Merge pull request #222930 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: huypub

articles/active-directory/roles/admin-units-assign-roles.md

@@ -50,7 +50,7 @@ The following Azure AD roles can be assigned with administrative unit scope. Add
 | [SharePoint Administrator](permissions-reference.md#sharepoint-administrator) | Can manage Microsoft 365 groups in the assigned administrative unit only. For SharePoint sites associated with Microsoft 365 groups in an administrative unit, can also update site properties (site name, URL, and external sharing policy) using the Microsoft 365 admin center. Cannot use the SharePoint admin center or SharePoint APIs to manage sites. |
 | [Teams Administrator](permissions-reference.md#teams-administrator) | Can manage Microsoft 365 groups in the assigned administrative unit only.  Can manage team members in the Microsoft 365 admin center for teams associated with groups in the assigned administrative unit only.  Cannot use the Teams admin center. |
 | [Teams Devices Administrator](permissions-reference.md#teams-devices-administrator) | Can perform management related tasks on Teams certified devices. |
-| [User Administrator](permissions-reference.md#user-administrator) | Can manage all aspects of users and groups, including resetting passwords for limited admins within the assigned administrative unit only. |
+| [User Administrator](permissions-reference.md#user-administrator) | Can manage all aspects of users and groups, including resetting passwords for limited admins within the assigned administrative unit only. Cannot currently manage users' profile photographs. |
 | [<Custom role>](custom-create.md) | Can perform actions that apply to users, groups, or devices, according to the definition of the custom role. |
 
 Certain role permissions apply only to non-administrator users when assigned with the scope of an administrative unit. In other words, administrative unit scoped [Helpdesk Administrators](permissions-reference.md#helpdesk-administrator) can reset passwords for users in the administrative unit only if those users do not have administrator roles. The following list of permissions are restricted when the target of an action is another administrator:

articles/application-gateway/ingress-controller-install-new.md

@@ -46,9 +46,9 @@ Follow the steps below to create an Azure Active Directory (Azure AD) [service p
     The `appId` and `password` values from the JSON output will be used in the following steps
 
 
-1. Use the `appId` from the previous command's output to get the `objectId` of the new service principal:
+1. Use the `appId` from the previous command's output to get the `id` of the new service principal:
     ```azurecli
-    objectId=$(az ad sp show --id $appId --query "objectId" -o tsv)
+    objectId=$(az ad sp show --id $appId --query "id" -o tsv)
     ```
     The output of this command is `objectId`, which will be used in the Azure Resource Manager template below
 
@@ -250,8 +250,13 @@ Kubernetes. We'll use it to install the `application-gateway-kubernetes-ingress`
     nano helm-config.yaml
     ```
 
+   > [!NOTE]
+   > **For deploying to Sovereign Clouds (e.g., Azure Government)**, the `appgw.environment` configuration parameter must be added and set to the appropriate value as documented below.
+
+
    Values:
      - `verbosityLevel`: Sets the verbosity level of the AGIC logging infrastructure. See [Logging Levels](https://github.com/Azure/application-gateway-kubernetes-ingress/blob/463a87213bbc3106af6fce0f4023477216d2ad78/docs/troubleshooting.md#logging-levels) for possible values.
+     - `appgw.environment`: Sets cloud environment. Possbile values: `AZURECHINACLOUD`, `AZUREGERMANCLOUD`, `AZUREPUBLICCLOUD`, `AZUREUSGOVERNMENTCLOUD`
      - `appgw.subscriptionId`: The Azure Subscription ID in which Application Gateway resides. Example: `a123b234-a3b4-557d-b2df-a0bc12de1234`
      - `appgw.resourceGroup`: Name of the Azure Resource Group in which Application Gateway was created. Example: `app-gw-resource-group`
      - `appgw.name`: Name of the Application Gateway. Example: `applicationgatewayd0f0`
@@ -347,4 +352,4 @@ kubectl apply -f aspnetapp.yaml
 
 ## Other Examples
 This [how-to guide](ingress-controller-expose-service-over-http-https.md) contains more examples on how to expose an AKS
-service via HTTP or HTTPS, to the Internet with Application Gateway.
+service via HTTP or HTTPS, to the Internet with Application Gateway.

articles/communication-services/quickstarts/call-automation/includes/callflow-for-customer-interactions-csharp.md

@@ -20,7 +20,7 @@ You can download the sample app from [GitHub](https://github.com/Azure-Samples/c
 
 - An Azure account with an active subscription.
 - Azure Communication Services resource. See [Create an Azure Communication Services resource](../../create-communication-resource.md?tabs=windows&pivots=platform-azp). Note the resource connection string for this quickstart by navigating to your resource selecting 'Keys' from the left side menu.
-- [Acquire a phone number for your Communication Service resource](../../telephony/get-phone-number.md?pivots=programming-language-csharp). Note the phone number you acquired for use in this quickstart. 
+- [Acquire a phone number for your Communication Service resource](../../telephony/get-phone-number.md?pivots=programming-language-csharp) or connect your carrier using [Azure direct routing](../../../concepts/telephony/direct-routing-infrastructure.md). Note the phone number you acquired or provisioned using Azure direct routing for use in this quickstart. 
 - The latest [.NET library](https://dotnet.microsoft.com/download/dotnet-core) for your operating system. .NET 6.0 or higher is recommended as this quickstart uses the minimal API feature.
 - The latest version of Visual Studio 2022 (17.4.0 or higher)
 - An audio file for the message you want to play in the call. This audio should be accessible via a url. 
@@ -45,6 +45,8 @@ dotnet add <path-to-project> package Azure.Messaging.EventGrid
 
 In this quick-start, you'll use the new [Visual Studio Dev Tunnels](/connectors/custom-connectors/port-tunneling) feature to obtain a public domain name so that your local application is reachable by the Call Automation platform on the Internet. The public name is needed to receive the Event Grid `IncomingCall` event and Call Automation events using webhooks.
 
+Note by default the dev tunnels are disabled in Visual Studio. To enable dev tunnels, please go to Tools, than Options and enable dev tunnels in Preview Features menu.
+
 If you haven't already configured your workstation, be sure to follow the steps in [this guide](/connectors/custom-connectors/port-tunneling). Once configured, your workstation will acquire a public domain name automatically allowing us to use the environment variable `["VS_TUNNEL_URL"]` as shown below.
 
 Set up your Event Grid subscription to receive the `IncomingCall` event by reading [this guide](../../../concepts/call-automation/incoming-call-notification.md).
@@ -157,4 +159,4 @@ Within Visual Studio select the Run button or press F5 on your keyboard. You sho
 
 In order to receive the `IncomingCall` event for the inbound PSTN call, you must configure an Event Grid subscription as described in this [concepts guide](../../../concepts/call-automation/incoming-call-notification.md). The most important thing to remember is that an Event Grid webhook subscription must be validated against a working web server. Since you've started the project in the previous step, and you have a public FQDN, set the webhook address in your subscription to the Dev Tunnel obtained by Visual Studio plus the path to your POST endpoint (i.e. `https://<dev_tunnel_fqdn>/api/incomingCall`).
 
-Once your webhook subscription has been validated, it will show up in the portal and you're now ready to test your application by making an inbound call.
+Once your webhook subscription has been validated, it will show up in the portal and you're now ready to test your application by making an inbound call.

articles/cost-management-billing/manage/assign-roles-azure-service-principals.md

@@ -191,7 +191,7 @@ Now you can use the SPN to automatically access EA APIs. The SPN has the Departm
       | --- | --- |
       | `properties.principalId` | It is the value of Object ID. See [Find your SPN and tenant ID](#find-your-spn-and-tenant-id). |
       | `properties.principalTenantId` | See [Find your SPN and tenant ID](#find-your-spn-and-tenant-id). |
-      | `properties.roleDefinitionId` | `/providers/Microsoft.Billing/billingAccounts/{BillingAccountID}/enrollmentAccounts/196987/billingRoleDefinitions/a0bcee42-bf30-4d1b-926a-48d21664ef71` |
+      | `properties.roleDefinitionId` | `/providers/Microsoft.Billing/billingAccounts/{BillingAccountID}/enrollmentAccounts/{enrollmentAccountID}/billingRoleDefinitions/a0bcee42-bf30-4d1b-926a-48d21664ef71` |
 
       The billing account name is the same parameter that you used in the API parameters. It's the enrollment ID that you see in the EA portal and the Azure portal.
 

articles/notification-hubs/notification-hubs-push-notification-registration-management.md

@@ -313,7 +313,7 @@ public async Task<HttpResponseMessage> Put(DeviceInstallation deviceUpdate)
 }
 ```
 
-### Example code to register with a notification hub from a device using a registration ID
+### Example code to register with a notification hub from a backend using a registration ID
 
 From your app backend, you can perform basic CRUDS operations on registrations. For example:
 

articles/storage/blobs/lifecycle-management-policy-configure.md

@@ -30,7 +30,7 @@ For a blob snapshot or version, the condition that is checked is the number of d
 
 ## Optionally enable access time tracking
 
-Before you configure a lifecycle management policy, you can choose to enable blob access time tracking. When access time tracking is enabled, a lifecycle management policy can include an action based on the time that the blob was last accessed with a read or write operation.
+Before you configure a lifecycle management policy, you can choose to enable blob access time tracking. When access time tracking is enabled, a lifecycle management policy can include an action based on the time that the blob was last accessed with a read or write operation.To minimize the effect on read access latency, only the first read of the last 24 hours updates the last access time. Subsequent reads in the same 24-hour period don't update the last access time. If a blob is modified between reads, the last access time is the more recent of the two values.
 
 #### [Portal](#tab/azure-portal)
 
@@ -229,4 +229,4 @@ A lifecycle management policy must be read or written in full. Partial updates a
 ## See also
 
 - [Optimize costs by automatically managing the data lifecycle](lifecycle-management-overview.md)
-- [Hot, Cool, and Archive access tiers for blob data](access-tiers-overview.md)
+- [Hot, Cool, and Archive access tiers for blob data](access-tiers-overview.md)

articles/virtual-desktop/troubleshoot-insights.md

@@ -12,7 +12,7 @@ manager: femila
 This article presents known issues and solutions for common problems in Azure Virtual Desktop Insights.
 
 >[!IMPORTANT]
->[The Log Analytics Agent is currently being deprecated](https://azure.microsoft.com/updates/were-retiring-the-log-analytics-agent-in-azure-monitor-on-31-august-2024/). While Azure Virtual Desktop Insights currently uses the Log Analytics Agent for Azure Virtual Desktop support, you'll eventually need to migrate to Azure Virtual Desktop Insights by August 31, 2024. We'll provide instructions for how to migrate when we release the update that allows Azure Virtual Desktop Insights to support the Azure Virtual Desktop Insights Agent. Until then, continue to use the Log Analytics Agent.
+>[The Log Analytics Agent is currently being deprecated](https://azure.microsoft.com/updates/were-retiring-the-log-analytics-agent-in-azure-monitor-on-31-august-2024/). While Azure Virtual Desktop Insights currently uses the Log Analytics Agent for Azure Virtual Desktop support, you'll eventually need to migrate to Azure Virtual Desktop Insights by August 31, 2024. We'll provide instructions for how to migrate when we release the update that allows Azure Virtual Desktop Insights to support the Azure Monitor Agent. Until then, continue to use the Log Analytics Agent.
 
 ## Issues with configuration and setup