Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into github-1

Author: duongau

articles/aks/open-service-mesh-troubleshoot.md

@@ -319,4 +319,4 @@ Information on how OSM issues and manages certificates to Envoy proxies running
 
 ### Upgrading Envoy
 
-When a new pod is created in a namespace monitored by the add-on, OSM will inject an [envoy proxy sidecar](https://docs.openservicemesh.io/docs/guides/app_onboarding/sidecar_injection/) in that pod. Information regarding how to update the envoy version can be found in the [Upgrade Guide](https://docs.openservicemesh.io/docs/getting_started/upgrade/#envoy) on the OpenServiceMesh docs site.
+When a new pod is created in a namespace monitored by the add-on, OSM will inject an [envoy proxy sidecar](https://docs.openservicemesh.io/docs/guides/app_onboarding/sidecar_injection/) in that pod. Information regarding how to update the envoy version can be found in the [Upgrade Guide](https://docs.openservicemesh.io/docs/getting_started/) on the OpenServiceMesh docs site.

articles/azure-functions/storage-considerations.md

@@ -13,7 +13,7 @@ Azure Functions requires an Azure Storage account when you create a function app
 |---------|---------|
 | [Azure Blob Storage](../storage/blobs/storage-blobs-introduction.md)     | Maintain bindings state and function keys.  <br/>Also used by [task hubs in Durable Functions](durable/durable-functions-task-hubs.md). |
 | [Azure Files](../storage/files/storage-files-introduction.md)  | File share used to store and run your function app code in a [Consumption Plan](consumption-plan.md) and [Premium Plan](functions-premium-plan.md). <br/>Azure Files is set up by default, but you can [create an app without Azure Files](#create-an-app-without-azure-files) under certain conditions. |
-| [Azure Queue Storage](../storage/queues/storage-queues-introduction.md)     | Used by [task hubs in Durable Functions](durable/durable-functions-task-hubs.md).   |
+| [Azure Queue Storage](../storage/queues/storage-queues-introduction.md)     | Used by [task hubs in Durable Functions](durable/durable-functions-task-hubs.md) and for failure and retry handling by [specific Azure Functions](./functions-bindings-storage-blob-trigger.md) triggers.   |
 | [Azure Table Storage](../storage/tables/table-storage-overview.md)  |  Used by [task hubs in Durable Functions](durable/durable-functions-task-hubs.md).       |
 
 > [!IMPORTANT]

articles/defender-for-cloud/media/release-notes/gcp-foundational.png

@@ -25,7 +25,7 @@ If you're looking for the latest release notes, you'll find them in the [What's
 | [Deprecating the recommendation to use service principals to protect your subscriptions](#deprecating-the-recommendation-to-use-service-principals-to-protect-your-subscriptions) | February 2022 |
 | [Moving recommendation Vulnerabilities in container security configurations should be remediated from the secure score to best practices](#moving-recommendation-vulnerabilities-in-container-security-configurations-should-be-remediated-from-the-secure-score-to-best-practices) | February 2022 |
 | [Changes to recommendations for managing endpoint protection solutions](#changes-to-recommendations-for-managing-endpoint-protection-solutions) | March 2022 |
-| [AWS recommendations to GA](#aws-recommendations-to-ga) | March 2022 |
+| [AWS and GCP recommendations to GA](#aws-and-gcp-recommendations-to-ga) | March 2022 |
 | [Relocation of custom recommendations](#relocation-of-custom-recommendations) | March 2022 |
 | [Deprecating Microsoft Defender for IoT device recommendations](#deprecating-microsoft-defender-for-iot-device-recommendations)| March 2022 |
 | [Deprecating Microsoft Defender for IoT device alerts](#deprecating-microsoft-defender-for-iot-device-alerts) | March 2022 |
@@ -84,26 +84,37 @@ Learn more:
 - [Defender for Cloud's supported endpoint protection solutions](supported-machines-endpoint-solutions-clouds-servers.md#endpoint-supported)
 - [How these recommendations assess the status of your deployed solutions](endpoint-protection-recommendations-technical.md)
 
-### AWS recommendations to GA
+### AWS and GCP recommendations to GA
 
 **Estimated date for change:** March 2022
 
-There are currently AWS recommendations in the preview stage. These recommendations come from the AWS Foundational Security Best Practices standard which is assigned by default. All of the recommendations will become Generally Available (GA) in March 2022.
+There are currently AWS and GCP recommendations in the preview stage. These recommendations come from the AWS Foundational Security Best Practices and GCP default standards which are assigned by default. All of the recommendations will become Generally Available (GA) in March 2022.
 
 When these recommendations go live, their impact will be included in the calculations of your secure score. Expect changes to your secure score.
 
+#### AWS recommendations
+
 **To find these recommendations**:
 
 1. Navigate to **Environment settings** > **`AWS connector`** > **Standards (preview)**.
 1. Right click on **AWS Foundational Security Best Practices (preview)**, and select **view assessments**.
 
 :::image type="content" source="media/release-notes/aws-foundational.png" alt-text="Screenshot showing the location of the AWS Foundational Security Best Practices (preview).":::
 
+#### GCP recommendations
+
+**To find these recommendations**:
+
+1. Navigate to **Environment settings** > **`GCP connector`** > **Standards (preview)**.
+1. Right click on **GCP Default (preview)**, and select **view assessments**.
+
+:::image type="content" source="media/release-notes/gcp-foundational.png" alt-text="Screenshot showing the location of the GCP Default (preview).":::
+
 ### Relocation of custom recommendations
 
 **Estimated date for change:** March 2022
 
-Custom recommendation are those created by a user, and have no impact on the secure score. Therefore, the custom recommendations are being relocated from the Secure score recommendations tab to the All recommendations tab.
+Custom recommendations are those created by a user, and have no impact on the secure score. Therefore, the custom recommendations are being relocated from the Secure score recommendations tab to the All recommendations tab.
 
 When the move occurs, the custom recommendations will be found via a new "recommendation type" filter.
 

articles/defender-for-cloud/upcoming-changes.md

@@ -113,9 +113,9 @@ A private-link resource is the destination target of a specified private endpoin
  
 ## Network security of private endpoints 
 
-When you use private endpoints, traffic is secured to a private-link resource. The platform does an access control to validate network connections that reach only the specified private-link resource. To access more resources within the same Azure service, you need additional private endpoints. 
- 
-You can completely lock down your workloads to prevent them from accessing public endpoints to connect to a supported Azure service. This control provides an extra network security layer to your resources, and this security provides protection that helps prevent access to other resources that are hosted on the same Azure service. 
+When you use private endpoints, traffic is secured to a private-link resource. The platform validates network connections, allowing only those that reach the specified private-link resource. To access additional sub-resources within the same Azure service, additional private endpoints with corresponding targets are required. In the case of Azure Storage, for instance, you would need separate private endpoints to access the _file_ and _blob_ sub-resources.
+
+Private endpoints provide a privately accessible IP address for the Azure service, but do not necessarily restrict public network access to it. [Azure App Service](tutorial-private-endpoint-webapp-portal.md) and [Azure Functions](../azure-functions/functions-create-vnet.md) become inaccessible publicly when they are associated with a private endpoint. All other Azure services require additional [access controls](../event-hubs/event-hubs-ip-filtering.md), however. These controls provide an extra network security layer to your resources, providing protection that helps prevent access to the Azure service associated with the private-link resource. 
 
 ## Access to a private-link resource using approval workflow 
 
@@ -151,7 +151,7 @@ The consumers can request a connection to a private-link service by using either
 
 ## DNS configuration
 
-The DNS settings that you use to connect to a private-link resource are important. Ensure that your DNS settings are correct when you use the fully qualified domain name (FQDN) for the connection. The settings must resolve to the private IP address of the private endpoint. Existing Azure services might already have a DNS configuration you can use when you're connecting over a public endpoint. This configuration must be overwritten so that you can connect by using your private endpoint. 
+The DNS settings that you use to connect to a private-link resource are important. Existing Azure services might already have a DNS configuration you can use when you're connecting over a public endpoint. To connect to the same service over private endpoint, separate DNS settings, often configured via private DNS zones, are required. Ensure that your DNS settings are correct when you use the fully qualified domain name (FQDN) for the connection. The settings must resolve to the private IP address of the private endpoint. 
 
 The network interface associated with the private endpoint contains the information that's required to configure your DNS. The information includes the FQDN and private IP address for a private-link resource. 
 

articles/private-link/private-endpoint-overview.md

@@ -83,6 +83,8 @@
       href: time-series-insights-parameterized-urls.md
 - name: How-to guides
   items:
+  - name: Migrate to Azure Data Explorer
+    href: migration-to-adx.md
   - name: Grant data access
     href: concepts-access-policies.md
   - name: Connect to Event Hubs
@@ -125,6 +127,8 @@
       items:
       - name: How to migrate to new API versions
         href: how-to-api-migration.md
+      - name: How to migrate to Azure Data Explorer
+        href: how-to-tsi-gen2-migration.md
   - name: Azure Time Series Insights Gen1
     items:
     - name: Explore Time Series Insights
@@ -145,6 +149,8 @@
       href: time-series-insights-environment-mitigate-latency.md
     - name: Diagnose and troubleshoot
       href: time-series-insights-diagnose-and-solve-problems.md
+    - name: How to migrate to Azure Data Explorer
+      href: how-to-tsi-gen1-migration.md
 - name: Reference
   items:
   - name: Time Series Insights

articles/time-series-insights/TOC.yml

@@ -0,0 +1,158 @@
+---
+title: 'Time Series Insights Gen1 migration to Azure Data Explorer | Microsoft Docs'
+description: How to migrate Azure Time Series Insights Gen 1 environments to Azure Data Explorer.
+ms.service: time-series-insights
+services: time-series-insights
+author: tedvilutis
+ms.author: tvilutis
+manager: 
+ms.workload: big-data
+ms.topic: conceptual
+ms.date: 3/15/2022
+ms.custom: tvilutis
+---
+
+# Migrating Time Series Insights Gen1 to Azure Data Explorer
+
+## Overview
+
+The recommendation is to set up Azure Data Explorer cluster with a new consumer group from the Event Hub or IoT Hub and wait for retention period to pass and fill Azure Data Explorer with the same data as Time Series Insights environment.
+If telemetry data is required to be exported from Time Series Insights environment, the suggestion is to use Time Series Insights Query API to download the events in batches and serialize in required format. 
+For reference data, Time Series Insights Explorer or Reference Data API can be used to download reference data set and upload it into Azure Data Explorer as another table. Then, materialized views in Azure Data Explorer can be used to join reference data with telemetry data. Use materialized view with arg_max() aggregation function which will get the latest record per entity, as demonstrated in the following example. For more information about materialized views, read the following documentation: [Materialized views use cases] (./data-explorer/kusto/management/materialized-views/materialized-view-overview.md#materialized-views-use-cases).
+
+```
+.create materialized-view MVName on table T
+{
+    T
+    | summarize arg_max(Column1,*) by Column2
+}
+```
+## Translate Time Series Insights Queries to KQL
+
+For queries, the recommendation is to use KQL in Azure Data Explorer.
+
+#### Events
+```TSQ
+{
+  "searchSpan": {
+    "from": "2021-11-29T22:09:32.551Z",
+    "to": "2021-12-06T22:09:32.551Z"
+  },
+  "predicate": {
+    "predicateString": "([device_id] = 'device_0') AND ([has_error] != null OR [error_code] != null)"
+  },
+  "top": {
+    "sort": [
+      {
+        "input": {
+          "builtInProperty": "$ts"
+        },
+        "order": "Desc"
+      }
+    ],
+    "count": 100
+  }
+}
+```
+```KQL
+	events
+| where _timestamp >= datetime("2021-11-29T22:09:32.551Z") and _timestamp < datetime("2021-12-06T22:09:32.551Z") and deviceid == "device_0" and (not(isnull(haserror)) or not(isempty(errorcode)))
+| top 100 by _timestamp desc
+
+```
+
+#### Aggregates
+
+```TSQ
+{
+    "searchSpan": {
+      "from": "2021-12-04T22:30:00Z",
+      "to": "2021-12-06T22:30:00Z"
+    },
+    "predicate": {
+      "eq": {
+        "left": {
+          "property": "DeviceId",
+          "type": "string"
+        },
+        "right": "device_0"
+      }
+    },
+    "aggregates": [
+      {
+        "dimension": {
+          "uniqueValues": {
+            "input": {
+              "property": "DeviceId",
+              "type": "String"
+            },
+            "take": 1
+          }
+        },
+        "aggregate": {
+          "dimension": {
+            "dateHistogram": {
+              "input": {
+                "builtInProperty": "$ts"
+              },
+              "breaks": {
+                "size": "2d"
+              }
+            }
+          },
+          "measures": [
+            {
+              "count": {}
+            },
+            {
+              "sum": {
+                "input": {
+                  "property": "DataValue",
+                  "type": "Double"
+                }
+              }
+            },
+            {
+              "min": {
+                "input": {
+                  "property": "DataValue",
+                  "type": "Double"
+                }
+              }
+            },
+            {
+              "max": {
+                "input": {
+                  "property": "DataValue",
+                  "type": "Double"
+                }
+              }
+            }
+          ]
+        }
+      }
+    ]
+  }
+
+```
+```KQL
+	let _q = events | where _timestamp >= datetime("2021-12-04T22:30:00Z") and _timestamp < datetime("2021-12-06T22:30:00Z") and deviceid == "device_0";
+let _dimValues0 = _q | project deviceId | sample-distinct 1 of deviceId;
+_q
+| where deviceid in (_dimValues0) or isnull(deviceid)
+| summarize
+    _meas0 = count(),
+    _meas1 = iff(isnotnull(any(datavalue)), sum(datavalue), any(datavalue)),
+    _meas2 = min(datavalue),
+    _meas3 = max(datavalue),
+    by _dim0 = deviceid, _dim1 = bin(_timestamp, 2d)
+| project
+    _dim0,
+    _dim1,
+    _meas0,
+    _meas1,
+    _meas2,
+    _meas3,
+| sort by _dim0 nulls last, _dim1 nulls last
+```
+