Merge pull request #198317 from MicrosoftDocs/main

Publish to live, May 16th 8AM

Author: JiayueHu

articles/app-service/tutorial-networking-isolate-vnet.md

@@ -92,7 +92,7 @@ Because your Key Vault and Cognitive Services resources will sit behind [private
 
 ## Create private endpoints
 
-1. In the private endpoint subnet of your virtual network, create a private endpoint for your key vault.
+1. In the private endpoint subnet of your virtual network, create a private endpoint for your Cognitive Service.
 
     ```azurecli-interactive
     # Get Cognitive Services resource ID
@@ -198,4 +198,4 @@ This command may take a minute to run.
 ## Next steps
 
 - [Integrate your app with an Azure virtual network](overview-vnet-integration.md)
-- [App Service networking features](networking-features.md)
+- [App Service networking features](networking-features.md)

articles/azure-functions/functions-bindings-timer.md

@@ -318,7 +318,7 @@ Expressed as a string, the `TimeSpan` format is `hh:mm:ss` when `hh` is less tha
 |--------------|----------------|
 | "01:00:00"   | every hour     |
 | "00:01:00"   | every minute   |
-| "25:00:00"   | every 25 days  |
+| "25:00:00:00"| every 25 days  |
 | "1.00:00:00" | every day      |
 
 ### Scale-out

articles/azure-functions/functions-deployment-slots.md

@@ -56,7 +56,6 @@ Some configuration settings are slot-specific. The following lists detail which
 * Custom domain names
 * Non-public certificates and TLS/SSL settings
 * Scale settings
-* WebJobs schedulers
 * IP restrictions
 * Always On
 * Diagnostic settings
@@ -69,7 +68,6 @@ Some configuration settings are slot-specific. The following lists detail which
 * Connection strings (can be configured to stick to a slot)
 * Handler mappings
 * Public certificates
-* WebJobs content
 * Hybrid connections *
 * Virtual network integration *
 * Service endpoints *

articles/azure-monitor/alerts/alerts-log.md

@@ -37,7 +37,7 @@ You can also [create log alert rules using Azure Resource Manager templates](../
 1. Write a query that will find the log events for which you want to create an alert. You can use the [alert query examples article](../logs/queries.md) to understand what you can discover or [get started on writing your own query](../logs/log-analytics-tutorial.md). Also, [learn how to create optimized alert queries](alerts-log-query.md).
 1. From the top command bar, Select **+ New Alert rule**.
 
-   :::image type="content" source="media/alerts-log/alerts-create-new-alert-rule.png" alt-text="Create new alert rule.":::
+   :::image type="content" source="media/alerts-log/alerts-create-new-alert-rule.png" alt-text="Create new alert rule." lightbox="media/alerts-log/alerts-create-new-alert-rule-expanded.png":::  
 
 1. The **Condition** tab opens, populated with your log query.
 

articles/azure-monitor/alerts/itsmc-troubleshoot-overview.md

@@ -102,13 +102,13 @@ The following sections identify common symptoms, possible causes, and resolution
 * [Sync the connector](itsmc-resync-servicenow.md).
 * Check the [dashboard](itsmc-dashboard.md) and review the errors in the section for connector status. Then review the [common errors and their resolutions](itsmc-dashboard-errors.md)
 
-### Configuration Item is blank in incidents received from ServiceNow
+### In the incidents received from ServiceNow, the configuration item is blank 
 **Cause**: There can be several reasons for this:
-* Only Log alerts supports the configuration item but the alert is another type of alert
-* To contain the configuration item, the search results must include the **Computer** or **Resource** column 
-* The values in the configuration item field do not match an entry in the CMDB
+* The alert is not a log alert. Configuration items are only supported by log alerts.
+* The search results do not include the **Computer** or **Resource** column.
+* The values in the configuration item field do not match an entry in the CMDB.
 
 **Resolution**: 
-* Check whether it is log alert - if not configuration item not supported
-* Check whether search results have column Computer or Resource -if not it should be added to the query
-* Check whether values in the columns Computer/Resource are identical to the values in CMDB- if not a new entry should be added to the CMDB
+* Check if the alert is a log alert. If it isn't a log alert, configuration items are not supported.
+* If the search results do not have  a Computer or Resource column, add them to the query.
+* Check that the values in the Computer and Resource columns are identical to the values in the CMDB. If they are not, add a new entry to the CMDB with the matching values.

articles/azure-monitor/alerts/media/alerts-log/alerts-create-new-alert-rule-expanded.png

@@ -6,7 +6,7 @@ ms.topic: conceptual
 ms.service: container-instances
 services: container-instances
 ms.author: macolso
-ms.date: 02/28/2022
+ms.date: 05/03/2022
 ---
 
 # Configure a NAT gateway for static IP address for outbound traffic from a container group
@@ -15,131 +15,100 @@ Setting up a [container group](container-instances-container-groups.md) with an
 
 This article provides steps to configure a container group in a [virtual network](container-instances-virtual-network-concepts.md) integrated with a [Network Address Translation (NAT) gateway](../virtual-network/nat-gateway/nat-overview.md). By configuring a NAT gateway to SNAT a subnet address range delegated to Azure Container Instances (ACI), you can identify outbound traffic from your container groups. The container group egress traffic will use the public IP address of the NAT gateway. A single NAT gateway can be used by multiple container groups deployed in the virtual network's subnet delegated to ACI.
 
-In this article you use the Azure CLI to create the resources for this scenario:
+In this article, you use the Azure CLI to create the resources for this scenario:
 
-* Container groups deployed on a delegated subnet [in the virtual network](container-instances-vnet.md) 
+* Container groups deployed on a delegated subnet [in the virtual network](container-instances-vnet.md)
 * A NAT gateway deployed in the network with a static public IP address
 
 You then validate egress from example container groups through the NAT gateway.
 
 > [!NOTE]
-> The ACI service recommends integrating with a NAT gateway for containerized workoads that have static egress but not static ingress requirements. For ACI architecture that supports both static ingress and egress, please see the following tutorial: [Use Azure Firewall for ingress and egress](container-instances-egress-ip-address.md).
-## Before you begin
-You must satisfy the following requirements to complete this tutorial:
+> The ACI service recommends integrating with a NAT gateway for containerized workloads that have static egress but not static ingress requirements. For ACI architecture that supports both static ingress and egress, please see the following tutorial: [Use Azure Firewall for ingress and egress](container-instances-egress-ip-address.md).
 
-**Azure CLI**: You must have Azure CLI version installed on your local computer. If you need to install or upgrade, see [Install the Azure CLI][azure-cli-install]
+[!INCLUDE [quickstarts-free-trial-note](../../includes/quickstarts-free-trial-note.md)]
+
+[!INCLUDE [azure-cli-prepare-your-environment.md](../../includes/azure-cli-prepare-your-environment.md)]
+
+[!INCLUDE [cli-launch-cloud-shell-sign-in.md](../../includes/cli-launch-cloud-shell-sign-in.md)]
+
+> [!NOTE]
+> To download the complete script, go to [full script](https://github.com/Azure-Samples/azure-cli-samples/blob/master/container-instances/nat-gateway.sh).
+
+## Get started
+
+This tutorial makes use of a randomized variable. If you are using an existing resource group, modify the value of this variable appropriately.
+
+:::code language="azurecli" source="~/azure_cli_scripts/container-instances/nat-gateway.sh" id="variable":::
+
+**Azure resource group**: If you don't have an Azure resource group already, create a resource group with the [az group create][az-group-create] command. Modify the location value as appropriate.
+
+:::code language="azurecli" source="~/azure_cli_scripts/container-instances/nat-gateway.sh" id="creategroup":::
 
-**Azure resource group**: If you don't have an Azure resource group already, create a resource group with the [az group create][az-group-create] command. Below is an example.
-```azurecli
-az group create --name myResourceGroup --location eastus
-```
 ## Deploy ACI in a virtual network
 
-In a typical case, you might already have an Azure virtual network in which to deploy a container group. For demonstration purposes, the following commands create a virtual network and subnet when the container group is created. The subnet is delegated to Azure Container Instances. 
+In a typical case, you might already have an Azure virtual network in which to deploy a container group. For demonstration purposes, the following commands create a virtual network and subnet when the container group is created. The subnet is delegated to Azure Container Instances.
 
 The container group runs a small web app from the `aci-helloworld` image. As shown in other articles in the documentation, this image packages a small web app written in Node.js that serves a static HTML page.
 
-> [!TIP]
-> To simplify the following command examples, use an environment variable for the resource group's name:
-> ```console
-> export RESOURCE_GROUP_NAME=myResourceGroup
-> ```
-> This tutorial will make use of the environment variable going forward. 
 Create the container group with the [az container create][az-container-create] command:
 
-```azurecli
-az container create \
-  --name appcontainer \
-  --resource-group $RESOURCE_GROUP_NAME \
-  --image mcr.microsoft.com/azuredocs/aci-helloworld \
-  --vnet aci-vnet \
-  --vnet-address-prefix 10.0.0.0/16 \
-  --subnet aci-subnet \
-  --subnet-address-prefix 10.0.0.0/24
-```
+:::code language="azurecli" source="~/azure_cli_scripts/container-instances/nat-gateway.sh" id="container":::
 
 > [!NOTE]
-> Adjust the value of `--subnet address-prefix` for the IP address space you need in your subnet. The smallest supported subnet is /29, which provides eight IP addresses. Some >IP addresses are reserved for use by Azure, which you can read more about [here](../virtual-network/ip-services/private-ip-addresses.md). 
+> Adjust the value of `--subnet address-prefix` for the IP address space you need in your subnet. The smallest supported subnet is /29, which provides eight IP addresses. Some >IP addresses are reserved for use by Azure, which you can read more about [here](../virtual-network/ip-services/private-ip-addresses.md).
+
 ## Create a public IP address
 
 In the following sections, use the Azure CLI to deploy an Azure NAT gateway in the virtual network. For background, see [Quickstart: Create a NAT gateway using Azure CLI](../virtual-network/nat-gateway/quickstart-create-nat-gateway-cli.md).
 
-First, use the [az network vnet public-ip create][az-network-public-ip-create] to create a public IP address for the NAT gateway. This will be used to access the Internet. You will receive a warning about an upcoming breaking change where Standard SKU IP addresses will be availability zone aware by default. You can learn more about the use of availability zones and public IP addresses [here](../virtual-network/ip-services/virtual-network-network-interface-addresses.md). 
+First, use the [az network vnet public-ip create][az-network-public-ip-create] to create a public IP address for the NAT gateway. This will be used to access the Internet. You will receive a warning about an upcoming breaking change where Standard SKU IP addresses will be availability zone aware by default. You can learn more about the use of availability zones and public IP addresses [here](../virtual-network/ip-services/virtual-network-network-interface-addresses.md).
 
-```azurecli
-az network public-ip create \
-  --name myPublicIP \
-  --resource-group $RESOURCE_GROUP_NAME \
-  --sku standard \
-  --allocation static
-```
+:::code language="azurecli" source="~/azure_cli_scripts/container-instances/nat-gateway.sh" id="publicip":::
 
-Store the public IP address in a variable. We will use this later during the validation step. 
+Store the public IP address in a variable for use during the validation step later in this script.
 
-```azurecli
-NG_PUBLIC_IP="$(az network public-ip show \
-  --name myPublicIP \
-  --resource-group $RESOURCE_GROUP_NAME \
-  --query ipAddress --output tsv)"
-```
+:::code language="azurecli" source="~/azure_cli_scripts/container-instances/nat-gateway.sh" id="storeip":::
 
 ## Deploy a NAT gateway into a virtual network
 
 Use the following [az network nat gateway create][az-network-nat-gateway-create] to create a NAT gateway that uses the public IP you created in the previous step.
 
-```azurecli
-az network nat gateway create \
-  --resource-group $RESOURCE_GROUP_NAME \
-  --name myNATgateway \
-  --public-ip-addresses myPublicIP \
-  --idle-timeout 10       
-```
+:::code language="azurecli" source="~/azure_cli_scripts/container-instances/nat-gateway.sh" id="natgateway":::
+
 ## Configure NAT service for source subnet
 
-We'll configure the source subnet **aci-subnet** to use a specific NAT gateway resource **myNATgateway** with [az network vnet subnet update][az-network-vnet-subnet-update]. This command will activate the NAT service on the specified subnet. 
+We'll configure the source subnet **aci-subnet** to use a specific NAT gateway resource **myNATgateway** with [az network vnet subnet update][az-network-vnet-subnet-update]. This command will activate the NAT service on the specified subnet.
 
-```azurecli
-az network vnet subnet update \
-    --resource-group $RESOURCE_GROUP_NAME  \
-    --vnet-name aci-vnet \
-    --name aci-subnet \
-    --nat-gateway myNATgateway
-```
+:::code language="azurecli" source="~/azure_cli_scripts/container-instances/nat-gateway.sh" id="subnet":::
 
 ## Test egress from a container group
 
-Test inbound access to the *appcontainer* running in the virtual network by browsing to the firewall's public IP address. Previously, you stored the public IP address in variable $NG_PUBLIC_IP
+Test inbound access to the `appcontainer` running in the virtual network by browsing to the firewall's public IP address. Previously, you stored the public IP address in variable $NG_PUBLIC_IP
 
 Deploy the following sample container into the virtual network. When it runs, it sends a single HTTP request to `http://checkip.dyndns.org`, which displays the IP address of the sender (the egress IP address). If the application rule on the firewall is configured properly, the firewall's public IP address is returned.
 
-```azurecli
-az container create \
-  --resource-group $RESOURCE_GROUP_NAME \
-  --name testegress \
-  --image mcr.microsoft.com/azuredocs/aci-tutorial-sidecar \
-  --command-line "curl -s http://checkip.dyndns.org" \
-  --restart-policy OnFailure \
-  --vnet aci-vnet \
-  --subnet aci-subnet
-```
+:::code language="azurecli" source="~/azure_cli_scripts/container-instances/nat-gateway.sh" id="sidecar":::
 
 View the container logs to confirm the IP address is the same as the public IP address we created in the first step of the tutorial.
 
-```azurecli
-az container logs \
-  --resource-group $RESOURCE_GROUP_NAME \
-  --name testegress 
-```
+:::code language="azurecli" source="~/azure_cli_scripts/container-instances/nat-gateway.sh" id="viewlogs":::
 
 Output is similar to:
 
 ```console
 <html><head><title>Current IP Check</title></head><body>Current IP Address: 52.142.18.133</body></html>
 ```
-This IP address should match the public IP address created in the first step of the tutorial. 
 
-```Bash
-echo $NG_PUBLIC_IP
+This IP address should match the public IP address created in the first step of the tutorial.
+
+:::code language="azurecli" source="~/azure_cli_scripts/container-instances/nat-gateway.sh" id="echo":::
+
+## Clean up resources
+
+When no longer needed, you can use [az group delete](/cli/azure/group) to remove the resource group and all related resources as follows. The `--no-wait` parameter returns control to the prompt without waiting for the operation to complete. The `--yes` parameter confirms that you wish to delete the resources without an additional prompt to do so.
+
+```azurecli-interactive
+az group delete --name $resourceGroup --yes --no-wait
 ```
 
 ## Next steps

articles/azure-monitor/alerts/media/alerts-log/alerts-create-new-alert-rule.png

@@ -22,6 +22,8 @@ At the bottom of this page, there's a table describing the Microsoft Defender fo
 
 ## <a name="alerts-windows"></a>Alerts for Windows machines
 
+Microsoft Defender for Servers Plan 2 provides unique detections and alerts, in addition to the ones provided by Microsoft Defender for Endpoint. The alerts provided for Windows machines are:
+
 [Further details and notes](defender-for-servers-introduction.md)
 
 | Alert (alert type)                                                                                                                                               | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | MITRE tactics<br>([Learn more](#intentions)) | Severity      |
@@ -134,6 +136,8 @@ At the bottom of this page, there's a table describing the Microsoft Defender fo
 
 ## <a name="alerts-linux"></a>Alerts for Linux machines
 
+Microsoft Defender for Servers Plan 2 provides unique detections and alerts, in addition to the ones provided by Microsoft Defender for Endpoint. The alerts provided for Linux machines are:
+
 [Further details and notes](defender-for-servers-introduction.md)
 
 |Alert (alert type)|Description|MITRE tactics<br>([Learn more](#intentions))|Severity|