Merge branch 'main' into patch-35

EXPEkesheth · web-flow · commit 3246a1cf90c1 · 2023-01-13T14:09:45.000-08:00
diff --git a/articles/aks/TOC.yml b/articles/aks/TOC.yml
@@ -6,7 +6,7 @@
       href: intro-kubernetes.md
     - name: Quotas and regional limits
       href: quotas-skus-regions.md
-    - name: Supported Kubernetes version
+    - name: Supported Kubernetes versions
       href: supported-kubernetes-versions.md
     - name: Add-ons, extensions, and other integrations
       href: integrations.md
@@ -94,7 +94,7 @@
       href: concepts-network.md
     - name: Storage
       href: concepts-storage.md
-    - name: Scale
+    - name: Scaling
       href: concepts-scale.md
     - name: Node auto-repair
       href: node-auto-repair.md
diff --git a/articles/aks/azure-ad-rbac.md b/articles/aks/azure-ad-rbac.md
@@ -184,6 +184,8 @@ kubectl create namespace dev
 
 > [!NOTE]
 > In Kubernetes, *Roles* define the permissions to grant, and *RoleBindings* apply them to desired users or groups. These assignments can be applied to a given namespace, or across the entire cluster. For more information, see [Using Kubernetes RBAC authorization][rbac-authorization].
+>
+> If the user you grant the Kubernetes RBAC binding for is in the same Azure AD tenant, assign permissions based on the *userPrincipalName (UPN)*. If the user is in a different Azure AD tenant, query for and use the *objectId* property instead.
 
 3. Create a Role for the *dev* namespace, which grants full permissions to the namespace. In production environments, you can specify more granular permissions for different users or groups. Create a file named `role-dev-namespace.yaml` and paste the following YAML manifest:
 
diff --git a/articles/aks/concepts-security.md b/articles/aks/concepts-security.md
@@ -15,31 +15,18 @@ Container security protects the entire end-to-end pipeline from build to the app
 The Secure Supply Chain includes the build environment and registry.
 
 Kubernetes includes security components, such as *pod security standards* and *Secrets*. Meanwhile, Azure includes components like Active Directory, Microsoft Defender for Containers, Azure Policy, Azure Key Vault, network security groups and orchestrated cluster upgrades. AKS combines these security components to:
+
 * Provide a complete Authentication and Authorization story.
 * Leverage AKS Built-in Azure Policy to secure your applications.
 * End-to-End insight from build through your application with Microsoft Defender for Containers.
 * Keep your AKS cluster running the latest OS security updates and Kubernetes releases.
 * Provide secure pod traffic and access to sensitive credentials.
 
-This article introduces the core concepts that secure your applications in AKS:
-
-- [Security concepts for applications and clusters in Azure Kubernetes Service (AKS)](#security-concepts-for-applications-and-clusters-in-azure-kubernetes-service-aks)
-  - [Build security](#build-security)
-  - [Registry security](#registry-security)
-  - [Cluster security](#cluster-security)
-  - [Node security](#node-security)
-    - [Compute isolation](#compute-isolation)
-  - [Cluster upgrades](#cluster-upgrades)
-    - [Cordon and drain](#cordon-and-drain)
-  - [Network security](#network-security)
-    - [Azure network security groups](#azure-network-security-groups)
-  - [Application Security](#application-security)
-  - [Kubernetes Secrets](#kubernetes-secrets)
-  - [Next steps](#next-steps)
+This article introduces the core concepts that secure your applications in AKS.
 
 ## Build Security
 
-As the entry point for the Supply Chain, it is important to conduct static analysis of image builds before they are promoted down the pipeline. This includes vulnerability and compliance assessment. It is not about failing a build because it has a vulnerability, as that will break development. It is about looking at the "Vendor Status" to segment based on vulnerabilities that are actionable by the development teams. Also leverage "Grace Periods" to allow developers time to remediate identified issues. 
+As the entry point for the Supply Chain, it is important to conduct static analysis of image builds before they are promoted down the pipeline. This includes vulnerability and compliance assessment. It is not about failing a build because it has a vulnerability, as that will break development. It is about looking at the "Vendor Status" to segment based on vulnerabilities that are actionable by the development teams. Also leverage "Grace Periods" to allow developers time to remediate identified issues.
 
 ## Registry Security
 
diff --git a/articles/azure-arc/data/release-notes.md b/articles/azure-arc/data/release-notes.md
@@ -17,6 +17,22 @@ ms.custom: references_regions, devx-track-azurecli, event-tier1-build-2022
 
 This article highlights capabilities, features, and enhancements recently released or improved for Azure Arc-enabled data services.
 
+## January 13, 2023
+
+### Image tag
+
+`v1.15.0_2023-01-10`
+
+For complete release version information, see [Version log](version-log.md#january-13-2023).
+
+New for this release:
+
+- Arc data services:
+   - Kafka separate mode - Description of this change and all customer and developer impacts are enumerated in the linked feature.
+
+- Arc-SQL MI
+   - Time series functions are available.
+
 ## December 13, 2022
 
 ### Image tag
diff --git a/articles/azure-arc/data/version-log.md b/articles/azure-arc/data/version-log.md
@@ -17,6 +17,17 @@ ms.topic: conceptual
 
 This article identifies the component versions with each release of Azure Arc-enabled data services.
 
+## January 13, 2023
+
+|Component|Value|
+|-----------|-----------|
+|Container images tag |`v1.15.0_2023-01-10`|
+|CRD names and version|`datacontrollers.arcdata.microsoft.com`: v1beta1, v1 through v6<br/>`exporttasks.tasks.arcdata.microsoft.com`: v1beta1, v1, v2<br/>`kafkas.arcdata.microsoft.com`: v1beta1, v1beta2<br/>`monitors.arcdata.microsoft.com`: v1beta1, v1, v2<br/>`sqlmanagedinstances.sql.arcdata.microsoft.com`: v1beta1, v1 through v7<br/>`postgresqls.arcdata.microsoft.com`: v1beta1, v1beta2, v1beta3<br/>`sqlmanagedinstancerestoretasks.tasks.sql.arcdata.microsoft.com`: v1beta1, v1<br/>`failovergroups.sql.arcdata.microsoft.com`: v1beta1, v1beta2, v1 through v2<br/>`activedirectoryconnectors.arcdata.microsoft.com`: v1beta1, v1beta2, v1<br/>`sqlmanagedinstancereprovisionreplicatask.tasks.sql.arcdata.microsoft.com`: v1beta1<br/>`telemetrycollectors.arcdata.microsoft.com`: v1beta1, v1beta2, v1beta3 *use to be otelcollectors*<br/>`telemetryrouters.arcdata.microsoft.com`: v1beta1, v1beta2, v1beta3, v1beta4<br/>`sqlmanagedinstancemonitoringprofiles.arcdata.microsoft.com`: v1beta1, v1beta2<br/>|
+|Azure Resource Manager (ARM) API version|2022-06-15-preview|
+|`arcdata` Azure CLI extension version|1.4.9 ([Download](https://aka.ms/az-cli-arcdata-ext))|
+|Arc-enabled Kubernetes helm chart extension version|1.14.0|
+|Azure Arc Extension for Azure Data Studio<br/>`arc`<br/>`azcli`|*No Changes*<br/>1.7.0 ([Download](https://aka.ms/ads-arcdata-ext))</br>1.7.0 ([Download](https://aka.ms/ads-azcli-ext))|
+
 ## December 13, 2022
 
 |Component|Value|
diff --git a/articles/azure-vmware/concepts-private-clouds-clusters.md b/articles/azure-vmware/concepts-private-clouds-clusters.md
@@ -3,7 +3,7 @@ title: Concepts - Private clouds and clusters
 description: Learn about the key capabilities of Azure VMware Solution software-defined data centers and VMware vSphere clusters. 
 ms.topic: conceptual
 ms.service: azure-vmware
-ms.date: 10/25/2022
+ms.date: 1/10/2023
 ms.custom: engagement-fy23
 ---
 
@@ -46,9 +46,14 @@ The diagram shows a single Azure subscription with two private clouds that repre
 
 ## Host monitoring and remediation
 
-Azure VMware Solution continuously monitors the health of both the underlay and the VMware components. When Azure VMware Solution detects a failure, it takes action to repair the failed components. When Azure VMware Solution detects a degradation or failure on an Azure VMware Solution node, it triggers the host remediation process.
+Azure VMware Solution continuously monitors the health of both the VMware components and underlay. When Azure VMware Solution detects a failure, it takes action to repair the failed components. When Azure VMware Solution detects a degradation or failure on an Azure VMware Solution node, it triggers the host remediation process.
 
-Host remediation involves replacing the faulty node with a new healthy node in the cluster. Then, when possible, the faulty host is placed in VMware vSphere maintenance mode. VMware vMotion moves the VMs off the faulty host to other available servers in the cluster, potentially allowing zero downtime for live migration of workloads. If the faulty host can't be placed in maintenance mode, the host is removed from the cluster.
+Host remediation involves replacing the faulty node with a new healthy node in the cluster. Then, when possible, the faulty host is placed in VMware vSphere maintenance mode. VMware vMotion moves the VMs off the faulty host to other available servers in the cluster, potentially allowing zero downtime for live migration of workloads. If the faulty host can't be placed in maintenance mode, the host is removed from the cluster. Before the faulty host is removed, the customer workloads will be migrated to a newly added host.
+
+> [!TIP]
+> **Customer communication:** An email is sent to the customer's email address before the replacement is initiated and again after the replacement is successful. 
+> 
+> To receive emails related to host replacement, you need to be added to any of the following Azure RBAC roles in the subscription: 'ServiceAdmin', 'CoAdmin', 'Owner', 'Contributor'.
 
 Azure VMware Solution monitors the following conditions on the host:  
 
@@ -66,7 +71,7 @@ Azure VMware Solution monitors the following conditions on the host:
 - Connection failure
 
 > [!NOTE]
-> Azure VMware Solution tenant admins must not edit or delete the above defined VMware vCenter Server alarms, as these are managed by the Azure VMware Solution control plane on vCenter Server. These alarms are used by Azure VMware Solution monitoring to trigger the Azure VMware Solution host remediation process.
+> Azure VMware Solution tenant admins must not edit or delete the previously defined VMware vCenter Server alarms because they are managed by the Azure VMware Solution control plane on vCenter Server. These alarms are used by Azure VMware Solution monitoring to trigger the Azure VMware Solution host remediation process.
 
 ## Backup and restoration
 
diff --git a/articles/cognitive-services/Speech-Service/spx-basics.md b/articles/cognitive-services/Speech-Service/spx-basics.md
@@ -149,7 +149,7 @@ spx synthesize --voices
 Here's a command for using one of the voices you've discovered.
 
 ```console
-spx synthesize --text "Bienvenue chez moi." --voice fr-CA-Caroline --speakers
+spx synthesize --text "Bienvenue chez moi." --voice fr-FR-AlainNeural --speakers
 ```
 
 > [!TIP]
diff --git a/articles/healthcare-apis/fhir/smart-on-fhir.md b/articles/healthcare-apis/fhir/smart-on-fhir.md
@@ -26,22 +26,18 @@ Below tutorials provide steps to enable SMART on FHIR applications with FHIR Ser
 - [Enable cross-origin resource sharing (CORS)](configure-cross-origin-resource-sharing.md)
 - [Register public client application in Azure AD](https://learn.microsoft.com/azure/healthcare-apis/azure-api-for-fhir/register-public-azure-ad-client-app)
      - After registering the application, make note of the applicationId for client application.
+- Ensure you have access to Azure Subscription of FHIR service, to create resources and add role assignments.
      
-## SMART on FHIR using samples 
-
-As a pre-requisite , ensure you have access to Azure Subscription of FHIR service, to create resources and add role assignments.
+## SMART on FHIR using AHDS Samples OSS
 
 ### Step 1 : Set up FHIR SMART user role 
 Follow the steps listed under section [Manage Users: Assign Users to Role](https://learn.microsoft.com/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal). Any user added to this role will be able to access the FHIR Service if their requests comply with the SMART on FHIR implementation Guide, such as request having access token which includes a fhirUser claim and a clinical scopes claim.  The access granted to the users in this role will then be limited by the resources associated to their fhirUser compartment and the restrictions in the clinical scopes.
 
 ### Step 2 : FHIR server integration with samples
 [Follow the steps](https://github.com/Azure-Samples/azure-health-data-services-samples/blob/main/samples/Patient%20and%20Population%20Services%20G10/docs/deployment.md) under Azure Health Data Service Samples OSS. This will enable integration of FHIR server with other Azure Services (such as APIM, Azure functions and more).
 
-This is our preferred approach, as it demonstrates to Health IT developers steps needed to comply with 21st Century Act Criterion §170.315(g)(10) Standardized API for patient and population services criterion.
-
-
 > [!NOTE]
-> These samples are open-source code, and you should review the information and licensing terms on GitHub before using it. They are not part of the Azure Health Data Service and are not supported by Microsoft Support. These samples can be used to demonstrate how Azure Health Data Services and other open-source tools can be used together to demonstrate ONC (g)(10) compliance, using Azure Active Directory as the identity provider workflow.  
+> Samples are open-source code, and you should review the information and licensing terms on GitHub before using it. They are not part of the Azure Health Data Service and are not supported by Microsoft Support. These samples can be used to demonstrate how Azure Health Data Services and other open-source tools can be used together to demonstrate ONC (g)(10) compliance, using Azure Active Directory as the identity provider workflow.  
 
 
 ## SMART on FHIR Proxy
diff --git a/articles/iot-hub/virtual-network-support.md b/articles/iot-hub/virtual-network-support.md
diff --git a/articles/load-balancer/whats-new.md b/articles/load-balancer/whats-new.md
diff --git a/articles/private-link/private-endpoint-dns.md b/articles/private-link/private-endpoint-dns.md
