Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Banani-Rath

.openpublishing.redirection.azure-monitor.json

@@ -5586,6 +5586,11 @@
             "source_path_from_root": "/articles/azure-monitor/vm/tutorial-monitor-vm-enable.md",
             "redirect_url": "/azure/azure-monitor/vm/tutorial-monitor-vm-enable-insights",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/logs/collect-sccm.md",
+            "redirect_url": "/mem/configmgr/core/plan-design/changes/deprecated/removed-and-deprecated-cmfeatures",
+            "redirect_document_id": false
         }
     ]
 }

.openpublishing.redirection.healthcare-apis.json

@@ -577,6 +577,54 @@
         "redirect_url": "/azure/healthcare-apis/iot/deploy-new-bicep-powershell-cli",
         "redirect_document_id": false
     }, 
+    {   "source_path_from_root": "/articles/healthcare-apis/iot/iot-connector-overview.md",
+        "redirect_url": "/azure/healthcare-apis/iot/overview",
+        "redirect_document_id": false
+    },
+    {   "source_path_from_root": "/articles/healthcare-apis/iot/get-started-with-iot.md",
+        "redirect_url": "/azure/healthcare-apis/iot/get-started",
+        "redirect_document_id": false
+    },
+    {   "source_path_from_root": "/articles/healthcare-apis/iot/iot-data-flow.md",
+        "redirect_url": "/azure/healthcare-apis/iot/data-flow",
+        "redirect_document_id": false
+    },
+    {   "source_path_from_root": "/articles/healthcare-apis/iot/how-to-use-device-mappings.md",
+        "redirect_url": "/azure/healthcare-apis/iot/how-to-configure-device-mappings",
+        "redirect_document_id": false
+    },
+    {   "source_path_from_root": "/articles/healthcare-apis/iot/how-to-use-fhir-mappings.md",
+        "redirect_url": "/azure/healthcare-apis/iot/how-to-configure-fhir-mappings",
+        "redirect_document_id": false
+    },
+    {   "source_path_from_root": "/articles/healthcare-apis/iot/iot-connector-machine-learning.md",
+        "redirect_url": "/azure/healthcare-apis/iot/concepts-machine-learning",
+        "redirect_document_id": false
+    },
+    {   "source_path_from_root": "/articles/healthcare-apis/iot/iot-connector-power-bi.md",
+        "redirect_url": "/azure/healthcare-apis/iot/concepts-power-bi",
+        "redirect_document_id": false
+    },
+    {   "source_path_from_root": "/articles/healthcare-apis/iot/iot-connector-teams.md",
+        "redirect_url": "/azure/healthcare-apis/iot/concepts-teams",
+        "redirect_document_id": false
+    },
+    {   "source_path_from_root": "/articles/healthcare-apis/iot/iot-troubleshoot-error-messages-and-conditions.md",
+        "redirect_url": "/azure/healthcare-apis/iot/troubleshoot-error-messages-and-conditions",
+        "redirect_document_id": false
+    },
+    {   "source_path_from_root": "/articles/healthcare-apis/iot/iot-troubleshoot-mappings.md",
+        "redirect_url": "/azure/healthcare-apis/iot/troubleshoot-mappings",
+        "redirect_document_id": false
+    },
+    {   "source_path_from_root": "/articles/healthcare-apis/iot/iot-connector-faqs.md",
+        "redirect_url": "/azure/healthcare-apis/iot/frequently-asked-questions",
+        "redirect_document_id": false
+    },
+    {   "source_path_from_root": "/articles/healthcare-apis/iot/iot-git-projects.md",
+        "redirect_url": "/azure/healthcare-apis/iot/git-projects",
+        "redirect_document_id": false
+    },
     {   "source_path_from_root": "/articles/healthcare-apis/events/events-display-metrics.md",
         "redirect_url": "/azure/healthcare-apis/events/events-use-metrics",
         "redirect_document_id": false

articles/automation/automation-create-alert-triggered-runbook.md

@@ -3,7 +3,7 @@ title: Use an alert to trigger an Azure Automation runbook
 description: This article tells how to trigger a runbook to run when an Azure alert is raised.
 services: automation
 ms.subservice: process-automation
-ms.date: 09/22/2021
+ms.date: 12/15/2022
 ms.topic: how-to 
 ms.custom: devx-track-azurepowershell
 #Customer intent: As a developer, I want to trigger a runbook so that VMs can be stopped under certain conditions.
@@ -105,6 +105,9 @@ This example uses an alert from an Azure virtual machine (VM). It retrieves the
 
 The runbook uses the Automation account [system-assigned managed identity](./automation-security-overview.md#managed-identities) to authenticate with Azure to perform the management action against the VM. The runbook can be easily modified to use a user-assigned managed identity.
 
+>[!NOTE]
+> We recommend that you use public network access as it isn't possible to use an Azure alert (metric, log, and activity log) to trigger an Automation webhook when the Automation account is using private links and configured with **Public access** set to **Disable**.
+
 Use this example to create a runbook called **Stop-AzureVmInResponsetoVMAlert**. You can modify the PowerShell script, and use it with many different resources.
 
 1. Sign in to the [Azure portal](https://portal.azure.com/), and navigate to your Automation account.

articles/automation/automation-hrw-run-runbooks.md

@@ -208,18 +208,22 @@ By default, the Hybrid jobs run under the context of System account. However, to
 1. Change the value of **Hybrid Worker credentials** from **Default** to **Custom**.
 1. Select the credential and click **Save**.
 1. If the following permissions are not assigned for Custom users, jobs might get suspended. 
-    
-**Folders**
-- C:\ProgramData\AzureConnectedMachineAgent\Tokens (read) </br>
-- C:\Packages\Plugins\Microsoft.Azure.Automation.HybridWorker.HybridWorkerForWindows (read and execute)
 
+  | **Resource type** | **Folder permissions** |
+  | --- | --- |
+  |Azure VM | C:\Packages\Plugins\Microsoft.Azure.Automation.HybridWorker.HybridWorkerForWindows (read and execute) |
+  |Arc-enabled Server | C:\ProgramData\AzureConnectedMachineAgent\Tokens (read)</br> C:\Packages\Plugins\Microsoft.Azure.Automation.HybridWorker.HybridWorkerForWindows (read and execute) |
+        
+  >[!NOTE]
+  >Linux Hybrid Worker doesn't support Hybrid Worker credentials.
+    
 ## <a name="runas-script"></a>Install Run As account certificate
 
 As part of your automated build process for deploying resources in Azure, you might require access to on-premises systems to support a task or set of steps in your deployment sequence. To provide authentication against Azure using the Run As account, you must install the Run As account certificate.
 
 >[!NOTE]
->This PowerShell runbook currently does not run on Linux machines. It runs only on  Windows machines.
->
+>This PowerShell runbook currently does not run on Linux machines. It runs only on Windows machines.
+
 
 The following PowerShell runbook, called **Export-RunAsCertificateToHybridWorker**, exports the Run As certificate from your Azure Automation account. The runbook downloads and imports the certificate into the local machine certificate store on a Hybrid Runbook Worker that is connected to the same account. Once it completes that step, the runbook verifies that the worker can successfully authenticate to Azure using the Run As account.
 

articles/automation/automation-secure-asset-encryption.md

@@ -30,7 +30,7 @@ You can manage encryption of secure assets for your Automation account with your
 
 Use Azure Key Vault to store customer-managed keys. You can either create your own keys and store them in a key vault, or you can use the Azure Key Vault APIs to generate keys. 
 
-Enabling the Azure Firewall on [Azure Key Vault](../key-vault/general/network-security.md) blocks access from Azure Automation runbooks for that service. Access will be blocked even when the firewall exception to allow trusted Microsoft services is enabled, as Automation is not a part of the trusted services list. With an enabled firewall, access can only be made by using a Hybrid Runbook Worker and a [virtual network service endpoint](../key-vault/general/overview-vnet-service-endpoints.md).
+Enabling the Azure Firewall on [Azure Key Vault](../key-vault/general/network-security.md) blocks access from Azure Automation runbooks for that service. Access will be blocked even when the firewall exception to allow trusted Microsoft services is enabled, as Automation is not a part of the trusted services list. With an enabled firewall, access can only be made by using a Hybrid Runbook Worker and a [virtual network service endpoint](../key-vault/general/overview-vnet-service-endpoints.md). However, when you enable the Private link for Key Vault, Azure Automation loses access to the Key Vault. Even if you enable a Private link for Hybrid Runbook Worker, it will allow access only to Azure Automation service and not to the Key Vault.
 
 For more information about Azure Key Vault, see [What is Azure Key Vault?](../key-vault/general/overview.md)
 

articles/automation/how-to/private-link-security.md

@@ -2,7 +2,7 @@
 title: Use Azure Private Link to securely connect networks to Azure Automation
 description: Use Azure Private Link to securely connect networks to Azure Automation
 ms.topic: conceptual
-ms.date: 12/11/2020
+ms.date: 12/15/2022
 ms.subservice:  
 ms.custom: devx-track-azurepowershell
 ---
@@ -42,6 +42,7 @@ For more information, see  [Key Benefits of Private Link](../../private-link/pri
 - In the current implementation of Private Link, Automation account cloud jobs cannot access Azure resources that are secured using private endpoint. For example, Azure Key Vault, Azure SQL, Azure Storage account, etc. To workaround this, use a [Hybrid Runbook Worker](../automation-hybrid-runbook-worker.md) instead. Hence, on-premises VMs are supported to run Hybrid Runbook Workers against an Automation Account with Private Link enabled.
 - You need to use the latest version of the [Log Analytics agent](../../azure-monitor/agents/log-analytics-agent.md) for Windows or Linux.
 - The [Log Analytics Gateway](../../azure-monitor/agents/gateway.md) does not support Private Link.
+- Azure alert (metric, log, and activity log) can't to be used to trigger an Automation webhook when the Automation account is configured with  **Public access** set to **Disable**.
 
 ## How it works
 

articles/automation/update-management/overview.md

@@ -3,7 +3,7 @@ title: Azure Automation Update Management overview
 description: This article provides an overview of the Update Management feature that implements updates for your Windows and Linux machines.
 services: automation
 ms.subservice: update-management
-ms.date: 11/26/2021
+ms.date: 11/25/2022
 ms.topic: conceptual
 ---
 
@@ -141,24 +141,26 @@ The next table defines the supported classifications for Linux updates.
 >
 > Update Management uses data published by the supported distributions, specifically their released [OVAL](https://oval.mitre.org/) (Open Vulnerability and Assessment Language) files. Because internet access is restricted from these national clouds, Update Management cannot access the files.
 
-For Linux, Update Management can distinguish between critical updates and security updates in the cloud under classification **Security** and **Others**, while displaying assessment data due to data enrichment in the cloud. For patching, Update Management relies on classification data available on the machine. Unlike other distributions, CentOS does not have this information available in the RTM version. If you have CentOS machines configured to return security data for the following command, Update Management can patch based on classifications.
+### Logic for Linux updates classification
 
-```bash
-sudo yum -q --security check-update
-```
+1. For assessment, Update Management classifies updates into three categories: **Security**, **Critical** or **Others**. This classification of updates is as per the data from two sources:
 
-There's currently no supported method to enable native classification-data availability on CentOS. At this time, limited support is provided to customers who might have enabled this feature on their own.
+    - [Open Vulnerability and Assessment Language](https://oval.mitre.org/)(OVAL) files are provided by the Linux distro vendor which includes data about security issues or vulnerabilities which the update fixes.
+    - Package manager on your machine such as YUM, APT or ZYPPER.
 
-To classify updates on Red Hat Enterprise version 6, you need to install the yum-security plugin. On Red Hat Enterprise Linux 7, the plugin is already a part of yum itself and there's no need to install anything. For more information, see the following Red Hat [knowledge article](https://access.redhat.com/solutions/10021).
+2. For patching, Update Management classifies updates into two categories: **Critical and Security** or **Others**. This classification of updates is based solely on data from package managers such as YUM, APT, or ZYPPER.
 
-When you schedule an update to run on a Linux machine, that for example is configured to install only updates matching the **Security** classification, the updates installed might be different from, or are a subset of, the updates matching this classification. When an assessment of OS updates pending for your Linux machine is performed, [Open Vulnerability and Assessment Language](https://oval.mitre.org/) (OVAL) files provided by the Linux distro vendor is used by Update Management for classification.
+**CentOS** - Unlike other distributions, CentOS does not have classification data available from the package manager. If you have CentOS machines configured to return security data for the following command, Update Management can patch based on classifications.
+
+```Bash
+sudo yum -q --security check-update
+```
+
+> [!NOTE]
+> Currently there's no supported method to enable native classification-data availability on CentOS. At this time, we provide limited support to customers who might have enabled this feature on their own.
 
-Categorization is done for Linux updates as **Security** or **Others** based on the OVAL files, which includes updates addressing security issues or vulnerabilities. But when the update schedule is run, it executes on the Linux machine using the appropriate package manager like YUM, APT, or ZYPPER to install them. The package manager for the Linux distro may have a different mechanism to classify updates, where the results may differ from the ones obtained from OVAL files by Update Management. To manually check the machine and understand which updates are security relevant by your package manager, see [Troubleshoot Linux update deployment](../troubleshoot/update-management.md#updates-linux-installed-different).
+**Redhat** - To classify updates on Red Hat Enterprise version 6, you must install the YUM security plugin. On Red Hat Enterprise Linux 7, the plugin is already a part of YUM itself and there's no need to install anything. For more information, see the following Red Hat [knowledge article](https://access.redhat.com/solutions/10021).
 
->[!NOTE]
-> During update assessment, the classification of missing updates as Security and Critical may not work correctly for Linux distros supported by Update Management. This is a result of an issue identified with the naming schema of the OVAL files, which the Update Management uses to classify updates during the assessment. This prevents Update Management from properly matching classifications based on filtering rules during the assessment of missing updates. </br>
-> **This doesn't affect the deployment of updates**. As a different logic is used in security update assessments, results might differ from the security updates applied during deployment. If you have classification set as **Critical** and **Security**, the update deployment will function as expected. Only the *classification of updates* during an assessment is affected.</br>
-> **Update Management for Windows Server machines is unaffected; update classification and deployments are unchanged**.
 
 ## Integrate Update Management with Configuration Manager
 

articles/azure-functions/functions-get-started.md

@@ -2,7 +2,7 @@
 title: Getting started with Azure Functions
 description: Take the first steps toward working with Azure Functions.
 ms.topic: overview
-ms.date: 11/19/2020
+ms.date: 12/13/2022
 zone_pivot_groups: programming-languages-set-functions-lang-workers
 ---
 

articles/azure-functions/functions-how-to-use-azure-function-app-settings.md

@@ -3,7 +3,7 @@ title: Configure function app settings in Azure Functions
 description: Learn how to configure function app settings in Azure Functions.
 ms.assetid: 81eb04f8-9a27-45bb-bf24-9ab6c30d205c
 ms.topic: conceptual
-ms.date: 01/21/2021
+ms.date: 12/13/2022
 ms.custom: cc996988-fb4f-47, devx-track-azurecli, devx-track-azurepowershell
 ---
 
@@ -133,9 +133,16 @@ In the previous example replace `<RESOURCE_GROUP>` and `<FUNCTION_APP_NAME>` wit
 
 ## Plan migration
 
-You can use Azure CLI commands to migrate a function app between a Consumption plan and a Premium plan on Windows. The specific commands depend on the direction of the migration. Direct migration to a Dedicated (App Service) plan isn't currently supported.
+You can use either the Azure portal or Azure CLI commands to migrate a function app between a Consumption plan and a Premium plan on Windows. When migrating between plans, keep in mind the following considerations:
 
-This migration isn't supported on Linux.
++ Direct migration to a Dedicated (App Service) plan isn't currently supported.
++ Migration isn't supported on Linux. 
++ The source plan and the target plan must be in the same resource group and geographical region. For more information, see [Move an app to another App Service plan](../app-service/app-service-plan-manage.md#move-an-app-to-another-app-service-plan).
++ The specific CLI commands depend on the direction of the migration.
+
+### Migration in the portal
+
+In the Azure portal, navigate to your Consumption or Premium plan app and choose **Change App Service plan** under **App Service plan**. Select the other **Plan type**, create a new App Service plan of the new type, and select **OK**. For more information, see [Move an app to another App Service plan](../app-service/app-service-plan-manage.md#move-an-app-to-another-app-service-plan).
 
 ### Consumption to Premium
 
@@ -189,7 +196,7 @@ Use the following procedure to migrate from a Premium plan to a Consumption plan
     az functionapp delete --name <NEW_CONSUMPTION_APP_NAME> --resource-group <MY_RESOURCE_GROUP>
     ```
 
-1. If you no longer need your previous Premium function app plan, delete your original function app plan after confirming you have successfully migrated to the new one. Please note that if the plan is not deleted, you will still be charged for the Premium plan. Run the [az functionapp plan list](/cli/azure/functionapp/plan#az-functionapp-plan-list) command as follows to get a list of all Premium plans in your resource group.
+1. If you no longer need your previous Premium function app plan, delete your original function app plan after confirming you have successfully migrated to the new one. Note that if the plan isn't deleted, you'll still be charged for the Premium plan. Run the [az functionapp plan list](/cli/azure/functionapp/plan#az-functionapp-plan-list) command as follows to get a list of all Premium plans in your resource group.
 
     ```azurecli-interactive
     az functionapp plan list --resource-group <MY_RESOURCE_GROUP> --query "[?sku.family=='EP'].{PlanName:name,Sites:numberOfSites}" -o table

articles/azure-functions/functions-recover-storage-account.md

@@ -1,9 +1,8 @@
 ---
 title: 'Troubleshoot error: Azure Functions Runtime is unreachable'
 description: Learn how to troubleshoot an invalid storage account.
-
 ms.topic: article
-ms.date: 09/05/2018
+ms.date: 12/13/2022
 ---
 
 # Troubleshoot error: "Azure Functions Runtime is unreachable"