Merge pull request #270346 from MicrosoftDocs/main

Publish to Live Wednesday 4AM PST 3/27

Author: PMEds28

articles/ai-services/speech-service/speech-synthesis-markup-pronunciation.md

@@ -93,7 +93,7 @@ Usage of the `lexicon` element's attributes are described in the following table
 
 The supported values for attributes of the `lexicon` element were [described previously](#custom-lexicon).
 
-After you publish your custom lexicon, you can reference it from your SSML. The following SSML example references a custom lexicon that was uploaded to `https://www.example.com/customlexicon.xml`. 
+After you publish your custom lexicon, you can reference it from your SSML. The following SSML example references a custom lexicon that was uploaded to `https://www.example.com/customlexicon.xml`. We support lexicon URLs from Azure Blob Storage, Azure Media Services (AMS) Storage, and GitHub. However, note that other public URLs may not be compatible.
 
 ```xml
 <speak version="1.0" xmlns="http://www.w3.org/2001/10/synthesis"
@@ -116,7 +116,7 @@ To define how multiple entities are read, you can define them in a custom lexico
 
 Here are some limitations of the custom lexicon file:
 
-- **File size**: The custom lexicon file size is limited to a maximum of 100 KB. If the file size exceeds the 100-KB limit, the synthesis request fails.
+- **File size**: The custom lexicon file size is limited to a maximum of 100 KB. If the file size exceeds the 100-KB limit, the synthesis request fails. You can split your lexicon into multiple lexicons and include them in SSML if the file size exceeds 100 KB.
 - **Lexicon cache refresh**: The custom lexicon is cached with the URI as the key on text to speech when it's first loaded. The lexicon with the same URI isn't reloaded within 15 minutes, so the custom lexicon change needs to wait 15 minutes at the most to take effect.
 
 The supported elements and attributes of a custom lexicon XML file are described in the [Pronunciation Lexicon Specification (PLS) Version 1.0](https://www.w3.org/TR/pronunciation-lexicon/). Here are some examples of the supported elements and attributes:

articles/azure-arc/system-center-virtual-machine-manager/enable-guest-management-at-scale.md

@@ -7,7 +7,7 @@ author: Farha-Bano
 ms.author: v-farhabano
 manager: jsuri
 ms.topic: how-to 
-ms.date: 03/12/2024
+ms.date: 03/27/2024
 keywords: "VMM, Arc, Azure"
 
 #Customer intent: As an IT infrastructure admin, I want to install arc agents to use Azure management services for SCVMM VMs.
@@ -47,7 +47,12 @@ An admin can install agents for multiple machines from the Azure portal if the m
 2. Select all the machines and choose the **Enable in Azure** option.
 3. Select **Enable guest management** checkbox to install Arc agents on the selected machine.
 4. If you want to connect the Arc agent via proxy, provide the proxy server details.
-5. Provide the administrator username and password for the machine.
+5. If you want to connect Arc agent via private endpoint, follow these [steps](../servers/private-link-security.md) to set up Azure private link. 
+
+      >[!Note]
+      > Private endpoint connectivity is only available for Arc agent to Azure communications. For Arc resource bridge to Azure connectivity, Azure Private link isn't supported.
+
+6. Provide the administrator username and password for the machine.
 
     >[!Note]
     > For Windows VMs, the account must be part of the local administrator group; and for Linux VM, it must be a root account.

articles/azure-arc/vmware-vsphere/enable-guest-management-at-scale.md

@@ -2,7 +2,7 @@
 title: Install Arc agent at scale for your VMware VMs
 description: Learn how to enable guest management at scale for Arc enabled VMware vSphere VMs. 
 ms.topic: how-to
-ms.date: 11/06/2023
+ms.date: 03/27/2024
 ms.service: azure-arc
 ms.subservice: azure-arc-vmware-vsphere
 author: Farha-Bano
@@ -43,7 +43,12 @@ An admin can install agents for multiple machines from the Azure portal if the m
 
 4. If you want to connect the Arc agent via proxy, provide the proxy server details.
 
-5. Provide the administrator username and password for the machine. 
+5. If you want to connect Arc agent via private endpoint, follow these [steps](../servers/private-link-security.md) to set up Azure private link. 
+
+      >[!Note]
+      > Private endpoint connectivity is only available for Arc agent to Azure communications. For Arc resource bridge to Azure connectivity, Azure private link isn't supported.
+
+6. Provide the administrator username and password for the machine. 
 
 > [!NOTE]
 > For Windows VMs, the account must be part of local administrator group; and for Linux VM, it must be a root account.

articles/azure-arc/vmware-vsphere/support-matrix-for-arc-enabled-vmware-vsphere.md

@@ -2,7 +2,7 @@
 title: Plan for deployment
 description: Learn about the support matrix for Arc-enabled VMware vSphere including vCenter Server versions supported, network requirements, and more.
 ms.topic: how-to 
-ms.date: 11/06/2023
+ms.date: 03/27/2024
 ms.service: azure-arc
 ms.subservice: azure-arc-vmware-vsphere
 author: Farha-Bano
@@ -38,6 +38,9 @@ You need a vSphere account that can:
 
 This account is used for the ongoing operation of Azure Arc-enabled VMware vSphere and the deployment of the Azure Arc resource bridge VM.
 
+>[!Important]
+> If there are any changes to the credentials of the vSphere account after onboarding, follow these [steps](./administer-arc-vmware.md#updating-the-vsphere-account-credentials-using-a-new-password-or-a-new-vsphere-account-after-onboarding) to update the credentials in Arc Resource Bridge and VMware cluster extension. 
+
 ### Resource bridge resource requirements
 
 For Arc-enabled VMware vSphere, resource bridge has the following minimum virtual hardware requirements

articles/azure-web-pubsub/tutorial-build-chat.md

@@ -417,6 +417,7 @@ import com.azure.messaging.webpubsub.WebPubSubServiceClient;
 import com.azure.messaging.webpubsub.WebPubSubServiceClientBuilder;
 import com.azure.messaging.webpubsub.models.GetClientAccessTokenOptions;
 import com.azure.messaging.webpubsub.models.WebPubSubClientAccessToken;
+import com.azure.messaging.webpubsub.models.WebPubSubContentType;
 import io.javalin.Javalin;
 
 public class App {

articles/communication-services/how-tos/calling-sdk/includes/raise-hand/raise-hand-web.md

@@ -60,15 +60,15 @@ const raisedHandChangedHandler = (event) => {
 const loweredHandChangedHandler = (event) => {
     console.log(`Participant ${event.identifier} lowered hand`);
 };
-raiseHandFeature.on('raisedHandChanged', raisedHandChangedHandler):
-raiseHandFeature.on('loweredHandChanged', loweredHandChangedHandler):
+raiseHandFeature.on('raisedHandEvent', raisedHandChangedHandler):
+raiseHandFeature.on('loweredHandEvent', loweredHandChangedHandler):
 ```
 The `raisedHandChanged` and `loweredHandChanged` events contain an object with the `identifier` property, which represents the participant's communication identifier. In the example above, we log a message to the console indicating that a participant has raised their hand.
 
 To unsubscribe from the events, you can use the `off` method.
 
 ### List of all participants with active state
-To get information about all participants that have raised hand state on current call, you can use the `getRaisedHands` api. he returned array is sorted by the order field.
+To get information about all participants that have raised hand state on current call, you can use the `getRaisedHands` api. The returned array is sorted by the order field.
 Here's an example of how to use the `getRaisedHands` API:
 ```js
 const raiseHandFeature = call.feature(Features.RaiseHand );
@@ -79,4 +79,4 @@ let participantsWithRaisedHands = raiseHandFeature.getRaisedHands();
 The `participantsWithRaisedHands` variable will contain an array of participant objects, where each object has the following properties:
 `identifier`: the communication identifier of the participant
 `order`: the order in which the participant raised their hand
-You can use this information to display a list of participants with the Raise Hand state and their order in the queue.
+You can use this information to display a list of participants with the Raise Hand state and their order in the queue.

articles/compliance/index.yml

@@ -12,7 +12,7 @@ metadata:
   author: TerryLanfear
   ms.author: terrylan
   manager: rkarlin
-  ms.date: 06/12/2022
+  ms.date: 03/26/2024
 
 conceptualContent:
 # itemType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
@@ -400,14 +400,13 @@ conceptualContent:
           itemType: concept
           text: UK PASF
 
-
 additionalContent:
 #  Maximum of 3 sections
   sections:
 
 #  Section 1
-    - title: Additional compliance resources
-      summary: To access a resource you may need to be signed into your cloud service 
+    - title: More compliance resources
+      summary: To access a resource, you may need to be signed into your cloud service. 
       items:
 
         - title: Privacy and GDPR

articles/defender-for-cloud/defender-for-cloud-introduction.md

@@ -43,7 +43,7 @@ Defender for Cloud includes Foundational CSPM capabilities for free. You can als
 | Capability | What problem does it solve? | Get started | Defender plan |
 |--|--|--|--|
 | [Centralized policy management](security-policy-concept.md) | Define the security conditions that you want to maintain across your environment. The policy translates to recommendations that identify resource configurations that violate your security policy. The [Microsoft cloud security benchmark](concept-regulatory-compliance.md) is a built-in standard that applies security principles with detailed technical implementation guidance for Azure and other cloud providers (such as AWS and GCP). | [Customize a security policy](create-custom-recommendations.md) | Foundational CSPM (Free) |
-| [Secure score]( secure-score-security-controls.md) | Summarize your security posture based on the security recommendations. As you remediate recommendations, your secure score improves. | [Track your secure score](secure-score-access-and-track.md) | Foundational CSPM (Free) |
+| [Secure score](secure-score-security-controls.md) | Summarize your security posture based on the security recommendations. As you remediate recommendations, your secure score improves. | [Track your secure score](secure-score-access-and-track.md) | Foundational CSPM (Free) |
 | [Multicloud coverage](plan-multicloud-security-get-started.md) | Connect to your multicloud environments with agentless methods for CSPM insight and CWP protection. | Connect your [Amazon AWS](quickstart-onboard-aws.md) and [Google GCP](quickstart-onboard-gcp.md) cloud resources to Defender for Cloud | Foundational CSPM (Free) |
 | [Cloud Security Posture Management (CSPM)](concept-cloud-security-posture-management.md) | Use the dashboard to see weaknesses in your security posture. | [Enable CSPM tools](enable-enhanced-security.md) | Foundational CSPM (Free) |
 | [Advanced Cloud Security Posture Management](concept-cloud-security-posture-management.md) | Get advanced tools to identify weaknesses in your security posture, including:</br>- Governance to drive actions to improve your security posture</br>- Regulatory compliance to verify compliance with security standards</br>- Cloud security explorer to build a comprehensive view of your environment | [Enable CSPM tools](enable-enhanced-security.md) | Defender CSPM |
@@ -66,7 +66,7 @@ When your environment is threatened, security alerts right away indicate the nat
 | Protect cloud databases | Protect your entire database estate with attack detection and threat response for the most popular database types in Azure to protect the database engines and data types, according to their attack surface and security risks. | [Deploy specialized protections for cloud and on-premises databases](quickstart-enable-database-protections.md) | - Defender for Azure SQL Databases</br>- Defender for SQL servers on machines</br>- Defender for Open-source relational databases</br>- Defender for Azure Cosmos DB |
 | Protect containers | Secure your containers so you can improve, monitor, and maintain the security of your clusters, containers, and their applications with environment hardening, vulnerability assessments, and run-time protection. | [Find security risks in your containers](defender-for-containers-introduction.md) | Defender for Containers |
 | [Infrastructure service insights](asset-inventory.md) | Diagnose weaknesses in your application infrastructure that can leave your environment susceptible to attack. | - [Identify attacks targeting applications running over App Service](defender-for-app-service-introduction.md)</br>- [Detect attempts to exploit Key Vault accounts](defender-for-key-vault-introduction.md)</br>- [Get alerted on suspicious Resource Manager operations](defender-for-resource-manager-introduction.md)</br>- [Expose anomalous DNS activities](defender-for-dns-introduction.md) | - Defender for App Service</br>- Defender for Key Vault</br>- Defender for Resource Manager</br>- Defender for DNS |
-| [Security alerts](alerts-overview.md) | Get informed of real-time events that threaten the security of your environment. Alerts are categorized and assigned severity levels to indicate proper responses. | [Manage security alerts]( managing-and-responding-alerts.md) | Any workload protection Defender plan |
+| [Security alerts](alerts-overview.md) | Get informed of real-time events that threaten the security of your environment. Alerts are categorized and assigned severity levels to indicate proper responses. | [Manage security alerts](managing-and-responding-alerts.md) | Any workload protection Defender plan |
 | [Security incidents](alerts-overview.md#what-are-security-incidents) | Correlate alerts to identify attack patterns and integrate with Security Information and Event Management (SIEM), Security Orchestration Automated Response (SOAR), and IT Service Management (ITSM) solutions to respond to threats and limit the risk to your resources. | [Export alerts to SIEM, SOAR, or ITSM systems](export-to-siem.md) | Any workload protection Defender plan |
 
 [!INCLUDE [Defender for DNS note](./includes/defender-for-dns-note.md)]

articles/defender-for-cloud/defender-for-containers-architecture.md

@@ -84,7 +84,7 @@ When you enable the agentless discovery for Kubernetes extension, the following
 
 These components are required in order to receive the full protection offered by Microsoft Defender for Containers:
 
-- **[Azure Arc-enabled Kubernetes](../azure-arc/kubernetes/overview.md)** - Azure Arc-enabled Kubernetes - An sensor based solution, installed on one node in the cluster, that connects your clusters to Defender for Cloud. Defender for Cloud is then able to deploy the following two agents as [Arc extensions](../azure-arc/kubernetes/extensions.md):
+- **[Azure Arc-enabled Kubernetes](../azure-arc/kubernetes/overview.md)** - Azure Arc-enabled Kubernetes - A sensor based solution, installed on one node in the cluster, that connects your clusters to Defender for Cloud. Defender for Cloud is then able to deploy the following two agents as [Arc extensions](../azure-arc/kubernetes/extensions.md):
 
 - **Defender sensor**: The DaemonSet that is deployed on each node, collects host signals using [eBPF technology](https://ebpf.io/) and Kubernetes audit logs, to provide runtime protection. The sensor is registered with a Log Analytics workspace, and used as a data pipeline. However, the audit log data isn't stored in the Log Analytics workspace. The Defender sensor is deployed as an Arc-enabled Kubernetes extension.
 

articles/defender-for-cloud/faq-general.yml

@@ -165,7 +165,7 @@ sections:
           - The Azure Management app ID (797f4846-ba00-4fd7-ba43-dac1f8f63013), or all apps, are included in the **Apps** section of your MFA CA policy
           - The Azure Management app ID isn't excluded in the **Apps** section of your MFA CA policy
           - OR condition is used with only MFA, or AND condition is used with MFA 
-          - A Conditional Access policy enforcing MFA through [Authentication Strengths](https://learn.microsoft.com/entra/identity/authentication/concept-authentication-strengths) is currently not supported in our evaluation
+          - A Conditional Access policy enforcing MFA through [Authentication Strengths](/entra/identity/authentication/concept-authentication-strengths) is currently not supported in our evaluation.
  
       - question: |
           We're using a third-party MFA tool to enforce MFA. Why do we still get the Defender for Cloud recommendations?