Merge pull request #187024 from MicrosoftDocs/repo_sync_working_branch

huypub · web-flow · commit 559d9aad0ec3 · 2022-02-01T14:45:20.000-08:00
Confirm merge from repo_sync_working_branch to master to sync with https://github.com/MicrosoftDocs/azure-docs (branch master)
diff --git a/articles/active-directory/fundamentals/service-accounts-governing-azure.md b/articles/active-directory/fundamentals/service-accounts-governing-azure.md
@@ -20,7 +20,7 @@ ms.collection: M365-identity-device-management
 There are three types of service accounts in Azure Active Directory (Azure AD): [managed identities](service-accounts-managed-identities.md), [service principals](service-accounts-principal.md), and user accounts employed as service accounts. As you create these service accounts for automated use, they're granted permissions to access resources in Azure and Azure AD. Resources can include Microsoft 365 services, software as a service (SaaS) applications, custom applications, databases, HR systems, and so on. Governing Azure AD service accounts means that you manage their creation, permissions, and lifecycle to ensure security and continuity.
 
 > [!IMPORTANT] 
-> We do not recommend using user accounts as service accounts as they are inherently less secure. This includes on-premises service accounts that are synced to Azure AD, as they are  not converted to service principals. Instead, we recommend the use of managed identities or service principals. Note that at this time the use of conditional access policies is not possible with service principals, but the functionality is coming.
+> We do not recommend using user accounts as service accounts as they are inherently less secure. This includes on-premises service accounts that are synced to Azure AD, as they are  not converted to service principals. Instead, we recommend the use of managed identities or service principals. Note that at this time the use of conditional access policies with service principals is called Conditional Access for workload identities and it's in public preview.
 
 
 ## Plan your service account
diff --git a/articles/cognitive-services/LUIS/luis-reference-regions.md b/articles/cognitive-services/LUIS/luis-reference-regions.md
@@ -75,6 +75,7 @@ The authoring region app can only be published to a corresponding publish region
 | Asia | `westus`<br>[www.luis.ai][www.luis.ai]| East Asia<br>`eastasia`     |  `https://eastasia.api.cognitive.microsoft.com/luis/v2.0/apps/YOUR-APP-ID?subscription-key=YOUR-SUBSCRIPTION-KEY` |
 | Asia | `westus`<br>[www.luis.ai][www.luis.ai]| Japan East<br>`japaneast`     |   `https://japaneast.api.cognitive.microsoft.com/luis/v2.0/apps/YOUR-APP-ID?subscription-key=YOUR-SUBSCRIPTION-KEY` |
 | Asia | `westus`<br>[www.luis.ai][www.luis.ai]| Japan West<br>`japanwest`     |   `https://japanwest.api.cognitive.microsoft.com/luis/v2.0/apps/YOUR-APP-ID?subscription-key=YOUR-SUBSCRIPTION-KEY` |
+| Asia | `westus`<br>[www.luis.ai][www.luis.ai]| Jio India West<br>`jioindiawest`     |   `https://jioindiawest.api.cognitive.microsoft.com/luis/v2.0/apps/YOUR-APP-ID?subscription-key=YOUR-SUBSCRIPTION-KEY` |
 | Asia | `westus`<br>[www.luis.ai][www.luis.ai]| Korea Central<br>`koreacentral`     |   `https://koreacentral.api.cognitive.microsoft.com/luis/v2.0/apps/YOUR-APP-ID?subscription-key=YOUR-SUBSCRIPTION-KEY` |
 | Asia | `westus`<br>[www.luis.ai][www.luis.ai]| Southeast Asia<br>`southeastasia`     |   `https://southeastasia.api.cognitive.microsoft.com/luis/v2.0/apps/YOUR-APP-ID?subscription-key=YOUR-SUBSCRIPTION-KEY` |
 | Asia | `westus`<br>[www.luis.ai][www.luis.ai]| North UAE<br>`northuae`     |   `https://northuae.api.cognitive.microsoft.com/luis/v2.0/apps/YOUR-APP-ID?subscription-key=YOUR-SUBSCRIPTION-KEY` |
diff --git a/articles/event-hubs/apache-kafka-frequently-asked-questions.yml b/articles/event-hubs/apache-kafka-frequently-asked-questions.yml
@@ -38,6 +38,13 @@ sections:
           - They fully distinct from Event Hubs consumer groups. You **don't** need to use '$Default', nor do you need to worry about Kafka clients interfering with AMQP workloads.
           - They aren't viewable in the Azure portal. Consumer group info is accessible via Kafka APIs.
           
+      - question: |
+          Does Azure Event Hubs for Apache Kafka support shared access signature token authentication?
+        answer: |
+          Authenticating by using [OAuth 2.0 and shared access signature](event-hubs-for-kafka-ecosystem-overview.md#security-and-authentication) is supported.
+          
+          Shared access signature tokens are [generated](authenticate-shared-access-signature.md#generate-a-shared-access-signature-token) by using an authorization rule and one of its signing keys. This is not supported when using the Event Hubs for Apache Kafka endpoint.
+
 additionalContent: |
 
   ## Next steps
diff --git a/articles/event-hubs/event-hubs-for-kafka-ecosystem-overview.md b/articles/event-hubs/event-hubs-for-kafka-ecosystem-overview.md
@@ -79,6 +79,8 @@ sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule require
 > [!NOTE]
 > When using SAS authentication with Kafka clients, established connections aren't disconnected when the SAS key is regenerated. 
 
+> [!NOTE]
+> [Generated shared access signature tokens](authenticate-shared-access-signature.md#generate-a-shared-access-signature-token) are not supported when using the Event Hubs for Apache Kafka endpoint.
 
 #### Samples 
 For a **tutorial** with step-by-step instructions to create an event hub and access it using SAS or OAuth, see [Quickstart: Data streaming with Event Hubs using the Kafka protocol](event-hubs-quickstart-kafka-enabled-event-hubs.md).
diff --git a/articles/iot-hub/iot-hub-message-enrichments-overview.md b/articles/iot-hub/iot-hub-message-enrichments-overview.md
@@ -35,7 +35,7 @@ The **value** can be any of the following examples:
 * Information from the device twin, such as its path. Examples would be *$twin.tags.field* and *$twin.tags.latitude*.
 
    > [!NOTE]
-   > At this time, only $iothubname, $twin.tags, $twin.properties.desired, and $twin.properties.reported are supported variables for message enrichment.
+   > At this time, only $iothubname, $twin.tags, $twin.properties.desired, and $twin.properties.reported are supported variables for message enrichment.  Additionally, only primitive types are supported for enrichments. Messages cannot be enriched with object types.
 
 Message Enrichments are added as application properties to messages sent to chosen endpoint(s).  
 
diff --git a/articles/media-services/latest/TOC.yml b/articles/media-services/latest/TOC.yml
@@ -41,7 +41,7 @@
       displayName: .NET, SDK, client, library, C#
     - name: Connect with Node.js / JavaScript SDK
       href: configure-connect-nodejs-howto.md
-      displayName: Node, Node.js, Typescript, Javascript, SDK, client, library
+      displayName: Node, Node.js, TypeScript, Javascript, SDK, client, library
     - name: Connect with Python SDK
       href: configure-connect-python-howto.md
       displayName: Python, SDK, client, library
@@ -54,7 +54,7 @@
     items:
       - name: GitHub samples by language
         href: samples-overview.md
-        displayName: samples, SDK, tutorial, GitHub, .NET, Python, Nodejs, Node, Node.JS Java, Typescript, TS, Javascript, JS
+        displayName: samples, SDK, tutorial, GitHub, .NET, Python, Nodejs, Node, Node.JS Java, TypeScript, TS, Javascript, JS
   - name: Try Media Services in the portal
     items:
     - name: Live event with portal and Wirecast
@@ -123,10 +123,10 @@
     items:
     - name: Encode and stream a remote file Node.js
       href: stream-files-nodejs-quickstart.md
-      displayName: Tutorial, Node.js, Typescript, Node, Javascript, remote ingest, SAS, HTTP, JobInputHttp, S3, URL, ingest, upload, SDK, sample
+      displayName: Tutorial, Node.js, TypeScript, Node, Javascript, remote ingest, SAS, HTTP, JobInputHttp, S3, URL, ingest, upload, SDK, sample
     - name: Stream live with Node.js
       href: stream-live-tutorial-with-nodejs.md
-      displayName: SDK, Tutorial, Node.js, Typescript, Node, Javascript, live, live event, streaming, sample
+      displayName: SDK, Tutorial, Node.js, TypeScript, Node, Javascript, live, live event, streaming, sample
   - name: Python
     items:
     - name: Python Basic Encoding
@@ -147,7 +147,7 @@
   items:
   - name: GitHub samples by language
     href: samples-overview.md
-    displayName: samples, SDK, tutorial, GitHub, .NET, C#, Python, Nodejs, Node, Node.JS Java, Typescript, TS, Javascript, JS
+    displayName: samples, SDK, tutorial, GitHub, .NET, C#, Python, Nodejs, Node, Node.JS Java, TypeScript, TS, Javascript, JS
   - name: Media Services v3 GitHub REST samples
     href: https://github.com/Azure-Samples/media-services-v3-rest-postman
 - name: Concepts
@@ -625,13 +625,13 @@
     items:
     - name: Azure Media Player full set up
       href: ../azure-media-player/azure-media-player-full-setup.md
-      displayName: AMP, embed, iframe, player, player control, setup player, publish, React, Vue, Angular, javascript, Typescript, node, node.js, playback, stream, CMS, web page, HTML, HTML5, MSE, EME, HTML video, video tag
+      displayName: AMP, embed, iframe, player, player control, setup player, publish, React, Vue, Angular, javascript, TypeScript, node, node.js, playback, stream, CMS, web page, HTML, HTML5, MSE, EME, HTML video, video tag
     - name: Use the Video.js player
       href: player-how-to-video-js-player.md
-      displayName: Videojs, Video.js, player, player setup, embed, iframe, React, Vue, Angular, javascript, Typescript, playback, stream, CMS, web page, HTML, HTML5, MSE, EME, video tag
+      displayName: Videojs, Video.js, player, player setup, embed, iframe, React, Vue, Angular, javascript, TypeScript, playback, stream, CMS, web page, HTML, HTML5, MSE, EME, video tag
     - name: Use the Shaka video player
       href: player-shaka-player-how-to.md
-      displayName: Shaka, Shaka player, Google, Google Shaka, player, player setup, embed, iframe, React, Vue, Angular, javascript, Typescript, playback, stream, CMS, web page, HTML, HTML5, MSE, EME, video tag
+      displayName: Shaka, Shaka player, Google, Google Shaka, player, player setup, embed, iframe, React, Vue, Angular, javascript, TypeScript, playback, stream, CMS, web page, HTML, HTML5, MSE, EME, video tag
     - name: Pass authentication tokens
       href: security-pass-authentication-tokens-how-to.md
       displayName: token auth, token, token authentication, player
@@ -659,7 +659,7 @@
       displayName: SDK, Python SDK, Python, Python docs, Python reference, reference Python, developer, develop, Python library, pypi, package, pip, pip install
     - name: Node.js
       href: /javascript/api/overview/azure/arm-mediaservices-readme
-      displayName: SDK, Node SDK, Node.js, Nodejs, Nodejs SDk, Node.js SDk, Javscript, Javascript SDK, Typescript, Typescript SDK, Javascript docs, Node docs, Node.js Docs, Node.js reference, reference Node, developer, develop, Node.js library, Typescript library, package, npm, npm install
+      displayName: SDK, Node SDK, Node.js, Nodejs, Nodejs SDk, Node.js SDk, Javscript, Javascript SDK, TypeScript, TypeScript SDK, Javascript docs, Node docs, Node.js Docs, Node.js reference, reference Node, developer, develop, Node.js library, TypeScript library, package, npm, npm install
     - name: Go
       href: https://aka.ms/ams-v3-go-ref
       displayName: Go, Go SDK, SDK, Go reference, Go docs, Go Documentation, Go library, go package
@@ -707,7 +707,7 @@
       displayName:  SDK, install SDK, get SDK, client SDK, Python SDK, install Python SDK, Python, install, download SDK, pypi, pip, pip3 package, package manager, get started
     - name: Node.js
       href: https://aka.ms/ams-v3-nodejs-sdk   
-      displayName: SDK, install SDK, get SDK, client SDK, Node.js SDK, install Node.js SDK, Node.js, Typescript, Javascript install, download SDK, npm, package, package manager, node package, get started
+      displayName: SDK, install SDK, get SDK, client SDK, Node.js SDK, install Node.js SDK, Node.js, TypeScript, Javascript install, download SDK, npm, package, package manager, node package, get started
     - name: Go
       href: https://aka.ms/ams-v3-go-sdk   
       displayName: SDK, install SDK, get SDK, client SDK, Go SDK, install Go SDK, Go, Go install, download SDK, get started   
@@ -725,4 +725,4 @@
     displayName: Azure clouds, Azure regions, regions, geographies, data centers, locations, region, geo, availability, government cloud, gov cloud, china, germany, soverign, soverign cloud,
   - name: Regional code names and endpoints
     href: azure-regions-code-names.md
-    displayName: region, regions, Azure couds, code names, region codes, region code names, region locations, location, data centers, endpoints
+    displayName: region, regions, Azure couds, code names, region codes, region code names, region locations, location, data centers, endpoints
diff --git a/articles/purview/register-scan-synapse-workspace.md b/articles/purview/register-scan-synapse-workspace.md
@@ -39,7 +39,7 @@ This section describes how to register Azure Synapse Analytics workspaces in Azu
 
 ### Authentication for registration
 
-Only users with at least a *Reader* role on the Azure Synapse workspace who is also *data source administrators* in Azure Purview can register an Azure Synapse workspace.
+Only a user with at least a *Reader* role on the Azure Synapse workspace and who is also *data source administrators* in Azure Purview can register an Azure Synapse workspace.
 
 ### Steps to register
 
@@ -87,7 +87,9 @@ Then, you will need to [apply permissions to scan the contents of the workspace]
 
 ### Authentication for enumerating serverless SQL database resources
 
-There are three places you will need to set authentication to allow Azure Purview to enumerate your serverless SQL database resources: the Synapse workspace, the associated storage, and on the Serverless databases. The steps below will set permissions for all three.
+There are three places you will need to set authentication to allow Azure Purview to enumerate your serverless SQL database resources: The Azure Synapse workspace, the associated storage, and the Azure Synapse serverless databases. The steps below will set permissions for all three.
+
+#### Azure Synapse workspace
 
 1. In the Azure portal, go to the Azure Synapse workspace resource.  
 1. On the left pane, select **Access Control (IAM)**. 
@@ -98,15 +100,20 @@ There are three places you will need to set authentication to allow Azure Purvie
 1. Select the **Add** button.   
 1. Set the **Reader** role and enter your Azure Purview account name, which represents its managed service identity (MSI).
 1. Select **Save** to finish assigning the role.
-1. In the Azure portal, go to the **Resource group** or **Subscription** that the Azure Synapse workspace is in.
+
+#### Storage account
+
+1. In the Azure portal, go to the **Resource group** or **Subscription** that the storage account associated with the Azure Synapse workspace is in.
 1. On the left pane, select **Access Control (IAM)**. 
 
    > [!NOTE]
    > You must be an *owner* or *user access administrator* to add a role in the **Resource group** or **Subscription** fields. 
-
 1. Select the **Add** button. 
 1. Set the **Storage blob data reader** role and enter your Azure Purview account name (which represents its MSI) in the **Select** box. 
 1. Select **Save** to finish assigning the role.
+
+#### Azure Synapse serverless database
+
 1. Go to your Azure Synapse workspace and open the Synapse Studio.
 1. Select the **Data** tab on the left menu.
 1. Select the ellipsis (**...**) next to one of your databases, and then start a new SQL script.
