-autoscale.md). | You run your database operations against your containers without having to configure any previously provisioned capacity. |
 | Geo-distribution | Available (unlimited number of Azure regions) | Unavailable (serverless accounts can only run in a single Azure region) |
-| Maximum storage per container | Unlimited | 50 GB<sup>1</sup> |
+| Maximum storage per container | Unlimited | 1 TB<sup>1</sup> |
 | Performance | < 10-ms latency for point-reads and writes covered by SLA | < 10-ms latency for point-reads and < 30 ms for writes covered by SLO |
 | Billing model | Billing is done on a per-hour basis for the RU/s provisioned, regardless of how many RUs were consumed. | Billing is done on a per-hour basis for the number of RUs consumed by your database operations. |
 
-<sup>1</sup> Serverless containers up to 1 TB are currently in preview with Azure Cosmos DB. To try the new feature, register the *"Azure Cosmos DB Serverless 1 TB Container Preview"* [preview feature in your Azure subscription](../azure-resource-manager/management/preview-features.md).
+<sup>1</sup> Serverless containers up to 1 TB is GA. Maximum RU/sec availability is dependent on data stored in the container. See, [Serverless Performance](serverless-performance.md)
 
 ## Estimating your expected consumption
 

articles/external-attack-surface-management/what-is-discovery.md

@@ -37,7 +37,7 @@ For example, to discover Contoso’s infrastructure, you might use the domain, c
 | Data source | Example |
 |--|--|
 | WhoIs records | Other domain names registered to the same contact email or registrant org used to register contoso.com likely also belong to Contoso |
-| WhoIs records | All domain names registered to any @contoso.com email address likely also belong to Microsoft |
+| WhoIs records | All domain names registered to any @contoso.com email address likely also belong to Contoso |
 | Whois records | Other domains associated with the same name server as contoso.com may also belong to Contoso |
 | DNS records | We can assume that Contoso also owns all observed hosts on the domains it owns and any websites that are associated with those hosts |
 | DNS records | Domains with other hosts resolving to the same IP blocks might also belong to Contoso if the organization owns the IP block |

includes/managed-disks-ultra-disks-GA-scope-and-limitations.md

@@ -10,7 +10,7 @@ ms.author: rogarana
 ms.custom: include file
 ---
 
-Ultra disks can't be used as OS disks, they can only be created as empty data disks. Ultra disks also can't be used with some features and functionality, including disk export, changing disk type, VM images, availability sets, or Azure disk encryption. The size of an Ultra Disk can't be expanded without either deallocating the VM or detaching the disk. Azure Backup and Azure Site Recovery do not support ultra disks. In addition, only un-cached reads and un-cached writes are supported. Snapshots for ultra disks are available but have additional limitations. See [Incremental snapshots of Premium SSD v2 and Ultra Disks](../articles/virtual-machines/disks-incremental-snapshots.md#incremental-snapshots-of-premium-ssd-v2-and-ultra-disks) for details.
+Ultra disks can't be used as OS disks, they can only be created as empty data disks. Ultra disks also can't be used with some features and functionality, including disk export, changing disk type, trusted launch, VM images, availability sets, or Azure disk encryption. The size of an Ultra Disk can't be expanded without either deallocating the VM or detaching the disk. Azure Backup and Azure Site Recovery do not support ultra disks. In addition, only un-cached reads and un-cached writes are supported. Snapshots for ultra disks are available but have additional limitations. See [Incremental snapshots of Premium SSD v2 and Ultra Disks](../articles/virtual-machines/disks-incremental-snapshots.md#incremental-snapshots-of-premium-ssd-v2-and-ultra-disks) for details.
 
 Ultra disks support a 4k physical sector size by default. A 512E sector size is available as a generally available offering with no sign-up required. While most applications are compatible with 4k sector sizes, some require 512 byte sector sizes. Oracle Database, for example, requires release 12.2 or later in order to support 4k native disks. For older versions of Oracle DB, 512 byte sector size is required.