Merge pull request #212108 from MicrosoftDocs/repo_sync_working_branch

huypub · web-flow · commit 594a8f73bc5e · 2022-09-22T09:48:00.000-07:00
Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)
diff --git a/articles/azure-resource-manager/bicep/modules.md b/articles/azure-resource-manager/bicep/modules.md
@@ -59,6 +59,7 @@ The following example concatenates the deployment name to the module name. If yo
 module stgModule 'storageAccount.bicep' = {
   name: '${deployment().name}-storageDeploy'
   scope: resourceGroup('demoRG')
+}
 ```
 
 If you need to **specify a scope** that is different than the scope for the main file, add the scope property. For more information, see [Set module scope](#set-module-scope).
diff --git a/articles/azure-vmware/concepts-storage.md b/articles/azure-vmware/concepts-storage.md
@@ -49,7 +49,8 @@ vSAN datastores use data-at-rest encryption by default using keys stored in Azur
 
 ## Azure storage integration
 
-You can use Azure storage services in workloads running in your private cloud. The Azure storage services include Storage Accounts, Table Storage, and Blob Storage. The connection of workloads to Azure storage services doesn't traverse the internet. This connectivity provides more security and enables you to use SLA-based Azure storage services in your private cloud workloads. You can also connect Azure disk pools or [Azure NetApp Files datastores](attach-azure-netapp-files-to-azure-vmware-solution-hosts.md) to expand the storage capacity.
+You can use Azure storage services in workloads running in your private cloud. The Azure storage services include Storage Accounts, Table Storage, and Blob Storage. The connection of workloads to Azure storage services doesn't traverse the internet. This connectivity provides more security and enables you to use SLA-based Azure storage services in your private cloud workloads. 
+You can expand the datastore capacity by connecting Azure disk pools or [Azure NetApp Files datastores](attach-azure-netapp-files-to-azure-vmware-solution-hosts.md). Azure NetApp Files is available in Ultra, [Premium and Standard performance tiers](/azure/azure-netapp-files/azure-netapp-files-service-levels) to allow adjusting the performance and cost to the requirements of the workloads.
 
 ## Alerts and monitoring
 
diff --git a/articles/azure-vmware/enable-public-ip-nsx-edge.md b/articles/azure-vmware/enable-public-ip-nsx-edge.md
@@ -38,6 +38,9 @@ With this capability, you have the following features:
 The architecture shows Internet access to and from your Azure VMware Solution private cloud using a Public IP directly to the NSX Edge.
 :::image type="content" source="media/public-ip-nsx-edge/architecture-internet-access-avs-public-ip.png" alt-text="Diagram that shows architecture of Internet access to and from your Azure VMware Solution Private Cloud using a Public IP directly to the NSX Edge." border="false" lightbox="media/public-ip-nsx-edge/architecture-internet-access-avs-public-ip-expanded.png":::
 
+>[!IMPORTANT]
+>The use of Public IP down to the NSX Edge is not compatible with reverse DNS Lookup. 
+
 ## Configure a Public IP in the Azure portal
 1. Log on to the Azure portal.
 1. Search for and select Azure VMware Solution.
diff --git a/articles/azure-vmware/enable-sql-azure-hybrid-benefit.md b/articles/azure-vmware/enable-sql-azure-hybrid-benefit.md
@@ -8,26 +8,26 @@ ms.date: 06/14/2022
 
 # Enable SQL Azure hybrid benefit for Azure VMware Solution (Preview)
 
-In this article, you’ll learn how to apply SQL Azure hybrid benefits to an Azure VMware Solution private cloud by configuring a placement policy. The placement policy defines the number of hosts that are running SQL. 
+In this article, you’ll learn how to configure SQL Azure hybrid benefits to an Azure VMware Solution private cloud by configuring a placement policy. The placement policy defines the hosts that are running SQL as well as the virtual machines on that host. 
 >[!IMPORTANT]
 > It is important to note that SQL benefits are applied at the host level. 
 
-For example, if each host in Azure VMware Solution has 36 cores and you signal that two hosts run SQL, then SQL Azure hybrid benefit will apply to 72 cores.
+For example, if each host in Azure VMware Solution has 36 cores and you signal that two hosts run SQL, then SQL Azure hybrid benefit will apply to 72 cores irrespective of the number of SQL or other virtual machines on that host.
 
 ## Configure host-VM placement policy
 1.	From your Azure VMware Solution private cloud, select Azure hybrid benefit, then Create host-VM placement policy.
  :::image type="content" source="media/sql-azure-hybrid-benefit/azure-hybrid-benefit.png" alt-text="Diagram that shows how to create a host new virtual machine placement policy.":::
 
 1.	Fill in the required fields for creating the placement policy.
      1.	**Name** – Select the name that identifies this policy.
-     2. **Type** – Select the type of policy. This type must be VM-Host affinity only.
+     2. **Type** – Select the type of policy. This type must be a VM-Host affinity rule only.
      3. **Azure hybrid benefit** – Select the checkbox to apply the SQL Azure hybrid benefit.
-     4. **Cluster** – Select the necessary cluster. The policy is applicable per cluster only.
+     4. **Cluster** – Select the correct cluster. The policy is scoped to host in this cluster only.
      1. **Enabled** – Select enabled to apply the policy immediately once created.
      
      :::image type="content" source="media/sql-azure-hybrid-benefit/create-placement-policy.png" alt-text="Diagram that shows how to create a host virtual machine placement policy using the host VM affinity.":::
 3.	Select the hosts and VMs that will be applied to the VM-Host affinity policy.
-     1.	**Add Hosts** – Select the hosts that will be running SQL.
+     1.	**Add Hosts** – Select the hosts that will be running SQL. When hosts are replaced, policies are re-created on the new hosts automatically.
      2.	**Add VMs** – Select the VMs that should run on the selected hosts.
      3. **Review and Create** the policy.
      :::image type="content" source="media/sql-azure-hybrid-benefit/select-policy-host.png" alt-text="Diagram that shows how to create a host virtual machine affinity.":::
diff --git a/articles/data-factory/connector-azure-sql-database.md b/articles/data-factory/connector-azure-sql-database.md
@@ -919,7 +919,7 @@ When you copy data from/to Azure SQL Database with [Always Encrypted](/sql/relat
 
 1. Store the [Column Master Key (CMK)](/sql/relational-databases/security/encryption/create-and-store-column-master-keys-always-encrypted?view=sql-server-ver15&preserve-view=true) in an [Azure Key Vault](../key-vault/general/overview.md). Learn more on [how to configure Always Encrypted by using Azure Key Vault](/azure/azure-sql/database/always-encrypted-azure-key-vault-configure?tabs=azure-powershell)
 
-2. Make sure to great access to the key vault where the [Column Master Key (CMK)](/sql/relational-databases/security/encryption/create-and-store-column-master-keys-always-encrypted?view=sql-server-ver15&preserve-view=true) is stored. Refer to this [article](/sql/relational-databases/security/encryption/create-and-store-column-master-keys-always-encrypted?view=sql-server-ver15&preserve-view=true#key-vaults) for required permissions.
+2. Make sure to get access to the key vault where the [Column Master Key (CMK)](/sql/relational-databases/security/encryption/create-and-store-column-master-keys-always-encrypted?view=sql-server-ver15&preserve-view=true) is stored. Refer to this [article](/sql/relational-databases/security/encryption/create-and-store-column-master-keys-always-encrypted?view=sql-server-ver15&preserve-view=true#key-vaults) for required permissions.
 
 3. Create linked service to connect to your SQL database and enable 'Always Encrypted' function by using either managed identity or service principal. 
 
diff --git a/articles/industrial-iot/overview-what-is-industrial-iot.md b/articles/industrial-iot/overview-what-is-industrial-iot.md
@@ -40,7 +40,7 @@ Azure IIoT solutions are built from specific components:
 
 The [Azure IoT Hub](https://azure.microsoft.com/services/iot-hub/) acts as a central message hub for secure, bi-directional communications between any IoT application and the devices it manages. It's an open and flexible cloud platform as a service (PaaS) that supports open-source SDKs and multiple protocols.
 
-Gathering your industrial and business data onto an IoT Hub lets you store your data securely, perform business and efficiency analyses on it, and generate reports from it. You can also apply Microsoft Azure services and tools, such as [Power BI](https://powerbi.microsoft.com), on your combined data.
+Gathering your industrial and business data onto an IoT Hub lets you store your data securely, perform business and efficiency analyses on it, and generate reports from it. You can process your combined data with Microsoft Azure services and tools, for example [Azure Stream Analytics](https://docs.microsoft.com/azure/stream-analytics), or visualize in your Business Intelligence platform of choice such as [Power BI](https://powerbi.microsoft.com).
 
 ### IoT Edge devices
 
diff --git a/articles/security/fundamentals/services-technologies.md b/articles/security/fundamentals/services-technologies.md
@@ -29,6 +29,7 @@ Over time, this list will change and grow, just as Azure does. Make sure to chec
 |Service|Description|
 |--------|--------|
 |[Microsoft Defender for Cloud](../../security-center/security-center-introduction.md)| A cloud workload protection solution that provides security management and advanced threat protection across hybrid cloud workloads.|
+|[Microsoft Sentinel](../../sentinel/overview.md)| A scalable, cloud-native solution that delivers intelligent security analytics and threat intelligence across the enterprise.|
 |[Azure Key Vault](../../key-vault/general/overview.md)| A secure secrets store for the passwords, connection strings, and other information you need to keep your apps working. |
 |[Azure Monitor logs](../../azure-monitor/logs/log-query-overview.md)|A monitoring service that collects telemetry and other data, and provides a query language and analytics engine to deliver operational insights for your apps and resources. Can be used alone or with other services such as Defender for Cloud. |
 |[Azure Dev/Test Labs](../../devtest-labs/devtest-lab-overview.md)|A service that helps developers and testers quickly create environments in Azure while minimizing waste and controlling cost.  |
@@ -81,7 +82,7 @@ Over time, this list will change and grow, just as Azure does. Make sure to chec
 | [Network&nbsp;Security&nbsp;Groups](../../virtual-network/virtual-network-vnet-plan-design-arm.md)| A network-based access control feature using a 5-tuple to make allow or deny decisions.  |
 | [Azure VPN Gateway](../../vpn-gateway/vpn-gateway-about-vpngateways.md)| A network device used as a VPN endpoint to allow cross-premises access to Azure Virtual Networks.  |
 | [Azure Application Gateway](../../application-gateway/overview.md)|An advanced web application load balancer that can route based on URL and perform SSL-offloading. |
-|[Web application firewall](../../web-application-firewall/afds/afds-overview.md) (WAF)|A feature of Application Gateway that provides centralized protection of your web applications from common exploits and vulnerabilities|
+|[Web application firewall](../../web-application-firewall/overview.md) (WAF)|A feature that provides centralized protection of your web applications from common exploits and vulnerabilities|
 | [Azure Load Balancer](../../load-balancer/load-balancer-overview.md)|A TCP/UDP application network load balancer. |
 | [Azure ExpressRoute](../../expressroute/expressroute-introduction.md)| A dedicated WAN link between on-premises networks and Azure Virtual Networks. |
 | [Azure Traffic Manager](../../traffic-manager/traffic-manager-overview.md)| A global DNS load balancer.|
@@ -90,3 +91,7 @@ Over time, this list will change and grow, just as Azure does. Make sure to chec
 |[Azure DDoS protection](../../ddos-protection/ddos-protection-overview.md)|Combined with application design best practices, provides defense against DDoS attacks.|
 |[Virtual Network service endpoints](../../virtual-network/virtual-network-service-endpoints-overview.md)|Extends your virtual network private address space and the identity of your VNet to the Azure services, over a direct connection.|
 |[Azure Private Link](../../private-link/private-link-overview.md)|Provides private connectivity from a virtual network to Azure platform as a service (PaaS), customer-owned, or Microsoft partner services.|
+|[Azure Bastion](../../bastion/bastion-overview.md)|A service you deploy that lets you connect to a virtual machine using your browser and the Azure portal.|
+|[Azure Front Door](../../frontdoor/front-door-application-security.md)|Provides web application protection capability to safeguard your web applications from network attacks and common web vulnerabilities exploits like SQL Injection or Cross Site Scripting (XSS).|
+
+
diff --git a/articles/sentinel/sap/reference-systemconfig.md b/articles/sentinel/sap/reference-systemconfig.md
@@ -179,6 +179,10 @@ extractuseremail = <True/False>
 apiretry = <True/False>
 auditlogforcexal = <True/False>
 auditlogforcelegacyfiles = <True/False>
+azure_resource_id = <Azure _ResourceId>
+# Used to force a specific resource group for the SAP tables in Log Analytics, useful for applying RBAC on SAP data
+# example - /subscriptions/1234568-qwer-qwer-qwer-123456789/resourcegroups/RESOURCE_GROUP_NAME/providers/microsoft.compute/virtualmachines/VIRTUAL_MACHINE_NAME
+# for more information - https://learn.microsoft.com/azure/azure-monitor/logs/log-standard-columns#_resourceid.
 
 timechunk = <value>
 # Default timechunk value is 60 (minutes). For certain tables, the data connector retrieves data from the ABAP server using timechunks (collecting all events that occurred within a certain timestamp). On busy systems this may result in large datasets, so to reduce memory and CPU utilization footprint, consider configuring to a smaller value.
