Merge pull request #203998 from MicrosoftDocs/main

Merge main to live, 4 AM

Author: v-ccolin

.openpublishing.redirection.azure-monitor.json

@@ -321,6 +321,11 @@
             "redirect_url": "/azure/azure-monitor/alerts/alerts-types",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/azure-monitor/alerts/alerts-action-rules.md" ,
+            "redirect_url": "/azure/azure-monitor/alerts/alerts-processing-rules",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/azure-monitor/insights/data-explorer.md" ,
             "redirect_url": "/azure/data-explorer/data-explorer-insights",

.openpublishing.redirection.json

@@ -40237,6 +40237,16 @@
       "source_path_from_root": "/articles/azure-monitor/insights/sql-insights-troubleshoot.md",
       "redirect_url": "/azure/azure-sql/database/sql-insights-troubleshoot",
       "redirect_document_id": false
+    },    
+    {
+      "source_path_from_root": "/articles/virtual-machines/windows/connect-logon.md",
+      "redirect_url": "/articles/virtual-machines/windows/connect-rdp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/virtual-machines/windows/winrm.md",
+      "redirect_url": "/articles/virtual-machines/windows/connect-winrm",
+      "redirect_document_id": false
     }
   ]
 }

articles/active-directory/managed-identities-azure-resources/TOC.yml

@@ -115,6 +115,8 @@
 
   - name: Manage user-assigned managed identities
     href: how-manage-user-assigned-managed-identities.md
+  - name: View associated resources for a managed identity
+    href: how-to-view-associated-resources-for-an-identity.md
   - name: View managed identity service principals
     items:
     - name: Portal

articles/active-directory/managed-identities-azure-resources/how-to-view-associated-resources-for-an-identity.md

@@ -0,0 +1,183 @@
+---
+title: View associated resources for a user-assigned managed identity
+description: Step-by-step instructions for viewing the Azure resources that are associated with a user-assigned managed identity
+services: active-directory
+documentationcenter: ''
+author: barclayn
+manager: daveba
+editor: ''
+
+ms.service: active-directory
+ms.subservice: msi
+ms.devlang: na
+ms.topic: how-to
+ms.tgt_pltfrm: na
+ms.workload: identity
+ms.date: 06/20/2022
+ms.author: barclayn
+ms.collection: M365-identity-device-management
+---
+
+# View associated Azure resources for a user-assigned managed identity (Preview)
+
+This article will explain how to view the Azure resources that are associated with a user-assigned managed identity. This feature is available in public preview.
+
+## Prerequisites
+
+- If you're unfamiliar with managed identities for Azure resources, check out the [overview section](overview.md).
+- If you don't already have an Azure account, [sign up for a free account](https://azure.microsoft.com/free/).
+
+
+## View resources for a user-assigned managed identity
+
+Being able to quickly see which Azure resources are associated with a user-assigned managed identity gives you greater visibility into your environment. You can quickly identify unused identities that can be safely deleted, and know which resources will be affected by changing the permissions or group membership of a managed identity.
+
+### Portal
+
+- From the **Azure portal** search for **Managed Identities**.
+- Select a managed identity
+- In the left-hand menu, select the **Associated resources** link
+- A list of the Azure resources associated with the managed identity will be displayed
+
+:::image type="content" source="media/viewing-associated-resources/associated-resources-list-cropped.png" alt-text="Screenshot showing a list of associated resources for a user-assigned managed identity.":::
+
+Select the resource name to be brought to its summary page.
+
+#### Filtering and sorting by resource type
+Filter the resources by typing in the filter box at the top of the summary page. You can filter by the name, type, resource group, and subscription ID.
+
+Select the column title to sort alphabetically, ascending or descending.
+
+### REST API 
+
+The list of associated resources can also be accessed using the REST API. This endpoint is separate to the API endpoint used to retrieve a list of user-assigned managed identities. You'll need the following information:
+ - Subscription ID
+ - Resource name of the user-assigned managed identity that you want to view the resources for
+ - Resource group of the user-assigned managed identity
+ 
+*Request format*
+```
+https://management.azure.com/subscriptions/{resourceID of user-assigned identity}/listAssociatedResources?$filter={filter}&$orderby={orderby}&$skip={skip}&$top={top}&$skiptoken={skiptoken}&api-version=2021-09-30-preview 
+```
+
+*Parameters*
+
+| Parameter   | Example  |Description  |
+|---|---|---|
+| $filter  |  ```'type' eq 'microsoft.cognitiveservices/account' and contains(name, 'test')``` |  An OData expression that allows you to filter any of the available fields: name, type, resourceGroup, subscriptionId, subscriptionDisplayName, subscriptionId, subscriptionDisplayName<br/><br/>The following operations are supported: ```and```, ```or```, ```eq``` and ```contains``` |
+|  $orderby |  ```name asc``` |  An OData expression that allows you to order by any of the available fields |
+|  $skip |  50 |  The number of items you want to skip while paging through the results. |
+| $top  |  10 | The number of resources to return. 0 will return only a count of the resources.  |
+
+Below is a sample request to the REST API:
+```http
+POST https://management.azure.com/subscriptions/aab111d1-1111-43e2-8d11-3bfc47ab8111/resourceGroups/devrg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/devIdentity/listAssociatedResources?$filter={filter}&$orderby={orderby}&$skip={skip}&$top={top}&skipToken={skipToken}&api-version=2021-09-30-preview 
+```
+
+Below is a sample response from the REST API:
+```json
+{
+	"totalCount": 2,
+	"value": [{
+			"id": "/subscriptions/{subId}/resourceGroups/testrg/providers/Microsoft.CognitiveServices/accounts/test1",
+			"name": "test1",
+			"type": "microsoft.cognitiveservices/accounts",
+			"resourceGroup": "testrg",
+			"subscriptionId": "{subId}",
+			"subscriptionDisplayName": "TestSubscription"
+		},
+		{
+			"id": "/subscriptions/{subId}/resourceGroups/testrg/providers/Microsoft.CognitiveServices/accounts/test2",
+			"name": "test2",
+			"type": "microsoft.cognitiveservices/accounts",
+			"resourceGroup": "testrg",
+			"subscriptionId": "{subId}",
+			"subscriptionDisplayName": "TestSubscription"
+		}
+	],
+	"nextLink": "https://management.azure.com/subscriptions/{subId}/resourceGroups/testrg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testid?skiptoken=ew0KICAiJGlkIjogIjEiLA0KICAiTWF4Um93cyI6IDIsDQogICJSb3dzVG9Ta2lwIjogMiwNCiAgIkt1c3RvQ2x1c3RlclVybCI6ICJodHRwczovL2FybXRvcG9sb2d5Lmt1c3RvLndpbmRvd3MubmV0Ig0KfQ%253d%253d&api-version=2021"
+}
+
+```
+
+### Command Line Interface
+To view the associated resources for a user-assigned managed identity, run the following command:
+```azurecli
+az identity list-resources --resource-group <ResourceGroupName> --name <ManagedIdentityName>
+```
+
+The response will look like this:
+```json
+[
+  {
+    "id": "/subscriptions/XXXX-XXXX-XXXX-XXXX-XXXfc47ab8130/resourceGroups/ProductionServices/providers/Microsoft.Compute/virtualMachines/linux-prod-1-US",
+    "name": "linux-prod-1-US",
+    "resourceGroup": "productionservices",
+    "subscriptionDisplayName": "Visual Studio Enterprise Subscription",
+    "subscriptionId": "XXXX-XXXX-XXXX-XXXX-XXXfc47ab8130",
+    "type": "microsoft.compute/virtualmachines"
+  },
+  {
+    "id": "/subscriptions/XXXX-XXXX-XXXX-XXXX-XXXfc47ab8130/resourceGroups/ProductionServices/providers/Microsoft.Web/sites/prodStatusCheck-US",
+    "name": "prodStatusCheck-US",
+    "resourceGroup": "productionservices",
+    "subscriptionDisplayName": "Visual Studio Enterprise Subscription",
+    "subscriptionId": "XXXX-XXXX-XXXX-XXXX-XXXfc47ab8130",
+    "type": "microsoft.web/sites"
+  },
+  {
+    "id": "/subscriptions/XXXX-XXXX-XXXX-XXXX-XXXfc47ab8130/resourceGroups/ProductionServices/providers/Microsoft.Web/sites/salesApp-US-1",
+    "name": "salesApp-US-1",
+    "resourceGroup": "productionservices",
+    "subscriptionDisplayName": "Visual Studio Enterprise Subscription",
+    "subscriptionId": "XXXX-XXXX-XXXX-XXXX-XXXfc47ab8130",
+    "type": "microsoft.web/sites"
+  },
+  {
+    "id": "/subscriptions/XXXX-XXXX-XXXX-XXXX-XXXfc47ab8130/resourceGroups/ProductionServices/providers/Microsoft.Web/sites/salesPortal-us-2",
+    "name": "salesPortal-us-2",
+    "resourceGroup": "productionservices",
+    "subscriptionDisplayName": "Visual Studio Enterprise Subscription",
+    "subscriptionId": "XXXX-XXXX-XXXX-XXXX-XXXfc47ab8130",
+    "type": "microsoft.web/sites"
+  },
+  {
+    "id": "/subscriptions/XXXX-XXXX-XXXX-XXXX-XXXfc47ab8130/resourceGroups/vmss/providers/Microsoft.Compute/virtualMachineScaleSets/vmsstest",
+    "name": "vmsstest",
+    "resourceGroup": "vmss",
+    "subscriptionDisplayName": "Visual Studio Enterprise Subscription",
+    "subscriptionId": "XXXX-XXXX-XXXX-XXXX-XXXfc47ab8130",
+    "type": "microsoft.compute/virtualmachinescalesets"
+  }
+]
+```
+
+### REST API using PowerShell
+There's no specific PowerShell command for returning the associated resources of a managed identity, but you can use the REST API in PowerShell by using the following command:
+
+```PowerShell
+Invoke-AzRestMethod -Path "/subscriptions/XXX-XXX-XXX-XXX/resourceGroups/test-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity-name/listAssociatedResources?api-version=2021-09-30-PREVIEW&%24orderby=name%20asc&%24skip=0&%24top=100" -Method Post
+```
+
+>[!NOTE]
+> All resources associated with an identity will be returned, regardless of the user's permissions. The user only needs to have access to read the managed identity. This means that more resources may be visible than the user can see elsewhere in the portal. This is to provide full visibility of the identity's usage. If the user doesn't have access to an associated resource, an error will be displayed if they try to access it from the list.
+
+## Delete a user-assigned managed identity
+When you select the delete button for a user-assigned managed identity, you'll see a list of up to 10 associated resources for that identity. The full count will be displayed at the top of the pane. This list allows you to see which resources will be affected by deleting the identity. You'll be asked to confirm your decision.
+
+:::image type="content" source="media/viewing-associated-resources/associated-resources-delete.png" alt-text="Screenshot showing the delete confirmation screen for a user-assigned managed identity.":::
+
+This confirmation process is only available in the portal. To view an identity's resources before deleting it using the REST API, retrieve the list of resources manually in advance.
+
+## Limitations
+ - This functionality is available in all public regions, and will be available in USGov and China in the coming weeks.
+ - API requests for associated resources are limited to one per second per tenant. If you exceed this limit, you may receive a `HTTP 429` error. This limit doesn't apply to retrieving a list of user-assigned managed identities.
+ - Azure Resources types that are in preview, or their support for Managed identities is in preview, may not appear in the associated resources list until fully generally available. This list includes Service Fabric clusters, Blueprints, and Machine learning services.
+ - This functionality is limited to tenants with fewer than 5,000 subscriptions. An error will be displayed if the tenant has greater than 5,000 subscriptions.
+ - The list of associated resources will display the resource type, not display name.
+ - Azure Policy assignments appear in the list, but their names aren't displayed correctly.
+ - This functionality isn't yet available through PowerShell.
+
+## Next steps
+
+* [Managed identities for Azure resources](./overview.md)

articles/active-directory/managed-identities-azure-resources/media/viewing-associated-resources/associated-resources-delete.png

@@ -40,7 +40,7 @@ The Dapr extension support varies depending on how you manage the runtime.
 
 **Self-managed**  
 For self-managed runtime, the Dapr extension supports:
-- [The latest version of Dapr and 1 previous version (N-1)][dapr-supported-version]
+- [The latest version of Dapr and 2 previous versions (N-2)][dapr-supported-version]
 - Upgrading minor version incrementally (for example, 1.5 -> 1.6 -> 1.7) 
 
 Self-managed runtime requires manual upgrade to remain in the support window. To upgrade Dapr via the extension, follow the [Update extension instance instructions][update-extension].

articles/active-directory/managed-identities-azure-resources/media/viewing-associated-resources/associated-resources-list-cropped.png

@@ -163,7 +163,7 @@ The following IP addresses are divided by **Azure Environment**. When allowing i
 | Azure Public| South Central US| 20.188.77.119, 20.97.32.190|
 | Azure Public| South India| 20.44.33.246|
 | Azure Public| Southeast Asia| 40.90.185.46|
-| Azure Public| Switzerland North| 51.107.0.91|
+| Azure Public| Switzerland North| 51.107.246.176, 51.107.0.91|
 | Azure Public| Switzerland West| 51.107.96.8|
 | Azure Public| UAE Central| 20.37.81.41|
 | Azure Public| UAE North| 20.46.144.85|

articles/aks/dapr.md

@@ -175,7 +175,7 @@ The following features are supported for Linux containers:
     | **Storage accounts** | Azure Storage account. It must contain an Azure Files share. |
     | **Share name** | Files share to mount. |
     | **Access key** (Advanced only) | [Access key](../storage/common/storage-account-keys-manage.md) for your storage account. |
-    | **Mount path** | Directory inside your Windows container that you want to mount. Do not use a root directory (`[C-Z]:\` or `/`) or the `home` directory (`[C-Z]:\home`, or `/home`).|
+    | **Mount path** | Directory inside your Windows container that you want to mount. Do not use a root directory (`[C-Z]:\` or `/`) or the `home` directory (`[C-Z]:\home`, or `/home`) as it's not supported.|
     ::: zone-end
     ::: zone pivot="container-linux"
     | Setting | Description |

articles/api-management/virtual-network-reference.md

@@ -23,9 +23,9 @@ Form Recognizer service is updated on an ongoing basis. Bookmark this page to st
 
 The June release is the latest update to the Form Recognizer Studio. There are considerable UX and accessbility improvements addressed in this update:
 
-* 🆕 **Code sample for Javascript and C#**. Studio code tab now includes sample codes written in Javascript and C# in addition to the already existing Python code.
-* 🆕 **New document upload UI**. Studio now supports uploading a document with drag & drop into the new upload UI.
-* 🆕 **New feature for custom projects**. Custom projects now support creating storage account and file directories when configuring the project. In addition, custom project now supports uploading training files directly within the Studio and copying the existing custom model.
+* 🆕 **Code sample for Javascript and C#**. The Studio code tab now adds Javascript and C# code samples in addition to the existing Python one.
+* 🆕 **New document upload UI**. Studio now supports uploading a document with drag & drop into the new upload user interface.
+* 🆕 **New feature for custom projects**. Custom projects now support creating storage account and blobs when configuring the project. In addition, custom project now supports uploading training files directly within the Studio and copying the existing custom model.
 
 ### Form Recognizer v3.0 preview release