Merge pull request #247348 from nehakulkarni123/nehakulkarni123-patch-1-2

Mutation Public Preview Changes

Author: JamesJBarnett

articles/governance/policy/concepts/effects.md

@@ -15,6 +15,7 @@ resource, an updated resource, or an existing resource.
 
 These effects are currently supported in a policy definition:
 
+- [AddToNetworkGroup](#addtonetworkgroup)
 - [Append](#append)
 - [Audit](#audit)
 - [AuditIfNotExists](#auditifnotexists)
@@ -24,6 +25,7 @@ These effects are currently supported in a policy definition:
 - [Disabled](#disabled)
 - [Manual](#manual)
 - [Modify](#modify)
+- [Mutate](#mutate-preview)
 
 ## Interchanging effects
 
@@ -48,7 +50,7 @@ manages the evaluation and outcome and reports the results back to Azure Policy.
 
 - **Disabled** is checked first to determine whether the policy rule should be evaluated.
 - **Append** and **Modify** are then evaluated. Since either could alter the request, a change made
-  may prevent an audit or deny effect from triggering. These effects are only available with a
+  might prevent an audit or deny effect from triggering. These effects are only available with a
   Resource Manager mode.
 - **Deny** is then evaluated. By evaluating deny before audit, double logging of an undesired
   resource is prevented.
@@ -64,6 +66,14 @@ logging or action is required.
 `PATCH` requests that only modify `tags` related fields restricts policy evaluation to
 policies containing conditions that inspect `tags` related fields.
 
+## AddToNetworkGroup
+
+AddToNetworkGroup is used in Azure Virtual Network Manager to define dynamic network group membership. This effect is specific to _Microsoft.Network.Data_ [policy mode](./definition-structure.md#resource-provider-modes) definitions only.
+
+With network groups, your policy definition includes your conditional expression for matching virtual networks meeting your criteria, and specifies the destination network group where any matching resources are placed. The addToNetworkGroup effect is used to place resources in the destination network group.
+
+To learn more, go to [Configuring Azure Policy with network groups in Azure Virtual Network Manager](../../../virtual-network-manager/concept-azure-policy-integration.md).
+
 ## Append
 
 Append is used to add more fields to the requested resource during creation or update. A
@@ -312,7 +322,7 @@ related resources to match.
     complete, regardless of outcome. If provisioning takes longer than 6 hours, it's treated as a
     failure when determining _AfterProvisioning_ evaluation delays.
   - Default is `PT10M` (10 minutes).
-  - Specifying a long evaluation delay may cause the recorded compliance state of the resource to
+  - Specifying a long evaluation delay might cause the recorded compliance state of the resource to
     not update until the next
     [evaluation trigger](../how-to/get-compliance-data.md#evaluation-triggers).
 - **ExistenceCondition** (optional)
@@ -616,7 +626,7 @@ related resources to match and the template deployment to execute.
     complete, regardless of outcome. If provisioning takes longer than 6 hours, it's treated as a
     failure when determining _AfterProvisioning_ evaluation delays.
   - Default is `PT10M` (10 minutes).
-  - Specifying a long evaluation delay may cause the recorded compliance state of the resource to
+  - Specifying a long evaluation delay might cause the recorded compliance state of the resource to
     not update until the next
     [evaluation trigger](../how-to/get-compliance-data.md#evaluation-triggers).
 - **ExistenceCondition** (optional)
@@ -991,10 +1001,26 @@ is applied only when evaluating requests with API version greater or equals to `
     }
 }
 ```
+## Mutate (preview)
+
+Mutation is used in Azure Policy for Kubernetes to remediate AKS cluster components, like pods. This effect is specific to _Microsoft.Kubernetes.Data_ [policy mode](./definition-structure.md#resource-provider-modes) definitions only.
+
+To learn more, go to [Understand Azure Policy for Kubernetes clusters](./policy-for-kubernetes.md).
+
+### Mutate properties
+- **mutationInfo** (optional)
+  - Can't be used with `constraint`, `constraintTemplate`, `apiGroups`, or `kinds`.
+  - Cannot be parameterized.
+  - **sourceType** (required)
+    - Defines the type of source for the constraint. Allowed values: _PublicURL_ or _Base64Encoded_.
+    - If _PublicURL_, paired with property `url` to provide location of the mutation template. The location must be publicly accessible.
+      > [!WARNING]
+      > Don't use SAS URIs or tokens in `url` or anything else that could expose a secret.
+
 
 ## Layering policy definitions
 
-A resource may be affected by several assignments. These assignments may be at the same scope or at
+A resource can be affected by several assignments. These assignments might be at the same scope or at
 different scopes. Each of these assignments is also likely to have a different effect defined. The
 condition and effect for each policy is independently evaluated. For example: