Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into nat-diagram-arm

Author: asudbring

articles/active-directory/develop/reference-claims-mapping-policy-type.md

@@ -44,6 +44,7 @@ The following claims are in the restricted claim set for a JWT.
 - `acr`
 - `acrs`
 - `actor`
+- `actortoken`
 - `ageGroup`
 - `aio`
 - `altsecid`
@@ -55,41 +56,68 @@ The following claims are in the restricted claim set for a JWT.
 - `appctxsender`
 - `appid`
 - `appidacr`
+- `assertion`
 - `at_hash`
+- `aud`
+- `auth_data`
 - `auth_time`
+- `authorization_code`
 - `azp`
 - `azpacr`
+- `bk_claim`
+- `bk_enclave`
+- `bk_pub`
+- `brk_client_id`
+- `brk_redirect_uri`
 - `c_hash`
 - `ca_enf`
 - `ca_policy_result`
-- `capolids_latebind`
 - `capolids`
+- `capolids_latebind`
 - `cc`
+- `cert_token_use`
+- `child_client_id`
+- `child_redirect_uri`
+- `client_id`
+- `client_ip`
+- `cloud_graph_host_name`
+- `cloud_instance_host_name`
+- `cloud_instance_name`
+- `CloudAssignedMdmId`
 - `cnf`
 - `code`
-- `controls_auds`
 - `controls`
+- `controls_auds`
 - `credential_keys`
+- `csr`
+- `csr_type`
 - `ctry`
 - `deviceid`
+- `dns_names`
 - `domain_dns_name`
 - `domain_netbios_name`
 - `e_exp`
 - `email`
 - `endpoint`
 - `enfpolids`
+- `exp`
 - `expires_on`
+- `extn. as prefix`
 - `fido_auth_data`
-- `fwd_appidacr`
+- `fido_ver`
 - `fwd`
+- `fwd_appidacr`
+- `grant_type`
 - `graph`
 - `group_sids`
 - `groups`
 - `hasgroups`
+- `hash_alg`
 - `haswids`
 - `home_oid`
 - `home_puid`
 - `home_tid`
+- `iat`
 - `identityprovider`
 - `idp`
 - `idtyp`
@@ -98,16 +126,23 @@ The following claims are in the restricted claim set for a JWT.
 - `inviteTicket`
 - `ipaddr`
 - `isbrowserhostedapp`
+- `iss`
 - `isViral`
+- `jwk`
+- `key_id`
+- `key_type`
 - `login_hint`
 - `mam_compliance_url`
 - `mam_enrollment_url`
 - `mam_terms_of_use_url`
 - `mdm_compliance_url`
 - `mdm_enrollment_url`
 - `mdm_terms_of_use_url`
+- `msgraph_host`
 - `msproxy`
 - `nameid`
+- `nbf`
+- `netbios_name`
 - `nickname`
 - `nonce`
 - `oid`
@@ -116,25 +151,35 @@ The following claims are in the restricted claim set for a JWT.
 - `onprem_sid`
 - `openid2_id`
 - `origin_header`
+- `password`
 - `platf`
 - `polids`
 - `pop_jwk`
 - `preferred_username`
+- `previous_refresh_token`
 - `primary_sid`
 - `prov_data`
 - `puid`
 - `pwd_exp`
 - `pwd_url`
 - `rdp_bt`
+- `redirect_uri`
+- `refresh_token`
 - `refresh_token_issued_on`
 - `refreshtoken`
+- `request_nonce`
+- `resource`
 - `rh`
+- `role`
 - `roles`
+- `rp_id`
 - `rt_type`
+- `scope`
 - `scp`
 - `secaud`
 - `sid`
 - `sid`
+- `signature`
 - `signin_state`
 - `source_anchor`
 - `src1`
@@ -145,6 +190,7 @@ The following claims are in the restricted claim set for a JWT.
 - `tbidv2`
 - `tenant_ctry`
 - `tenant_display_name`
+- `tenant_id`
 - `tenant_region_scope`
 - `tenant_region_sub_scope`
 - `thumbnail_photo`
@@ -154,60 +200,88 @@ The following claims are in the restricted claim set for a JWT.
 - `ttr`
 - `unique_name`
 - `upn`
+- `user_agent`
 - `user_setting_sync_url`
+- `username`
 - `uti`
 - `ver`
 - `verified_primary_email`
 - `verified_secondary_email`
 - `vnet`
+- `vsm_binding_key`
 - `wamcompat_client_info`
 - `wamcompat_id_token`
 - `wamcompat_scopes`
 - `wids`
+- `win_ver`
+- `x5c_ca`
 - `xcb2b_rclient`
 - `xcb2b_rcloud`
 - `xcb2b_rtenant`
 - `ztdid`
 
+
 > [!NOTE]
 > Any claim starting with `xms_` is restricted.
 
 ### SAML restricted claim set
 
 The following table lists the SAML claims that are in the restricted claim set.
 
-| Claim type (URI) |
-| ----- |
-|`http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged`|
-|`http://schemas.microsoft.com/2014/02/devicecontext/claims/isknown`|
-|`http://schemas.microsoft.com/2014/03/psso`|
-|`http://schemas.microsoft.com/2014/09/devicecontext/claims/iscompliant`|
-|`http://schemas.microsoft.com/claims/authnmethodsreferences`|
-|`http://schemas.microsoft.com/claims/groups.link`|
-|`http://schemas.microsoft.com/identity/claims/accesstoken`|
-|`http://schemas.microsoft.com/identity/claims/acct`|
-|`http://schemas.microsoft.com/identity/claims/agegroup`|
-|`http://schemas.microsoft.com/identity/claims/aio`|
-|`http://schemas.microsoft.com/identity/claims/identityprovider`|
-|`http://schemas.microsoft.com/identity/claims/objectidentifier`|
-|`http://schemas.microsoft.com/identity/claims/openid2_id`|
-|`http://schemas.microsoft.com/identity/claims/puid`|
-|`http://schemas.microsoft.com/identity/claims/tenantid`|
-|`http://schemas.microsoft.com/identity/claims/xms_et`|
-|`http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant`|
-|`http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod`|
-|`http://schemas.microsoft.com/ws/2008/06/identity/claims/expiration`|
-|`http://schemas.microsoft.com/ws/2008/06/identity/claims/groups`|
-|`http://schemas.microsoft.com/ws/2008/06/identity/claims/role`|
-|`http://schemas.microsoft.com/ws/2008/06/identity/claims/wids`|
-|`http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier`|
-| `http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname` |
-| `http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid` |
-| `http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid` |
-| `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/sid` |
-| `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishedname` |
-| `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn`  |
-| `http://schemas.microsoft.com/ws/2008/06/identity/claims/role` |
+Restricted Claim type (URI):
+- `http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged`
+- `http://schemas.microsoft.com/2014/02/devicecontext/claims/isknown`
+- `http://schemas.microsoft.com/2014/03/psso`
+- `http://schemas.microsoft.com/2014/09/devicecontext/claims/iscompliant`
+- `http://schemas.microsoft.com/claims/authnmethodsreferences`
+- `http://schemas.microsoft.com/claims/groups.link`
+- `http://schemas.microsoft.com/identity/claims/accesstoken`
+- `http://schemas.microsoft.com/identity/claims/acct`
+- `http://schemas.microsoft.com/identity/claims/agegroup`
+- `http://schemas.microsoft.com/identity/claims/aio`
+- `http://schemas.microsoft.com/identity/claims/identityprovider`
+- `http://schemas.microsoft.com/identity/claims/objectidentifier`
+- `http://schemas.microsoft.com/identity/claims/openid2_id`
+- `http://schemas.microsoft.com/identity/claims/puid`
+- `http://schemas.microsoft.com/identity/claims/scope`
+- `http://schemas.microsoft.com/identity/claims/tenantid`
+- `http://schemas.microsoft.com/identity/claims/xms_et`
+- `http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant`
+- `http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod`
+- `http://schemas.microsoft.com/ws/2008/06/identity/claims/confirmationkey`
+- `http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid`
+- `http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid`
+- `http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlywindowsdevicegroup`
+- `http://schemas.microsoft.com/ws/2008/06/identity/claims/expiration`
+- `http://schemas.microsoft.com/ws/2008/06/identity/claims/expired`
+- `http://schemas.microsoft.com/ws/2008/06/identity/claims/groups`
+- `http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid`
+- `http://schemas.microsoft.com/ws/2008/06/identity/claims/ispersistent`
+- `http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid`
+- `http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid`
+- `http://schemas.microsoft.com/ws/2008/06/identity/claims/role`
+- `http://schemas.microsoft.com/ws/2008/06/identity/claims/role`
+- `http://schemas.microsoft.com/ws/2008/06/identity/claims/samlissuername`
+- `http://schemas.microsoft.com/ws/2008/06/identity/claims/wids`
+- `http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname`
+- `http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsdeviceclaim`
+- `http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsdevicegroup`
+- `http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsfqbnversion`
+- `http://schemas.microsoft.com/ws/2008/06/identity/claims/windowssubauthority`
+- `http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsuserclaim`
+- `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authentication`
+- `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecision`
+- `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid`
+- `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress`
+- `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name`
+- `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier`
+- `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier`
+- `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/sid`
+- `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/spn`
+- `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn`
+- `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishedname`
+- `http://schemas.xmlsoap.org/ws/2009/09/identity/claims/actor`
+
 
 These claims are restricted by default, but aren't restricted if you [set the AcceptMappedClaims property](saml-claims-customization.md) to `true` in your app manifest *or* have a [custom signing key](saml-claims-customization.md):
 

articles/azure-monitor/app/media/azure-ad-authentication/disable.png

@@ -10,7 +10,7 @@ ms.reviewer: mmcc
 
 # Enable Azure Monitor OpenTelemetry for .NET, Node.js, Python and Java applications
 
-This article describes how to enable and configure OpenTelemetry-based data collection to power the experiences within [Azure Monitor Application Insights](app-insights-overview.md#application-insights-overview). We walk through how to install the "Azure Monitor OpenTelemetry Distro". To learn more about OpenTelemetry concepts, see the [OpenTelemetry overview](opentelemetry-overview.md) or [OpenTelemetry FAQ](/azure/azure-monitor/faq#opentelemetry).
+This article describes how to enable and configure OpenTelemetry-based data collection to power the experiences within [Azure Monitor Application Insights](app-insights-overview.md#application-insights-overview). We walk through how to install the "Azure Monitor OpenTelemetry Distro". The Distro will [automatically collect](opentelemetry-add-modify.md#automatic-data-collection) traces, metrics, logs, and exceptions across your application and its dependencies. The To learn more about collecting data using OpenTelemetry, see [Data Collection Basics](opentelemetry-overview.md) or [OpenTelemetry FAQ](/azure/azure-monitor/faq#opentelemetry).
 
 ## OpenTelemetry Release Status
 

articles/azure-monitor/app/opentelemetry-enable.md

@@ -57,18 +57,14 @@ The Service Bus connector has different versions, based on [logic app workflow t
 
   For more information about managed identities, review [Authenticate access to Azure resources with managed identities in Azure Logic Apps](../logic-apps/create-managed-service-identity.md).
 
-* By default, the Service Bus built-in connector operations are stateless. To run these operations in stateful mode, see [Enable stateful mode for stateless built-in connectors](../connectors/enable-stateful-affinity-built-in-connectors.md).
+* By default, the Service Bus built-in connector operations are *stateless*. To run these operations in stateful mode, see [Enable stateful mode for stateless built-in connectors](../connectors/enable-stateful-affinity-built-in-connectors.md).
 
 ## Considerations for Azure Service Bus operations
 
 ### Infinite loops
 
 [!INCLUDE [Warning about creating infinite loops](../../includes/connectors-infinite-loops.md)]
 
-### Peek-lock
-
-In Standard logic app workflows, peek-lock operations are available only for *stateless* workflows, not stateful workflows.
-
 ### Limit on saved sessions in connector cache
 
 Per [Service Bus messaging entity, such as a subscription or topic](../service-bus-messaging/service-bus-queues-topics-subscriptions.md), the Service Bus connector can save up to 1,500 unique sessions at a time to the connector cache. If the session count exceeds this limit, old sessions are removed from the cache. For more information, see [Message sessions](../service-bus-messaging/message-sessions.md).

articles/connectors/connectors-create-api-servicebus.md

@@ -47,9 +47,19 @@ Your pipeline canvas will then switch to the context of the inner activity conta
 :::image type="content" source="media/concepts-pipelines-activities/nested-activity-breadcrumb.png" alt-text="Screenshot showing an example If Condition activity inside the true branch with a highlight on the breadcrumb to navigate back to the parent pipeline.":::
 
 ## Nested activity embedding limitations
-Activities that support nesting (ForEach, Until, Switch, and If Condition) can't be embedded inside of another nested activity. Essentially, the current support for nesting is one level deep. See the best practices section below on how to use other pipeline activities to enable this scenario. In addition, the 
+There are constraints on the activities that support nesting (ForEach, Until, Switch, and If Condition), for nesting another nested activity. Specifically:
+
+- If and Switch can be used inside ForEach or Until activities.
+- If and Switch can not used inside If and Switch activities.
+- ForEach or Until support only a single level of nesting.
+
+See the best practices section below on how to use other pipeline activities to enable this scenario. In addition, the 
 [Validation Activity](control-flow-validation-activity.md) can't be placed inside of a nested activity.
 
+If and Switch can be used inside ForEach or Until activities.
+ForEach or Until supports only single level nesting
+If and Switch can not used inside If and Switch activities.
+
 ## Best practices for multiple levels of nested activities
 In order to have logic that supports nesting more than one level deep, you can use the [Execute Pipeline Activity](control-flow-execute-pipeline-activity.md) inside of your nested activity to call another pipeline that then can have another level of nested activities. A common use case for this pattern is with the ForEach loop where you need to additionally loop based off logic in the inner activities. 
 

articles/data-factory/concepts-nested-activities.md

@@ -74,7 +74,6 @@ Installation of the self-hosted integration runtime on a domain controller isn't
 - You must be an administrator on the machine to successfully install and configure the self-hosted integration runtime.
 - Copy-activity runs happen with a specific frequency. Processor and RAM usage on the machine follows the same pattern with peak and idle times. Resource usage also depends heavily on the amount of data that is moved. When multiple copy jobs are in progress, you see resource usage go up during peak times.
 - Tasks might fail during extraction of data in Parquet, ORC, or Avro formats. For more on Parquet, see [Parquet format in Azure Data Factory](./format-parquet.md#using-self-hosted-integration-runtime). File creation runs on the self-hosted integration machine. To work as expected, file creation requires the following prerequisites:
-  - [Visual C++ 2010 Redistributable](https://download.microsoft.com/download/3/2/2/3224B87F-CFA0-4E70-BDA3-3DE650EFEBA5/vcredist_x64.exe) Package (x64)
   - Java Runtime (JRE) version 11 from a JRE provider such as [Microsoft OpenJDK 11](https://aka.ms/download-jdk/microsoft-jdk-11.0.19-windows-x64.msi) or [Eclipse Temurin 11](https://adoptium.net/temurin/releases/?version=11). Ensure that the *JAVA_HOME* system environment variable is set to the JDK folder (not just the JRE folder) you may also need to add the bin folder to your system's PATH environment variable.
   >[!NOTE]
   >It might be necessary to adjust the Java settings if memory errors occur, as described in the [Parquet format](./format-parquet.md#using-self-hosted-integration-runtime) documentation.

articles/data-factory/create-self-hosted-integration-runtime.md

@@ -12,7 +12,7 @@ ms.date: 04/04/2023
 
 # Run a Databricks notebook with the Databricks Notebook Activity in Azure Data Factory
 
-[!INCLUDE[appliesto-adf-xxx-md](includes/appliesto-adf-xxx-md.md)]
+[!INCLUDE[appliesto-adf-asa-md](includes/appliesto-adf-asa-md.md)]
 
 In this tutorial, you use the Azure portal to create an Azure Data Factory pipeline that executes a Databricks notebook against the Databricks jobs cluster. It also passes Azure Data Factory parameters to the Databricks notebook during execution.
 

articles/data-factory/transform-data-using-databricks-notebook.md

@@ -31,7 +31,7 @@ Microsoft Defender for SQL servers on machines extends the protections for your
   - [Connect your GCP project to Microsoft Defender for Cloud](quickstart-onboard-gcp.md)
 
     > [!NOTE]
-    > Enable database protection for your multicloud SQL servers through the [AWS connector](quickstart-onboard-aws.md#connect-your-aws-account) or the [GCP connector](quickstart-onboard-gcp.md#configure-the-databases-plan).
+    > Enable database protection for your multicloud SQL servers through the [AWS connector](quickstart-onboard-aws.md#connect-your-aws-account) or the [GCP connector](quickstart-onboard-gcp.md#configure-the-defender-for-databases-plan).
 
 This plan includes functionality for identifying and mitigating potential database vulnerabilities and detecting anomalous activities that could indicate threats to your databases.