Merge pull request #266629 from MicrosoftDocs/main

Publish to live, Sunday 4:00PM PST, 02/18

Author: Stacyrch140

.openpublishing.redirection.json

@@ -10640,11 +10640,6 @@
             "redirect_url": "/azure/orbital/overview",
             "redirect_document_id": false
         },
-        {
-            "source_path_from_root": "/articles/load-balancer/cross-region-overview.md",
-            "redirect_url": "/azure/reliability/reliability-load-balancer",
-            "redirect_document_id": false
-        },
         {
             "source_path_from_root": "/articles/load-balancer/load-balancer-standard-availability-zones.md",
             "redirect_url": "/azure/reliability/reliability-load-balancer",

articles/azure-monitor/agents/azure-monitor-agent-data-collection-endpoint.md

@@ -267,35 +267,7 @@ New-AzConnectedMachineExtension -Name AzureMonitorLinuxAgent -ExtensionType Azur
    `Stop-Service -Name <gateway-name>` and
    `Start-Service -Name <gateway-name>`.
 
-## Enable network isolation for Azure Monitor Agent
-
-By default, Azure Monitor Agent connects to a public endpoint to connect to your Azure Monitor environment. To enable network isolation for your agents, create [data collection endpoints](../essentials/data-collection-endpoint-overview.md) and add them to your [Azure Monitor Private Link Scopes (AMPLS)](../logs/private-link-configure.md#connect-azure-monitor-resources).
-
-### Create a data collection endpoint
-
-[Create a data collection endpoint](../essentials/data-collection-endpoint-overview.md#create-a-data-collection-endpoint) for each of your regions so that agents can connect instead of using the public endpoint. An agent can only connect to a DCE in the same region. If you have agents in multiple regions, you must create a DCE in each one.
-
-### Create a private link
-
-With [Azure Private Link](../../private-link/private-link-overview.md), you can securely link Azure platform as a service (PaaS) resources to your virtual network by using private endpoints. An Azure Monitor private link connects a private endpoint to a set of Azure Monitor resources that define the boundaries of your monitoring network. That set is called an Azure Monitor Private Link Scope. For information on how to create and configure your AMPLS, see [Configure your private link](../logs/private-link-configure.md).
-
-### Add DCEs to AMPLS
-
-Add the data collection endpoints to a new or existing [Azure Monitor Private Link Scopes](../logs/private-link-configure.md#connect-azure-monitor-resources) resource. This process adds the DCEs to your private DNS zone (see [how to validate](../logs/private-link-configure.md#review-and-validate-your-private-link-setup)) and allows communication via private links. You can do this task from the AMPLS resource or on an existing DCE resource's **Network isolation** tab.
-
-> [!NOTE]
-> Other Azure Monitor resources like the Log Analytics workspaces configured in your data collection rules that you want to send data to must be part of this same AMPLS resource.
-
-For your data collection endpoints, ensure the **Accept access from public networks not connected through a Private Link Scope** option is set to **No** on the **Network Isolation** tab of your endpoint resource in the Azure portal. This setting ensures that public internet access is disabled and network communication only happens via private links.
-<!-- convertborder later -->
-:::image type="content" source="media/azure-monitor-agent-dce/data-collection-endpoint-network-isolation.png" lightbox="media/azure-monitor-agent-dce/data-collection-endpoint-network-isolation.png" alt-text="Screenshot that shows configuring data collection endpoint network isolation." border="false":::
-
-### Associate DCEs to target machines
-Associate the data collection endpoints to the target resources by editing the data collection rule in the Azure portal. On the **Resources** tab, select **Enable Data Collection Endpoints**. Select a DCE for each virtual machine. See [Configure data collection for Azure Monitor Agent](../agents/data-collection-rule-azure-monitor-agent.md).
-<!-- convertborder later -->
-:::image type="content" source="media/azure-monitor-agent-dce/data-collection-rule-virtual-machines-with-endpoint.png" lightbox="media/azure-monitor-agent-dce/data-collection-rule-virtual-machines-with-endpoint.png" alt-text="Screenshot that shows configuring data collection endpoints for an agent." border="false":::
-
 ## Next steps
 
 - [Associate endpoint to machines](../agents/data-collection-rule-azure-monitor-agent.md#create-a-data-collection-rule)
-- [Add endpoint to AMPLS resource](../logs/private-link-configure.md#connect-azure-monitor-resources).
+- [Enable network isolation for Azure Monitor Agent by using Private Link](../agents/azure-monitor-agent-private-link.md).

articles/azure-monitor/agents/azure-monitor-agent-private-link.md

@@ -0,0 +1,41 @@
+---
+title: Enable network isolation for Azure Monitor Agent by using Private Link
+description: Enable network isolation for Azure Monitor Agent.
+ms.topic: conceptual
+ms.date: 5/1/2023
+ms.custom: references_region
+ms.reviewer: jeffwo
+
+---
+
+# Enable network isolation for Azure Monitor Agent by using Private Link
+
+By default, Azure Monitor Agent connects to a public endpoint to connect to your Azure Monitor environment. This article explains how to enable network isolation for your agents by using [Azure Private Link](../../private-link/private-link-overview.md).
+
+## Prerequisites
+
+- A [data collection rule](../essentials/data-collection-rule-create-edit.md), which defines the data Azure Monitor Agent collects and the destination to which the agent sends data. 
+
+## Link your data collection endpoints to your Azure Monitor Private Link Scope
+
+1. [Create a data collection endpoint](../essentials/data-collection-endpoint-overview.md#create-a-data-collection-endpoint) for each of your regions for agents to connect to instead of using the public endpoint. An agent can only connect to a data collection endpoint in the same region. If you have agents in multiple regions, create a data collection endpoint in each one.
+
+1. [Configure your private link](../logs/private-link-configure.md). You'll use the private link to connect your data collection endpoint to a set of Azure Monitor resources that define the boundaries of your monitoring network. This set is called an Azure Monitor Private Link Scope.
+
+1. [Add the data collection endpoints to your Azure Monitor Private Link Scope](../logs/private-link-configure.md#connect-azure-monitor-resources) resource. This process adds the data collection endpoints to your private DNS zone (see [how to validate](../logs/private-link-configure.md#review-and-validate-your-private-link-setup)) and allows communication via private links. You can do this task from the AMPLS resource or on an existing data collection endpoint resource's **Network isolation** tab.
+
+    > [!IMPORTANT]
+    > Other Azure Monitor resources like the Log Analytics workspaces configured in your data collection rules that you want to send data to must be part of this same AMPLS resource.
+ 
+    For your data collection endpoints, ensure the **Accept access from public networks not connected through a Private Link Scope** option is set to **No** on the **Network Isolation** tab of your endpoint resource in the Azure portal. This setting ensures that public internet access is disabled and network communication only happens via private links.
+     
+    :::image type="content" source="media/azure-monitor-agent-dce/data-collection-endpoint-network-isolation.png" lightbox="media/azure-monitor-agent-dce/data-collection-endpoint-network-isolation.png" alt-text="Screenshot that shows configuring data collection endpoint network isolation." border="false":::
+    
+1. Associate the data collection endpoints to the target resources by editing the data collection rule in the Azure portal. On the **Resources** tab, select **Enable Data Collection Endpoints**. Select a data collection endpoint for each virtual machine. See [Configure data collection for Azure Monitor Agent](../agents/data-collection-rule-azure-monitor-agent.md).
+ 
+    :::image type="content" source="media/azure-monitor-agent-dce/data-collection-rule-virtual-machines-with-endpoint.png" lightbox="media/azure-monitor-agent-dce/data-collection-rule-virtual-machines-with-endpoint.png" alt-text="Screenshot that shows configuring data collection endpoints for an agent." border="false":::
+
+
+## Next steps
+
+- Learn more about [Best practices for monitoring virtual machines in Azure Monitor](../best-practices-vm.md).

articles/azure-monitor/autoscale/autoscale-custom-metric.md

@@ -144,7 +144,9 @@ If you're not going to continue to use this application, delete resources.
 
     :::image type="content" source="media/autoscale-custom-metric/delete-web-app.png" alt-text="Screenshot that shows the App Service page where you can delete the web app.":::
 
-1. On the **App Service plans** page, select **Delete**. The autoscale settings are deleted along with the App Service plan.
+1. On the **Autoscale setting** page, in the **JSON** tab, select the trash bin icon next to the **Autoscale setting name**. Note that the autoscale settings are not deleted along with the App Service plan unless you delete the resource group. If you dont delete the Autoscale settings and you recreate an app service plan with the same name, it will inherit the original autoscale settings.
+
+1. On the **App Service plans** page, select **Delete**. 
 
     :::image type="content" source="media/autoscale-custom-metric/delete-service-plan.png" alt-text="Screenshot that shows the App Service plans page where you can delete the App Service plan.":::
 

articles/azure-monitor/containers/container-insights-private-link.md

@@ -14,7 +14,7 @@ This article describes how to configure Container insights to use Azure Private
 ## Cluster using managed identity authentication
 Use the following procedures to enable network isolation by connecting your cluster to the Log Analytics workspace using [Azure Private Link](../logs/private-link-security.md) if your cluster is using managed identity authentication.
 
-1. Follow the steps in [Enable network isolation for the Azure Monitor agent](../agents/azure-monitor-agent-data-collection-endpoint.md#enable-network-isolation-for-azure-monitor-agent) to create a data collection endpoint (DCE) and add it to your Azure Monitor private link service (AMPLS).
+1. Follow the steps in [Enable network isolation for Azure Monitor Agent by using Private Link](../agents/azure-monitor-agent-private-link.md) to create a data collection endpoint (DCE) and add it to your Azure Monitor private link service (AMPLS).
 
 1. Create an association between the cluster and the DCE by using the following API call. For information on this call, see [Data collection rule associations - Create](/rest/api/monitor/data-collection-rule-associations/create). The DCR association name must be **configurationAccessEndpoint**, and `resourceUri` is the resource ID of the AKS cluster.
 

articles/azure-monitor/essentials/resource-logs.md

@@ -36,7 +36,7 @@ In this mode, individual tables in the selected workspace are created for each c
 
 All Azure services will eventually migrate to the resource-specific mode.
 
-The preceding example creates three tables:
+The example below creates three tables:
 
 - Table `Service1AuditLogs`
 

articles/azure-monitor/toc.yml

@@ -702,6 +702,8 @@ items:
         href: agents/azure-monitor-agent-send-data-to-event-hubs-and-storage.md
     - name: Define network settings
       href: agents/azure-monitor-agent-data-collection-endpoint.md
+    - name: Configure Private Link for Azure Monitor Agent
+      href: agents/azure-monitor-agent-private-link.md
     - name: Migrate from Log Analytics Agent
       items:
       - name: Migration guidance