Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into rolyon-limits-entra-service-link

Author: rolyon

articles/azure-compute-fleet/faq.yml

@@ -79,7 +79,7 @@ sections:
       - question: |
           Can a Compute Fleet resource be moved ? 
         answer: |
-          No. Compute Fleet doesn't currently support that capability. If you need to move, you can consider deleting it and using the Azure Resource Manager template to create another one in another location/subscription/resource group.
+          No. Compute Fleet doesn't currently support that capability. If you need to move, you can consider deleting it and using the Azure Resource Manager template to create another one in another location, subscription, or resource group.
 
 
 

articles/azure-functions/functions-bindings-azure-sql-output.md

@@ -50,8 +50,8 @@ To return [multiple output bindings](./dotnet-isolated-process-guide.md#multiple
 public static class OutputType
 {
     [SqlOutput("dbo.ToDo", connectionStringSetting: "SqlConnectionString")]
-    public ToDoItem ToDoItem { get; set; }
-    public HttpResponseData HttpResponse { get; set; }
+    public static ToDoItem ToDoItem { get; set; }
+    public static HttpResponseData HttpResponse { get; set; }
 }
 ```
 

articles/azure-netapp-files/TOC.yml

@@ -369,6 +369,8 @@
         href: manage-default-individual-user-group-quotas.md
       - name: Manage storage with cool access 
         href: manage-cool-access.md
+      - name: Manage file access logs 
+        href: manage-file-access-logs.md
     - name: Update Terraform-managed volume
       href: terraform-manage-volume.md
   - name: Manage application volume groups 

articles/azure-netapp-files/azure-government.md

@@ -25,6 +25,7 @@ All [Azure NetApp Files features](whats-new.md) available on Azure public cloud
 | Azure NetApp Files features | Azure public cloud availability |  Azure Government availability |
 |:--- |:--- |:--- |
 | Azure NetApp Files large volumes | Generally available (GA) | Generally available [(select regions)](large-volumes-requirements-considerations.md#supported-regions) |
+| Azure NetApp Files file access logs | Public preview | Public preview [(select regions)](manage-file-access-logs.md#supported-regions) |
 
 ## Portal access
 

articles/azure-netapp-files/azure-netapp-files-create-volumes-smb.md

@@ -73,9 +73,9 @@ Before creating an SMB volume, you need to create an Active Directory connection
         The subnet you specify must be delegated to Azure NetApp Files. 
 
         If you haven't delegated a subnet, you can select **Create new** on the Create a Volume page. Then in the Create Subnet page, specify the subnet information, and select **Microsoft.NetApp/volumes** to delegate the subnet for Azure NetApp Files. In each VNet, only one subnet can be delegated to Azure NetApp Files.   
+      
+        :::image type="content" source="./media/shared/azure-netapp-files-create-subnet.png" alt-text="Screenshot of create new subnet interface." lightbox="./media/shared/azure-netapp-files-create-subnet.png":::
 
-        ![Create subnet](./media/shared/azure-netapp-files-create-subnet.png)
-
     * **Network features**  
         In supported regions, you can specify whether you want to use **Basic** or **Standard** network features for the volume. See [Configure network features for a volume](configure-network-features.md) and [Guidelines for Azure NetApp Files network planning](azure-netapp-files-network-topologies.md) for details.
 

articles/azure-netapp-files/azure-netapp-files-create-volumes.md

@@ -83,7 +83,9 @@ This article shows you how to create an NFS volume. For SMB volumes, see [Create
         Specify the subnet that you want to use for the volume.  
         The subnet you specify must be delegated to Azure NetApp Files. 
         
-        If you have not delegated a subnet, you can select **Create new** on the Create a Volume page. Then in the Create Subnet page, specify the subnet information, and select **Microsoft.NetApp/volumes** to delegate the subnet for Azure NetApp Files. In each Virtual Network, only one subnet can be delegated to Azure NetApp Files.   
+        If you have not delegated a subnet, you can click **Create new** on the Create a Volume page. Then in the Create Subnet page, specify the subnet information, and select **Microsoft.NetApp/volumes** to delegate the subnet for Azure NetApp Files. In each VNet, only one subnet can be delegated to Azure NetApp Files.   
+ 
+        :::image type="content" source="../media/azure-netapp-files/azure-netapp-files-new-volume.png" alt-text="Screenshot of create new volume interface." lightbox="../media/azure-netapp-files/azure-netapp-files-new-volume.png":::
 
         ![Create subnet](./media/shared/azure-netapp-files-create-subnet.png)
 

articles/azure-netapp-files/faq-security.md

@@ -48,6 +48,8 @@ For the complete list of Azure NetApp Files permissions, see Azure resource prov
 
 Azure NetApp Files is an Azure native service. All PUT, POST, and DELETE APIs against Azure NetApp Files are logged. For example, the logs show activities such as who created the snapshot, who modified the volume, and so on.
 
+Azure NetApp Files also offers [file access logging](manage-file-access-logs.md).
+
 For the complete list of API operations, see [Azure NetApp Files REST API](/rest/api/netapp/).
 
 ## Can I use Azure policies with Azure NetApp Files?

articles/azure-netapp-files/kerberos.md

@@ -170,22 +170,22 @@ New machine accounts are created when an Azure NetApp Files SMB volume is provis
 | First new SMB volume | New SMB machine account/DNS name |
 | Subsequent SMB volumes created in short succession from first SMB volume | Reused SMB machine account/DNS name (in most cases). |
 | Subsequent SMB volumes created much later than first SMB volume | The service determines if new machine account is needed. It's possible multiple machine accounts can be created, which creates multiple IP address endpoints. |
-| First dual protocol volume | New SMB machine account/DNS name |
-| Subsequent dual protocol volumes created in short succession from first dual protocol volume	| Reused SMB machine account/DNS name (in most cases) |
-| Subsequent dual protocol volumes created much later than first dual protocol volume | The service determines if a new machine account is needed. It's possible multiple machine accounts can be created, which creates multiple IP address endpoints |
-| First SMB volume created after dual protocol volume | New SMB machine account/DNS name |
-| First dual protocol volume created after SMB volume | New SMB machine account/DNS name |
+| First dual-protocol volume | New SMB machine account/DNS name |
+| Subsequent dual-protocol volumes created in short succession from first dual-protocol volume	| Reused SMB machine account/DNS name (in most cases) |
+| Subsequent dual-protocol volumes created much later than first dual-protocol volume | The service determines if a new machine account is needed. It's possible multiple machine accounts can be created, which creates multiple IP address endpoints |
+| First SMB volume created after dual-protocol volume | New SMB machine account/DNS name |
+| First dual-protocol volume created after SMB volume | New SMB machine account/DNS name |
 
-The SMB machine account created for the Azure NetApp Files SMB (or dual protocol) volume uses a naming convention that adheres to the [15-character maximum that is enforced by Active Directory](/troubleshoot/windows-server/active-directory/naming-conventions-for-computer-domain-site-ou). The name uses the structure of [SMB Server prefix specified in Active Directory connection configuration]-[unique numeric identifier].
+The SMB machine account created for the Azure NetApp Files SMB (or dual-protocol) volume uses a naming convention that adheres to the [15-character maximum that is enforced by Active Directory](/troubleshoot/windows-server/active-directory/naming-conventions-for-computer-domain-site-ou). The name uses the structure of [SMB Server prefix specified in Azure AD connection configuration]-[unique numeric identifier].
 
 For instance, if you've [configured your AD connections](create-active-directory-connections.md) to use the SMB server prefix "AZURE," the SMB machine account that Azure NetApp Files creates resembles "AZURE-7806." That same name is used in the UNC path for the SMB share (for example, \\AZURE-7806) and is the name that dynamic DNS services use to create the A/AAAA record. 
 
 >[!NOTE]
->Because a name like “AZURE-7806” can be hard to remember, it's beneficial to create a CNAME record as a DNS alias for Azure NetApp Files volumes. For more information, see [Creating SMB server aliases](#creating-smb-server-aliases).
+>Because a name like "AZURE-7806" can be difficult to remember, it's beneficial to create a CNAME record as a DNS alias for Azure NetApp Files volumes. For more information, see [Creating SMB server aliases](#creating-smb-server-aliases).
 
 :::image type="content" source="media/kerberos/multiple-dns-smb.png" alt-text="Diagram of multiple machine accounts/DNS entries in Azure NetApp Files." lightbox="media/kerberos/multiple-dns-smb.png":::
 
-In some cases, when creating multiple SMB and/or dual protocol volumes, the configuration can end up with multiple disparate SMB machine accounts and DNS names.
+In some cases, when creating multiple SMB and/or dual-protocol volumes, the configuration can end up with multiple disparate SMB machine accounts and DNS names.
 
 If a single namespace for user access across the volumes is desired, this can present a challenge in configuration, as a single CNAME alias can only point to a single A/AAAA host record, while using multiple identical A/AAAA record aliases can result in unpredictability of data access in accessing volumes across different SMB machine accounts, as there's no guarantee that the endpoint the client selects in the DNS lookup contains the expected volume due to the round-robin nature of DNS record selection in those configurations. 
 
@@ -196,7 +196,7 @@ To address this limitation, [Azure NetApp Files volumes can participate as targe
 
 ### SMB Kerberos SPN creation workflow
 
-The following diagram illustrates how an SMB Kerberos SPN is created when an Azure NetApp Files SMB or dual protocol volume is created. SMB SPNs are associated with SMB machine account objects in the domain. The SPN can be viewed and managed via the machine account properties using the attribute editor in the Advanced view.
+The following diagram illustrates how an SMB Kerberos SPN is created when an Azure NetApp Files SMB or dual-protocol volume is created. SMB SPNs are associated with SMB machine account objects in the domain. The SPN can be viewed and managed via the machine account properties using the attribute editor in the Advanced view.
 
 :::image type="content" source="media/kerberos/azure-smb-properties.png" alt-text="Screenshot of Azure-SMB properties." lightbox="media/kerberos/azure-smb-properties.png":::
 
@@ -337,7 +337,7 @@ When an Azure NetApp Files volume is mounting using Kerberos, a Kerberos ticket
 - The SMB service ticket is retrieved from the KDC.
 - Azure NetApp Files attempts to map the Windows user requesting access to the share to a valid UNIX user.
     - A Kerberos TGS request is made using the SMB server Kerberos credentials stored with the SMB server’s keytab from initial SMB server creation to use for an LDAP server bind.
-    - LDAP is searched for a UNIX user that is mapped to the SMB user requesting share access. If no UNIX user exists in LDAP, then the default UNIX user `pcuser` is used by Azure NetApp Files for name mapping (files/folders written in dual protocol volumes use the mapped UNIX user as the UNIX owner).
+    - LDAP is searched for a UNIX user that is mapped to the SMB user requesting share access. If no UNIX user exists in LDAP, then the default UNIX user `pcuser` is used by Azure NetApp Files for name mapping (files/folders written in dual-protocol volumes use the mapped UNIX user as the UNIX owner).
 - Another negotiate protocol/session request/tree connect is performed, this time using the SMB server’s Kerberos SPN to the Active Directory DC’s IPC$ share.
     - A named pipe is established to the share via the `srvsvc`. 
     - A NETLOGON session is established to the share and the Windows user is authenticated.
@@ -456,7 +456,7 @@ In most cases, knowing these steps in depth won’t be necessary for day-to-day
 
 ### NFS Kerberos SPN creation workflow
 
-The following diagram shows how an NFS SPN is created when an Azure NetApp Files NFS or dual protocol volume is created with Kerberos enabled. In most cases, knowing detailed steps in depth won’t be necessary for day-to-day administration tasks, but are useful in troubleshooting any failures when attempting to create an SMB volume in Azure NetApp Files.
+The following diagram shows how an NFS SPN is created when an Azure NetApp Files NFS or dual-protocol volume is created with Kerberos enabled. In most cases, knowing detailed steps in depth won’t be necessary for day-to-day administration tasks, but are useful in troubleshooting any failures when attempting to create an SMB volume in Azure NetApp Files.
 
 :::image type="content" source="media/kerberos/nfs-keberos-spn.png" alt-text="Diagram of NFS Kerberos SPN creation workflow." lightbox="media/kerberos/nfs-keberos-spn.png":::