Merge pull request #214795 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: huypub

articles/azure-monitor/agents/azure-monitor-agent-manage.md

@@ -418,7 +418,7 @@ Policy initiatives for Windows and Linux virtual machines, scale sets consist of
 #### Known issues
 
 - Managed Identity default behavior. [Learn more](../../active-directory/managed-identities-azure-resources/managed-identities-faq.md#what-identity-will-imds-default-to-if-dont-specify-the-identity-in-the-request).
-- Possible race condition with using built-in user-assigned identity creation policy. [Learn more](../../active-directory/managed-identities-azure-resources/how-to-assign-managed-identity-via-azure-policy.md#known-issues).
+- Possible rare condition with using built-in user-assigned identity creation policy. [Learn more](../../active-directory/managed-identities-azure-resources/how-to-assign-managed-identity-via-azure-policy.md#known-issues).
 - Assigning policy to resource groups. If the assignment scope of the policy is a resource group and not a subscription, the identity used by policy assignment (different from the user-assigned identity used by agent) must be manually granted [these roles](../../active-directory/managed-identities-azure-resources/how-to-assign-managed-identity-via-azure-policy.md#required-authorization) prior to assignment/remediation. Failing to do this step will result in *deployment failures*.
 - Other [Managed Identity limitations](../../active-directory/managed-identities-azure-resources/managed-identities-faq.md#limitations).
 

articles/azure-monitor/agents/azure-monitor-agent-migration-tools.md

@@ -2,7 +2,7 @@
 title: Tools for migrating to Azure Monitor Agent from legacy agents 
 description: This article describes various migration tools and helpers available for migrating from existing legacy agents to the new Azure Monitor agent (AMA) and data collection rules (DCR).
 ms.topic: conceptual
-author: guywild
+author: guywi-ms
 ms.author: guywild
 ms.reviewer: shseth
 ms.date: 8/18/2022 
@@ -14,7 +14,7 @@ ms.custom: devx-track-azurepowershell, devx-track-azurecli
 
 # Tools for migrating from Log Analytics Agent to Azure Monitor Agent 
 
-Azure Monitor Agent (AMA) replaces the Log Analytics Agent (MMA/OMS) for Windows and Linux virtual machines, scale sets, and on premise and Arc-enabled servers. The [benefits of migrating to Azure Monitor Agent](../agents/azure-monitor-agent-migration.md) include enhanced security, cost-effectiveness, performance, manageability and reliability. This article explains how to use the AMA Migration Helper and DCR Config Generator tools to help automate and track the migration from Log Analytics Agent to Azure Monitor Agent.
+Azure Monitor Agent (AMA) replaces the Log Analytics Agent (MMA/OMS) for Windows and Linux virtual machines, scale sets, on premise, 3rd party clouds and Arc-enabled servers. The [benefits of migrating to Azure Monitor Agent](../agents/azure-monitor-agent-migration.md) include enhanced security, cost-effectiveness, performance, manageability and reliability. This article explains how to use the AMA Migration Helper and DCR Config Generator tools to help automate and track the migration from Log Analytics Agent to Azure Monitor Agent.
 
 ![Flow diagram that shows the steps involved in agent migration and how the migration tools help in generating DCRs and tracking the entire migration process.](media/azure-monitor-agent-migration/mma-to-ama-migration-steps.png)  
 

articles/batch/virtual-file-mount.md

@@ -29,7 +29,7 @@ Mounting the file system to the pool, instead of letting tasks retrieve their ow
 
 Consider a scenario with multiple tasks requiring access to a common set of data, like rendering a movie. Each task renders one or more frames at a time from the scene files. By mounting a drive that contains the scene files, it's easier for compute nodes to access shared data.
 
-Additionally, the underlying file system can be chosen and scaled independently based on the performance and scale (throughput and IOPS) required by the number of compute nodes concurrently accessing the data. For example, you can use an [Avere vFXT](../avere-vfxt/avere-vfxt-overview.md) distributed in-memory cache to support large motion picture-scale renders with thousands of concurrent render nodes, accessing source data that is on-premises. Instead, for data that already is in cloud-based Blob storage, [blobfuse](../storage/blobs/storage-how-to-mount-container-linux.md) can be used to mount this data as a local file system. Blobfuse is only available on Linux nodes, though [Azure Files](../storage/files/storage-files-introduction.md) provides a similar workflow and is available on both Windows and Linux.
+Additionally, the underlying file system can be chosen and scaled independently based on the performance and scale (throughput and IOPS) required by the number of compute nodes concurrently accessing the data. For example, you can use an [Avere vFXT](../avere-vfxt/avere-vfxt-overview.md) distributed in-memory cache to support large motion picture-scale renders with thousands of concurrent render nodes, accessing source data that is on-premises. Instead, for data that already is in cloud-based Blob storage, [blobfuse](../storage/blobs/storage-how-to-mount-container-linux.md) can be used to mount this data as a local file system. Blobfuse is only available on Linux nodes (excluding Ubuntu 22.04), though [Azure Files](../storage/files/storage-files-introduction.md) provides a similar workflow and is available on both Windows and Linux.
 
 ## Mount a virtual file system on a pool  
 
@@ -447,9 +447,11 @@ Azure Batch supports the following virtual file system types for node agents pro
 
 | OS Type | Azure Files Share | Azure Blob container | NFS mount | CIFS mount |
 |---|---|---|---|---|
-| Linux | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
+| Linux | :heavy_check_mark: | :heavy_check_mark:* | :heavy_check_mark: | :heavy_check_mark: |
 | Windows | :heavy_check_mark: | :x: | :x: | :x: |
 
+_*Azure Blob container is **not** supported on Ubuntu 22.04_
+
 ## Networking requirements
 
 When using virtual file mounts with [Azure Batch pools in a virtual network](batch-virtual-network.md), keep in mind the following requirements and ensure no required traffic is blocked.

articles/firewall/firewall-faq.yml

@@ -156,17 +156,18 @@ sections:
         answer: |
          - **URL** - Asterisks work when placed on the right-most or left-most side. If it is on the left, it can't be part of the FQDN.
          - **FQDN** - Asterisks work when placed on the left-most side.
+         - **GENERAL** - Asterisks on the left-most side mean literally _anything_ to the left will match, meaning multiple subdomains and/or potentially unwanted domain name variations will be matched - see examples below.
 
          Examples:
 
 
            |Type  |Rule  |Supported?  |Positive examples  |
            |---------|---------|---------|---------|
            |TargetURL  |`www.contoso.com` |Yes|`www.contoso.com`<br>`www.contoso.com/`|
-           |TargetURL  |`*.contoso.com` |Yes|`any.contoso.com/`|
-           |TargetURL  |`*contoso.com`|Yes         |`example.anycontoso.com`<br>`sub1.example.anycontoso.com`<br>`contoso.com`|
+           |TargetURL  |`*.contoso.com` |Yes|`any.contoso.com/`<br>`sub1.any.contoso.com`|
+           |TargetURL  |`*contoso.com`|Yes         |`example.anycontoso.com`<br>`sub1.example.contoso.com`<br>`contoso.com`<br>Warning: this usage of wildcard will also allow potentially undesired/risky variations such as `th3re4lcontoso.com` - use with caution.|
            |TargetURL  |`www.contoso.com/test`|Yes|`www.contoso.com/test`<br>`www.contoso.com/test/`<br>`www.contoso.com/test?with_query=1`|
-           |TargetURL  |`www.contoso.com/test/*`|Yes|`www.contoso.com/test/anything`<br>Note - `www.contoso.com/test` will **not** match (last slash)|
+           |TargetURL  |`www.contoso.com/test/*`|Yes|`www.contoso.com/test/anything`<br>Note: `www.contoso.com/test` will **not** match (last slash)|
            |TargetURL  |`www.contoso.*/test/*`|No|         |
            |TargetURL  |`www.contoso.com/test?example=1`|No|         |
            |TargetURL  |`www.contoso.*`|No|         |
@@ -199,7 +200,7 @@ sections:
         answer: No. Azure Firewall doesn't need a subnet bigger than /26.
 
       - question: How can I increase my firewall throughput?
-        answer: Azure Firewall's initial throughput capacity is 2.5 - 3 Gbps and it scales out to 30 Gbps. It scales out automatically based on CPU usage and throughput.
+        answer: Azure Firewall's initial throughput capacity is 2.5 - 3 Gbps and it scales out to 30 Gbps for Standard SKU and 100 Gbps for Premium SKU. It scales out automatically based on CPU usage and throughput.
 
       - question: How long does it take for Azure Firewall to scale out?
         answer: |

articles/firewall/ftp-support.md

@@ -41,6 +41,18 @@ The following table shows the configuration required to support various FTP scen
 
 To deploy using Azure PowerShell, use the `AllowActiveFTP` parameter. For more information, see [Create a Firewall with Allow Active FTP](/powershell/module/az.network/new-azfirewall#16---create-a-firewall-with-allow-active-ftp-).
 
+## Update an existing Azure Firewall by using Azure PowerShell
+
+To update an existing Azure Firewall by using Azure PowerShell, switch the `AllowActiveFTP` parameter to 'True'.
+
+```azurepowershell
+$rgName = "resourceGroupName"
+$afwName = "afwName"
+$afw = Get-AzFirewall -Name $afwName -ResourceGroupName $rgName
+$afw.AllowActiveFTP = $true
+$afw | Set-AzFirewall
+```
+
 ## Deploy using Azure CLI
 
 To deploy using the Azure CLI, use the `--allow-active-ftp` parameter. For more information, see [az network firewall create](/cli/azure/network/firewall#az-network-firewall-create-optional-parameters). 
@@ -58,4 +70,4 @@ For more information, see [Microsoft.Network azureFirewalls](/azure/templates/mi
 
 ## Next steps
 
-To learn how to deploy an Azure Firewall, see [Deploy and configure Azure Firewall using Azure PowerShell](deploy-ps.md).
+To learn how to deploy an Azure Firewall, see [Deploy and configure Azure Firewall using Azure PowerShell](deploy-ps.md).

articles/machine-learning/how-to-configure-auto-train.md

@@ -180,7 +180,7 @@ Automated ML supports tabular data based tasks (classification, regression, fore
 
 Automated machine learning tries different models and algorithms during the automation and tuning process. As a user, there's no need for you to specify the algorithm. 
 
-The task method determines the list of algorithms/models, to apply. Use the `allowed_algorithms` or `blocked_training_algorithms` parameters in the `set_training()` setter function to further modify iterations with the available models to include or exclude. 
+The task method determines the list of algorithms/models, to apply. Use the `allowed_training_algorithms` or `blocked_training_algorithms` parameters in the `set_training()` setter function to further modify iterations with the available models to include or exclude. 
 
 In the following list of links you can explore the supported algorithms per machine learning task listed below.
 

articles/virtual-desktop/security-guide.md

@@ -83,7 +83,7 @@ Enabling audit log collection lets you view user and admin activity related to A
 
 ### Use RemoteApps
 
-When choosing a deployment model, you can either provide remote users access to entire virtual desktops or only select applications. Remote applications, or RemoteApps, provide a seamless experience as the user works with apps on their virtual desktop. RemoteApps reduce risk by only letting the user work with with a subset of the remote machine exposed by the application.
+When choosing a deployment model, you can either provide remote users access to entire virtual desktops or only select applications. Remote applications, or RemoteApps, provide a seamless experience as the user works with apps on their virtual desktop. RemoteApps reduce risk by only letting the user work with a subset of the remote machine exposed by the application.
 
 ### Monitor usage with Azure Monitor
 

includes/firewall-limits.md

@@ -13,7 +13,7 @@
 | Resource | Limit |
 | --- | --- |
 | Data throughput |30 Gbps|
-|Rule limits|10,000 unique source/destinations in network and application rules <br><br> **Unique source/destinations in network** = sum of (unique source addresses * unique destination addresses for each rule)|
+|Rule limits|10,000 unique source/destinations in network rules <br><br> **Unique source/destinations in network** = sum of (unique source addresses * unique destination addresses for each rule)|
 |Total size of rules within a single Rule Collection Group| 1 MB for Firewall policies created before July 2022<br>2 MB for Firewall policies created after July 2022|
 |Number of Rule Collection Groups in a firewall policy|50 for Firewall policies created before July 2022<br>100 for Firewall policies created after July 2022|
 |Maximum DNAT rules|250 maximum unique destinations (public IP address, port, and protocol)<br><br> The DNAT limitation is due to the underlying platform.<br><br>For example, you can configure 500 UDP rules to the same destination IP address and port (one unique destination), while 500 rules to the same IP address but to 500 different ports exceeds the limit (500 unique destinations).|