Merge pull request #273849 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: Taojunshen

articles/azure-monitor/agents/azure-monitor-agent-windows-client.md

@@ -291,15 +291,17 @@ DELETE https://management.azure.com/providers/Microsoft.Insights/monitoredObject
 ```PowerShell
 $TenantID = "xxxxxxxxx-xxxx-xxx"  #Your Tenant ID
 $SubscriptionID = "xxxxxx-xxxx-xxxxx" #Your Subscription ID
-$ResourceGroup = "rg-yourResourseGroup" #Your resroucegroup
+$ResourceGroup = "rg-yourResourceGroup" #Your resourcegroup
 
-Connect-AzAccount -Tenant $TenantID
+#If cmdlet below produces an error stating 'Interactive authentication is not supported in this session, please run cmdlet 'Connect-AzAccount -UseDeviceAuthentication
+#uncomment next to -UseDeviceAuthentication below
+Connect-AzAccount -Tenant $TenantID #-UseDeviceAuthentication
 
 #Select the subscription
 Select-AzSubscription -SubscriptionId $SubscriptionID
 
 #Grant Access to User at root scope "/"
-$user = Get-AzADUser -UserPrincipalName (Get-AzContext).Account
+$user = Get-AzADUser -SignedIn
 
 New-AzRoleAssignment -Scope '/' -RoleDefinitionName 'Owner' -ObjectId $user.Id
 
@@ -336,7 +338,7 @@ Invoke-RestMethod -Uri $requestURL -Headers $AuthenticationHeader -Method PUT -B
 #2. Create a monitored object
 
 # "location" property value under the "body" section should be the Azure region where the MO object would be stored. It should be the "same region" where you created the Data Collection Rule. This is the location of the region from where agent communications would happen.
-$Location = "eastus" #Use your own loacation
+$Location = "eastus" #Use your own location
 $requestURL = "https://management.azure.com/providers/Microsoft.Insights/monitoredObjects/$TenantID`?api-version=2021-09-01-preview"
 $body = @"
 {
@@ -368,8 +370,9 @@ $body = @"
 
 Invoke-RestMethod -Uri $requestURL -Headers $AuthenticationHeader -Method PUT -Body $body
 
-#(Optional example). Associate another DCR to monitored object
+#(Optional example). Associate another DCR to monitored object. Remove comments around text below to use.
 #See reference documentation https://learn.microsoft.com/en-us/rest/api/monitor/data-collection-rule-associations/create?tabs=HTTP
+<#
 $associationName = "assoc02" #You must change the association name to a unique name, if you want to associate multiple DCR to monitored object
 $DCRName = "dcr-PAW-WindowsClientOS" #Your Data collection rule name
 
@@ -388,7 +391,7 @@ Invoke-RestMethod -Uri $requestURL -Headers $AuthenticationHeader -Method PUT -B
 #4. (Optional) Get all the associatation.
 $requestURL = "https://management.azure.com$RespondId/providers/microsoft.insights/datacollectionruleassociations?api-version=2021-09-01-preview"
 (Invoke-RestMethod -Uri $requestURL -Headers $AuthenticationHeader -Method get).value
-
+#>
 
 ```
 ## Verify successful setup

articles/azure-monitor/essentials/edge-pipeline-configure.md

@@ -19,7 +19,7 @@ The pipeline configuration file defines the data flows and cache properties for
 :::image type="content" source="media/edge-pipeline/edge-pipeline-configuration.png" lightbox="media/edge-pipeline/edge-pipeline-configuration.png" alt-text="Overview diagram of the dataflow for Azure Monitor edge pipeline." border="false"::: 
 
 > [!NOTE]
-> Private link is support by edge pipeline for the connection to the cloud pipeline.
+> Private link is supported by edge pipeline for the connection to the cloud pipeline.
 
 The following components and configurations are required to enable the Azure Monitor edge pipeline. If you use the Azure portal to configure the edge pipeline, then each of these components is created for you. With other methods, you need to configure each one.
 

articles/azure-monitor/logs/private-link-configure.md

@@ -125,7 +125,7 @@ To create and manage Private Link Scopes, use the [REST API](/rest/api/monitor/p
 The following CLI command creates a new AMPLS resource named `"my-scope"`, with both query and ingestion access modes set to `Open`.
 
 ```
-az resource create -g "my-resource-group" --name "my-scope" --api-version "2021-07-01-preview" --resource-type Microsoft.Insights/privateLinkScopes --properties "{\"accessModeSettings\":{\"queryAccessMode\":\"Open\", \"ingestionAccessMode\":\"Open\"}}"
+az resource create -g "my-resource-group" --name "my-scope" -l global --api-version "2021-07-01-preview" --resource-type Microsoft.Insights/privateLinkScopes --properties "{\"accessModeSettings\":{\"queryAccessMode\":\"Open\", \"ingestionAccessMode\":\"Open\"}}"
 ```
 
 #### Create an AMPLS with mixed access modes: PowerShell example

articles/container-apps/opentelemetry-agents.md

@@ -73,7 +73,7 @@ Before you deploy this template, replace placeholders surrounded by `<>` with yo
         "destinations": ["appInsights"]
       },
       "logsConfiguration": {
-        "destinations": ["apInsights"]
+        "destinations": ["appInsights"]
       }
     }
   }

articles/defender-for-cloud/faq-defender-for-storage.yml

@@ -60,7 +60,7 @@ sections:
       - question: |
           How can I calculate the cost Defender for Storage?
         answer: |
-          To estimate the cost of Defender for Storage, we've provided a [pricing estimation workbook](https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Workbooks/Microsoft%20Defender%20for%20Storage%20Price%20Estimation) that you can run in your environment. For more information about how this workbook works, visit this [Blog Post](https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/microsoft-defender-for-storage-price-estimation-dashboard/ba-p/2429724). You can also check out the Defender for Cloud [pricing page](https://azure.microsoft.com/pricing/details/defender-for-cloud/) for more information.
+          To estimate the cost of Defender for Storage and add-ons like Malware Scanning, we've provided a [pricing estimation workbook](https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Workbooks/Microsoft%20Defender%20for%20Storage%20Price%20Estimation) that you can deploy in your environment. This workbook also provides visibility into your Defender for Storage and add-ons - Malware Scanning and Sensitivity Data Discovery - enablement status across subscriptions. For more information about how this workbook works, visit this [Blog Post](https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/microsoft-defender-for-storage-price-estimation-dashboard/ba-p/2429724). You can also check out the Defender for Cloud [pricing page](https://azure.microsoft.com/pricing/details/defender-for-cloud/) for more information.
 
 
 additionalContent: |

articles/defender-for-cloud/support-matrix-defender-for-containers.md

@@ -35,7 +35,7 @@ Following are the features for each of the domains in Defender for Containers:
 | Comprehensive inventory capabilities | Enables you to explore resources, pods, services, repositories, images, and configurations through [security explorer](how-to-manage-cloud-security-explorer.md#build-a-query-with-the-cloud-security-explorer) to easily monitor and manage your assets. | ACR, AKS | GA | GA | Enable **Agentless discovery on Kubernetes** toggle | Agentless| Defender for Containers **OR** Defender CSPM | Azure commercial clouds |
 | Attack path analysis | A graph-based algorithm that scans the cloud security graph. The scans  expose exploitable paths that attackers might use to breach your  environment. | ACR, AKS | GA | GA | Activated with plan | Agentless | Defender CSPM (requires Agentless discovery for Kubernetes to be enabled) | Azure commercial clouds |
 | Enhanced risk-hunting | Enables security admins to actively hunt for posture issues in their containerized assets through queries (built-in and custom) and [security insights](attack-path-reference.md#insights) in the [security explorer](how-to-manage-cloud-security-explorer.md). | ACR, AKS | GA | GA | Enable **Agentless discovery on Kubernetes** toggle | Agentless | Defender for Containers **OR** Defender CSPM | Azure commercial clouds |
-| [Control plane hardening](defender-for-containers-architecture.md) | Continuously assesses the configurations of your clusters and compares them with the initiatives applied to your subscriptions. When it finds misconfigurations, Defender for Cloud generates security recommendations that are available on Defender for Cloud's Recommendations page. The recommendations let you investigate and remediate issues. | ACR, AKS | GA | Preview | Activated with plan | Agentless | Free | Commercial clouds<br><br> National clouds: Azure Government, Azure operated by 21Vianet |
+| [Control plane hardening](defender-for-containers-architecture.md) | Continuously assesses the configurations of your clusters and compares them with the initiatives applied to your subscriptions. When it finds misconfigurations, Defender for Cloud generates security recommendations that are available on Defender for Cloud's Recommendations page. The recommendations let you investigate and remediate issues. | ACR, AKS | GA | GA | Activated with plan | Agentless | Free | Commercial clouds<br><br> National clouds: Azure Government, Azure operated by 21Vianet |
 | [Kubernetes data plane hardening](kubernetes-workload-protections.md) |Protect workloads of your Kubernetes containers with best practice recommendations. |AKS | GA | - | Enable **Azure Policy for Kubernetes** toggle | Azure Policy | Free | Commercial clouds<br><br> National clouds: Azure Government, Azure operated by 21Vianet |
 | Docker CIS | Docker CIS benchmark | VM, Virtual Machine Scale Set | GA | - | Enabled with plan | Log Analytics agent | Defender for Servers Plan 2 | Commercial clouds<br><br> National clouds: Azure Government, Microsoft Azure operated by 21Vianet  |
 

articles/event-grid/communication-services-chat-events.md

@@ -31,7 +31,7 @@ Azure Communication Services emits the following chat event types:
 | [Microsoft.Communication.ChatThreadCreated](#microsoftcommunicationchatthreadcreated-event)  | `Thread` |Published when a chat thread is created  |
 | [Microsoft.Communication.ChatThreadDeleted](#microsoftcommunicationchatthreaddeleted-event)| `Thread` | Published when a chat thread is deleted  |
 | [Microsoft.Communication.ChatThreadParticipantAdded](#microsoftcommunicationchatthreadparticipantadded-event) | `Thread` | Published when a new participant is added to a chat thread  |
-| [Microsoft.Communication.ChatThreadParticipantRemoved](#microsoftcommunicationchatthreadparticipantremoved-event) | `Thread` | Published when a new participant is added to a chat thread.  |  
+| [Microsoft.Communication.ChatThreadParticipantRemoved](#microsoftcommunicationchatthreadparticipantremoved-event) | `Thread` | Published when a participant is removed from a chat thread  |  
 | [Microsoft.Communication.ChatMessageReceivedInThread](#microsoftcommunicationchatmessagereceivedinthread-event) |  `Thread` |Published when a message is received in a chat thread  |    
 | [Microsoft.Communication.ChatThreadPropertiesUpdated](#microsoftcommunicationchatthreadpropertiesupdated-event)| `Thread` | Published when a chat thread's properties are updated.|    
 | [Microsoft.Communication.ChatMessageEditedInThread](#microsoftcommunicationchatmessageeditedinthread-event) |  `Thread` |Published when a message is edited in a chat thread |  

articles/postgresql/flexible-server/how-to-create-users.md

@@ -26,10 +26,10 @@ When you first created your Azure Database for PostgreSQL flexible server instan
 The Azure Database for PostgreSQL flexible server instance is created with the three default roles defined. You can see these roles by running the command: `SELECT rolname FROM pg_roles;`
 
 - azure_pg_admin
-- azure_superuser
+- azuresu
 - your server admin user
 
-Your server admin user is a member of the azure_pg_admin role. However, the server admin account isn't part of the azure_superuser role. Since this service is a managed PaaS service, only Microsoft is part of the super user role.
+Your server admin user is a member of the azure_pg_admin role. However, the server admin account isn't part of the azuresu role. Since this service is a managed PaaS service, only Microsoft is part of the super user role.
 
 The PostgreSQL engine uses privileges to control access to database objects, as discussed in the [PostgreSQL product documentation](https://www.postgresql.org/docs/current/static/sql-createrole.html). In Azure Database for PostgreSQL flexible server, the server admin user is granted these privileges:
 

articles/storage/common/storage-redundancy.md

@@ -247,7 +247,7 @@ Unmanaged disks don't support ZRS or GZRS.
 For pricing information for each redundancy option, see [Azure Storage pricing](https://azure.microsoft.com/pricing/details/storage/).
 
 > [!NOTE]
-Block blob storage accounts support locally redundant storage (LRS) and zone redundant storage (ZRS) in certain regions.
+> Block blob storage accounts support locally redundant storage (LRS) and zone redundant storage (ZRS) in certain regions.
 
 ## Data integrity
 

articles/synapse-analytics/troubleshoot/troubleshoot-synapse-studio.md

@@ -14,6 +14,27 @@ ms.reviewer: sngun, wiassaf
 
 This trouble-shooting guide provides instruction on what information to provide when opening a support ticket on network connectivity issues. With the proper information, we can possibly resolve the issue more quickly.
 
+## Publish fails when session remains idle
+
+### Symptom
+ 
+In some cases, if your browser session has been inactive for an extended period, your attempt to publish might fail due to a message about token expiration:
+
+`ERROR: Unauthorized Inner error code: ExpiredAuthenticationToken Message: Token Authentication failed with SecurityTokenExpiredException - MISE12034: AuthenticationTicketProvider Name:AuthenticationTicketProvider, GetVersion:1.9.2.0.;`
+
+### Root cause and mitigation
+
+Handling token expiration in Synapse Studio requires careful consideration, especially when working in a live workspace without Git integration. Here’s how to manage your session to avoid losing work:
+- **With Git integration:**
+   - Regularly commit your changes. This ensures that even if you need to refresh your browser to renew your session, your work is safely stored.
+   - After committing, you can refresh your browser to reset the session and then continue to publish your changes.
+- **Without Git integration:**
+   - Before taking breaks or periods of inactivity, attempt to publish your changes. It is critical to remember that if your session has been idle for a long time, you might encounter a token expiration error when you try to publish upon returning.
+   - If you're concerned about the risk of losing unsaved changes due to a required refresh, consider structuring your work periods to include frequent save and publish actions and avoid leaving the session idle for extended periods.
+
+> [!IMPORTANT]
+> In a live workspace without Git, if you find that your session has been idle and you face a token expiration, you face a dilemma: refresh the page and risk losing unsaved changes, or attempt to publish if the token hasn't expired yet. To minimize this risk, try to keep active sessions or save frequently, depending on the nature of your work and the environment setup.
+
 ## Serverless SQL pool service connectivity issue
 
 ### Symptom 1