Merge pull request #202229 from MicrosoftDocs/repo_sync_working_branch

huypub · web-flow · commit 386b2e8b8e7f · 2022-06-21T10:05:14.000-07:00
Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)
diff --git a/articles/cloud-services-extended-support/enable-key-vault-virtual-machine.md b/articles/cloud-services-extended-support/enable-key-vault-virtual-machine.md
@@ -51,46 +51,63 @@ To use the Azure Key Vault VM extension, you need to have an Azure Active Direct
     - If you are using RBAC preview, search for the name of the AAD app you created and assign it to the Key Vault Secrets User (preview) role.
     - If you are using vault access policies, then assign **Secret-Get** permissions to the AAD app you created. For more information, see [Assign access policies](../key-vault/general/assign-access-policy-portal.md)
 
-7. Install first version of the certificates created in the first step and the Key Vault VM extension using the ARM template as shown below:
+7. Install first 
+step and the Key Vault VM extension using the ARM template snippet for `cloudService` resource as shown below:
 
     ```json
+    {
+        "osProfile":
         {
-       "osProfile":{
-          "secrets":[
-             {
-                "sourceVault":{
-                   "id":"[parameters('sourceVaultValue')]"
-                },
-                "vaultCertificates":[
-                   {
-                      "certificateUrl":"[parameters('bootstrpCertificateUrlValue')]"
-                   }
-                ]
-             }
-          ]
-       }{
-          "name":"KVVMExtensionForPaaS",
-          "properties":{
-             "type":"KeyVaultForPaaS",
-             "autoUpgradeMinorVersion":true,
-             "typeHandlerVersion":"1.0",
-             "publisher":"Microsoft.Azure.KeyVault",
-             "settings":{
-                "secretsManagementSettings":{
-                   "pollingIntervalInS":"3600",
-                   "certificateStoreName":"My",
-                   "certificateStoreLocation":"LocalMachine",
-                   "linkOnRenewal":false,
-                   "requireInitialSync":false, 
-                   "observedCertificates":"[parameters('keyVaultObservedCertificates']"
-                },
-                "authenticationSettings":{
-                   "clientId":"Your AAD app ID",
-                   "clientCertificateSubjectName":"Your boot strap certificate subject name [Do not include the 'CN=' in the subject name]"
+            "secrets":
+            [
+                {
+                    "sourceVault":
+                    {
+                        "id": "[parameters('sourceVaultValue')]"
+                    },
+                    "vaultCertificates":
+                    [
+                        {
+                            "certificateUrl": "[parameters('bootstrpCertificateUrlValue')]"
+                        }
+                    ]
                 }
-             }
-          }
-       }
+            ]
+        },
+        "extensionProfile":
+        {
+            "extensions":
+            [
+                {
+                    "name": "KVVMExtensionForPaaS",
+                    "properties":
+                    {
+                        "type": "KeyVaultForPaaS",
+                        "autoUpgradeMinorVersion": true,
+                        "typeHandlerVersion": "1.0",
+                        "publisher": "Microsoft.Azure.KeyVault",
+                        "settings":
+                        {
+                            "secretsManagementSettings":
+                            {
+                                "pollingIntervalInS": "3600",
+                                "certificateStoreName": "My",
+                                "certificateStoreLocation": "LocalMachine",
+                                "linkOnRenewal": false,
+                                "requireInitialSync": false,
+                                "observedCertificates": "[parameters('keyVaultObservedCertificates']"
+                            },
+                            "authenticationSettings":
+                            {
+                                "clientId": "Your AAD app ID",
+                                "clientCertificateSubjectName": "Your boot strap certificate subject name [Do not include the 'CN=' in the subject name]"
+                            }
+                        }
+                    }
+                }
+            ]
+        }
+    }
     ```
     You might need to specify the certificate store for boot strap certificate in ServiceDefinition.csdef like below:
     
@@ -101,4 +118,4 @@ To use the Azure Key Vault VM extension, you need to have an Azure Active Direct
     ```
 
 ## Next steps
-Further improve your deployment by [enabling monitoring in Cloud Services (extended support)](enable-alerts.md)
+Further improve your deployment by [enabling monitoring in Cloud Services (extended support)](enable-alerts.md)
diff --git a/articles/communication-services/quickstarts/ui-library/includes/get-started-call/ios.md b/articles/communication-services/quickstarts/ui-library/includes/get-started-call/ios.md
@@ -43,7 +43,7 @@ platform :ios, '14.0'
 
 target 'UILibraryQuickStart' do
     use_frameworks!
-    pod 'AzureCommunicationUICalling', '1.0.0-beta.2'
+    pod 'AzureCommunicationUICalling', '1.0.0'
 end
 ```
 
diff --git a/articles/confidential-computing/virtual-machine-solutions-amd.md b/articles/confidential-computing/virtual-machine-solutions-amd.md
@@ -24,7 +24,7 @@ You can create confidential VMs that run on AMD processors in the following size
 
 | Size family          | Description                                                                         |
 | ------------------ | ----------------------------------------------------------------------------------- |
-| **DCasv5-series**  | Confidential VM with remote storage only. No local temporary desk.                  |
+| **DCasv5-series**  | Confidential VM with remote storage only. No local temporary disk.                  |
 | **DCadsv5-series** | Confidential VM with a local temporary disk.                                        |
 | **ECasv5-series**  | Memory-optimized confidential VM with remote storage only. No local temporary disk. |
 | **ECadsv5-series** | Memory-optimized confidential VM with a local temporary disk.                       |
diff --git a/articles/cost-management-billing/reservations/view-reservations.md b/articles/cost-management-billing/reservations/view-reservations.md
@@ -133,7 +133,8 @@ When you use the PowerShell script to assign the ownership role and it runs succ
 - Accept pipeline input: False
 - Accept wildcard characters: False
 
-[User Access Administrators](../../role-based-access-control/built-in-roles.md#user-access-administrator) can add the users to Reservation Administrator and Reservation Reader roles.
+## Tenant-level access
+[User Access Administrator](../../role-based-access-control/built-in-roles.md#user-access-administrator) rights are required before you can grant users or groups the Reservation Administrator and Reservation Reader roles at the tenant level.
 
 ## Add a Reservation Administrator role at the tenant level
 
diff --git a/articles/iot-central/core/overview-iot-central-developer.md b/articles/iot-central/core/overview-iot-central-developer.md
@@ -29,13 +29,13 @@ The following sections describe the main types of device you can connect to an I
 
 ### IoT device
 
-A IoT device is a standalone device connects directly to IoT Central. A IoT device typically sends telemetry from its onboard or connected sensors to your IoT Central application. Standalone devices can also report property values, receive writable property values, and respond to commands.
+An IoT device is a standalone device that connects directly to IoT Central. An IoT device typically sends telemetry from its onboard or connected sensors to your IoT Central application. Standalone devices can also report property values, receive writable property values, and respond to commands.
 
 ### IoT Edge device
 
 An IoT Edge device connects directly to IoT Central. An IoT Edge device can send its own telemetry, report its properties, and respond to writable property updates and commands. IoT Edge modules process data locally on the IoT Edge device. An IoT Edge device can also act as an intermediary for other devices known as downstream devices. Scenarios that use IoT Edge devices include:
 
-- Aggregate or filter telemetry before it's sent to IoT Central. This approach can help to reduce the costs of sending data to IoT Central.
+- Aggregate or filter telemetry before it's sent to IoT Central. This approach can help reduce the costs of sending data to IoT Central.
 - Enable devices that can't connect directly to IoT Central to connect through the IoT Edge device. For example, a downstream device might use bluetooth to connect to the IoT Edge device, which then connects over the internet to IoT Central.
 - Control downstream devices locally to avoid the latency associated with connecting to IoT Central over the internet.
 
@@ -62,7 +62,7 @@ When you register a device with IoT Central, you're telling IoT Central the ID o
 
 There are three ways to register a device in an IoT Central application:
 
-- Automatically register devices when they first try to connect. This scenario enables OEMs to mass manufacture devices that can connect without first being registered. To learn more, see [Automatically register devices](concepts-device-authentication.md#automatically-register-devices).
+- Automatically register devices when they first try to connect. This scenario enables OEMs to mass manufacture devices that can connect without being registered first. To learn more, see [Automatically register devices](concepts-device-authentication.md#automatically-register-devices).
 - Add devices in bulk from a CSV file. To learn more, see [Import devices](howto-manage-devices-in-bulk.md#import-devices).
 - Use the **Devices** page in your IoT Central application to register devices individually. To learn more, see [Add a device](howto-manage-devices-individually.md#add-a-device).
 
@@ -75,7 +75,7 @@ You only need to register a device once in your IoT Central application.
 
 ### Provision a device
 
-When a device first tries to connect to your IoT Central application, it starts the process by connecting to the Device Provisioning Service (DPS). DPS checks the device's credentials and, if they're valid, provisions the device with connection string for one of IoT Central's internal IoT hubs. DPS uses the _group enrollment_ configurations in your IoT Central application to manage this provisioning process for you.
+When a device first tries to connect to your IoT Central application, it starts the process by connecting to the Device Provisioning Service (DPS). DPS checks the device's credentials and, if they're valid, provisions the device with the connection string for one of IoT Central's internal IoT hubs. DPS uses the _group enrollment_ configurations in your IoT Central application to manage this provisioning process for you.
 
 > [!TIP]
 > The device also sends the **ID scope** value that tells DPS which IoT Central application the device is connecting to. You can look up the **ID scope** in your IoT Central application on the **Permissions > Device connection groups** page.
@@ -85,7 +85,7 @@ Typically, a device should cache the connection string it receives from DPS but
 Using DPS enables:
 
 - IoT Central to onboard and connect devices at scale.
-- You to generate device credentials and configure the devices offline without registering the devices through IoT Central UI.
+- You to generate device credentials and configure the devices offline without registering the devices through the IoT Central UI.
 - You to use your own device IDs to register devices in IoT Central. Using your own device IDs simplifies integration with existing back-office systems.
 - A single, consistent way to connect devices to IoT Central.
 
@@ -106,7 +106,7 @@ All data exchanged between devices and your Azure IoT Central is encrypted. IoT
 
 Device developers typically use one of the device SDKs to implement devices that connect to an IoT Central application. Some scenarios, such as for devices that can't connect to the internet, also require a gateway.
 
-A solution design must take into account the required device connectivity pattern. These patterns fall in to two broad categories. Both categories include devices sending telemetry to your IoT Central application:
+A solution design must take into account the required device connectivity pattern. These patterns fall into two broad categories. Both categories include devices sending telemetry to your IoT Central application:
 
 ### Persistent connections
 
diff --git a/articles/service-bus-messaging/service-bus-queues-topics-subscriptions.md b/articles/service-bus-messaging/service-bus-queues-topics-subscriptions.md
@@ -18,7 +18,7 @@ A related benefit is **load-leveling**, which enables producers and consumers to
 Using queues to intermediate between message producers and consumers provides an inherent loose coupling between the components. Because producers and consumers aren't aware of each other, a consumer can be upgraded without having any effect on the producer.
 
 ### Create queues
-You can create queues using the [Azure portal](service-bus-quickstart-portal.md), [PowerShell](service-bus-quickstart-powershell.md), [CLI](service-bus-quickstart-cli.md), or [Resource Manager templates](service-bus-resource-manager-namespace-queue.md). Then, send and receive messages using clients written in [C#](service-bus-dotnet-get-started-with-queues.md), [Java](service-bus-java-how-to-use-queues.md), [Python](service-bus-python-how-to-use-queues.md), and [JavaScript](service-bus-nodejs-how-to-use-queues.md). 
+You can create queues using the [Azure portal](service-bus-quickstart-portal.md), [PowerShell](service-bus-quickstart-powershell.md), [CLI](service-bus-quickstart-cli.md), or [Azure Resource Manager templates (ARM templates)](service-bus-resource-manager-namespace-queue.md). Then, send and receive messages using clients written in [C#](service-bus-dotnet-get-started-with-queues.md), [Java](service-bus-java-how-to-use-queues.md), [Python](service-bus-python-how-to-use-queues.md), and [JavaScript](service-bus-nodejs-how-to-use-queues.md). 
 
 ### Receive modes
 You can specify two different modes in which Service Bus receives messages.
@@ -41,7 +41,7 @@ A queue allows processing of a message by a single consumer. In contrast to queu
 The message-sending functionality of a queue maps directly to a topic and its message-receiving functionality maps to a subscription. Among other things, this feature means that subscriptions support the same patterns described earlier in this section regarding queues: competing consumer, temporal decoupling, load leveling, and load balancing.
 
 ### Create topics and subscriptions
-Creating a topic is similar to creating a queue, as described in the previous section. You can create topics and subscriptions using the [Azure portal](service-bus-quickstart-topics-subscriptions-portal.md), [PowerShell](service-bus-quickstart-powershell.md), [CLI](service-bus-tutorial-topics-subscriptions-cli.md), or [Resource Manager templates](service-bus-resource-manager-namespace-topic.md). Then, send messages to a topic and receive messages from subscriptions using clients written in [C#](service-bus-dotnet-how-to-use-topics-subscriptions.md), [Java](service-bus-java-how-to-use-topics-subscriptions.md), [Python](service-bus-python-how-to-use-topics-subscriptions.md), and [JavaScript](service-bus-nodejs-how-to-use-topics-subscriptions.md). 
+Creating a topic is similar to creating a queue, as described in the previous section. You can create topics and subscriptions using the [Azure portal](service-bus-quickstart-topics-subscriptions-portal.md), [PowerShell](service-bus-quickstart-powershell.md), [CLI](service-bus-tutorial-topics-subscriptions-cli.md), or [ARM templates](service-bus-resource-manager-namespace-topic.md). Then, send messages to a topic and receive messages from subscriptions using clients written in [C#](service-bus-dotnet-how-to-use-topics-subscriptions.md), [Java](service-bus-java-how-to-use-topics-subscriptions.md), [Python](service-bus-python-how-to-use-topics-subscriptions.md), and [JavaScript](service-bus-nodejs-how-to-use-topics-subscriptions.md). 
 
 ### Rules and actions
 In many scenarios, messages that have specific characteristics must be processed in different ways. To enable this processing, you can configure subscriptions to find messages that have desired properties and then perform certain modifications to those properties. While Service Bus subscriptions see all messages sent to the topic, it is possible to only copy a subset of those messages to the virtual subscription queue. This filtering is accomplished using subscription filters. Such modifications are called **filter actions**. When a subscription is created, you can supply a filter expression that operates on the properties of the message. The properties can be both the system properties (for example, **Label**) and custom application properties (for example, **StoreName**.) The SQL filter expression is optional in this case. Without a SQL filter expression, any filter action defined on a subscription will be done on all the messages for that subscription.
diff --git a/articles/storage/blobs/access-tiers-overview.md b/articles/storage/blobs/access-tiers-overview.md
@@ -14,8 +14,6 @@ ms.reviewer: fryu
 
 # Hot, Cool, and Archive access tiers for blob data
 
-We sometimes use the first person plural in content.
-
 Data stored in the cloud grows at an exponential pace. To manage costs for your expanding storage needs, it can be helpful to organize your data based on how frequently it will be accessed and how long it will be retained. Azure storage offers different access tiers so that you can store your blob data in the most cost-effective manner based on how it's being used. Azure Storage access tiers include:
 
 - **Hot tier** - An online tier optimized for storing data that is accessed or modified frequently. The Hot tier has the highest storage costs, but the lowest access costs.
diff --git a/articles/virtual-machines/windows/build-image-with-packer.md b/articles/virtual-machines/windows/build-image-with-packer.md
@@ -42,15 +42,14 @@ Create a service principal with [New-AzADServicePrincipal](/powershell/module/az
 
 ```azurepowershell
 $sp = New-AzADServicePrincipal -DisplayName "PackerSP$(Get-Random)"
-$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($sp.Secret)
-$plainPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
+$plainPassword = (New-AzADSpCredential -ObjectId $sp.Id).SecretText
 ```
 
 Then output the password and application ID.
 
 ```powershell
 $plainPassword
-$sp.ApplicationId
+$sp.AppId
 ```
 
 
@@ -68,7 +67,7 @@ Create a file named *windows.json* and paste the following content. Enter your o
 
 | Parameter                           | Where to obtain |
 |-------------------------------------|----------------------------------------------------|
-| *client_id*                         | View service principal ID with `$sp.applicationId` |
+| *client_id*                         | View service principal ID with `$sp.AppId` |
 | *client_secret*                     | View the auto-generated password with `$plainPassword` |
 | *tenant_id*                         | Output from `$sub.TenantId` command |
 | *subscription_id*                   | Output from `$sub.SubscriptionId` command |
