Merge pull request #262064 from MicrosoftDocs/main

Merge main to live, 4 AM

Author: v-ccolin

.openpublishing.redirection.sql-database.json

@@ -2560,6 +2560,11 @@
             "source_path_from_root": "/articles/sql-database/sql-database-customer-implementations.md",
             "redirect_url": "https://customers.microsoft.com",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/sql-database/scripts/sql-database-import-purview-labels.md",
+            "redirect_url": "/purview/register-scan-azure-sql-database",
+            "redirect_document_id": false
         }
     ]
 }

articles/aks/tutorial-kubernetes-scale.md

@@ -76,7 +76,7 @@ This tutorial requires Azure PowerShell version 5.9.0 or later. Run `Get-Install
 
 ## Autoscale pods
 
-To use the horizontal pod autoscaler, all containers and pods must have defined CPU requests and limits. In the `aks-store-quickstart` deployment, the *front-end* container requests 1m CPU with a limit of 1000m CPU.
+To use the horizontal pod autoscaler, All containers must have defined CPU requests and limits, and pads have specified requests. In the `aks-store-quickstart` deployment, the *front-end* container requests 1m CPU with a limit of 1000m CPU.
 
 These resource requests and limits are defined for each container, as shown in the following condensed example YAML:
 
@@ -114,7 +114,7 @@ These resource requests and limits are defined for each container, as shown in t
         apiVersion: apps/v1
         kind: Deployment
         name: store-front
-      targetCPUUtilizationPercentage: 50 # target CPU utilization
+        metrics: 50 # target CPU utilization
     ```
 
 2. Apply the autoscaler manifest file using the `kubectl apply` command.
@@ -234,4 +234,4 @@ In the next tutorial, you learn how to upgrade Kubernetes in your AKS cluster.
 [get-azakscluster]: /powershell/module/az.aks/get-azakscluster
 [set-azakscluster]: /powershell/module/az.aks/set-azakscluster
 [aks-tutorial-upgrade-kubernetes]: ./tutorial-kubernetes-upgrade-cluster.md
-[keda-addon]: ./keda-about.md
+[keda-addon]: ./keda-about.md

articles/azure-arc/vmware-vsphere/enable-virtual-hardware.md

@@ -2,7 +2,7 @@
 title:  Enable virtual hardware and VM CRUD capabilities in a machine with Arc agent installed
 description: Enable virtual hardware and VM CRUD capabilities in a machine with Arc agent installed
 ms.topic: how-to 
-ms.date: 12/27/2023
+ms.date: 12/29/2023
 ms.service: azure-arc
 ms.subservice: azure-arc-vmware-vsphere
 author: Farha-Bano
@@ -27,29 +27,25 @@ In this article, you learn how to enable virtual hardware management and VM CRUD
 
 1. From your browser, go to [Azure portal](https://portal.azure.com/).
 
-1. Navigate to the Virtual machines inventory page of your vCenter. <br>
-   The virtual machines that have Arc agent installed via the Arc-enabled Servers route will have **Link to vCenter** status under virtual hardware management.
+1. Navigate to the Virtual machines inventory page of your vCenter. The virtual machines that have Arc agent installed via the Arc-enabled Servers route will have **Link to vCenter** status under virtual hardware management.
 
 1. Select **Link to vCenter** to view the pane with the list of all the machines under vCenter with Arc agent installed but not linked to the vCenter in Azure Arc.
 
 1. Choose all the machines that need to be enabled in Azure, and select **Link** to link the machines to vCenter.
 
-1. After you link to vCenter, the virtual hardware status will reflect as **Enabled for all the VMs**, and you can perform [virtual hardware operations](perform-vm-ops-through-azure.md). 
+1. After you link to vCenter, the virtual hardware status will reflect as **Enabled** for all the VMs, and you can perform [virtual hardware operations](perform-vm-ops-through-azure.md). 
 
 ### Known issue
 
 During the first scan of the vCenter inventory after onboarding to Azure Arc-enabled VMware vSphere, Arc-enabled Servers machines will be discovered under vCenter inventory. If the Arc-enabled Server machines aren't discovered and you try to perform the **Enable in Azure** operation, you'll encounter the following error:<br>
 
-
-```
-A machine '/subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXXXX/resourceGroups/rg-contoso/providers/Microsoft.HybridCompute/machines/testVM1' already exists with the specified virtual machine MoRefId: 'vm-4441'. The existing machine resource can be extended with private cloud capabilities by creating the VirtualMachineInstance resource under it.
-```
+*A machine '/subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXXXX/resourceGroups/rg-contoso/providers/Microsoft.HybridCompute/machines/testVM1' already exists with the specified virtual machine MoRefId: 'vm-4441'. The existing machine resource can be extended with private cloud capabilities by creating the VirtualMachineInstance resource under it.*
 
 When you encounter this error message, try performing the **Link to vCenter** operation again after a few minutes (5-10 minutes). Alternatively, you can use the following Azure CLI command to link an existing Arc-enabled Server machine to vCenter:<br>
 
 
 ```azurecli-interactive
-az connectedvmware vm create --subscription XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXXXX --location eastus --resource-group rg-contoso --custom-location /providers/microsoft.extendedlocation/customlocations/contoso-cl --name contoso-hcrp-machine-name --inventory-item /subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXXXX/resourceGroups/contoso-rg/providers/Microsoft.ConnectedVMwarevSphere/VCenters/contoso-vcenter/InventoryItems/vm-142359
+az connectedvmware vm create --subscription <subscription-id> --location <Azure region of the machine> --resource-group <resource-group-name> --custom-location /providers/microsoft.extendedlocation/customlocations/<custom-location-name> --name <machine-name> --inventory-item /subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.ConnectedVMwarevSphere/<vcenter-name>/contoso-vcenter/InventoryItems/<machine-name>
 ```
 
 ## Next steps

articles/azure-vmware/index.yml

@@ -20,28 +20,29 @@ highlightedContent:
     # Card
     - title: What's Azure VMware Solution? 
       itemType: concept
-      url: toc.yml#overview
+      url: /azure/azure-vmware/introduction
     - title: Plan and get started 
       itemType: concept
-      url: toc.yml#get-started
+      url: /azure/azure-vmware/plan-private-cloud-deployment
+
     - title: Tutorials 
       itemType: tutorial
-      url: toc.yml#tutorials
+      url: /azure/azure-vmware/tutorial-network-checklist
     - title: Azure VMware Solution concepts 
       itemType: concept
-      url: toc.yml#concepts
+      url: /azure/azure-vmware/concepts-identity
     - title:  Azure native integration
       itemType: how-to-guide
-      url: toc.yml#how-to-guides
+      url: /azure/azure-vmware/integrate-azure-native-services
     - title: Azure VMware Solution network configuration
       itemType: how-to-guide
-      url: toc.yml#vmware-solutions
+      url: /azure/azure-vmware/integrate-azure-native-services
     - title: Partner solution ecosystem
       itemType: how-to-guide
-      url: toc.yml#partner-solution-ecosystem
+      url: /azure/azure-vmware/ecosystem-os-vms
     - title: videos
       itemType: video
-      url: toc.yml#videos
+      url: https://www.youtube.com/playlist?list=PL1NLwHeM6ewbZu0dC0guj-OSpIoZnnJin
 
 
 # additionalContent section (optional)
@@ -278,4 +279,4 @@ additionalContent:
             url: fix-deployment-failures.md
           - text: VMware tools vix error code = 21009
             url: https://kb.vmware.com/s/article/2129927
- 
+

articles/defender-for-cloud/alerts-reference.md

@@ -198,6 +198,20 @@ Microsoft Defender for Servers Plan 2 provides unique detections and alerts, in
 
 ## Alerts for Azure VM extensions
 
+These alerts focuses on detecting suspicious activities of Azure virtual machine extensions and provides insights into attackers' attempts to compromise and perform malicious activities on your virtual machines.
+
+Azure virtual machine extensions are small applications that run post-deployment on virtual machines and provide capabilities such as configuration, automation, monitoring, security, and more. While extensions are a powerful tool, they can be used by threat actors for various malicious intents, for example:
+
+- Data collection and monitoring
+
+- Code execution and configuration deployment with high privileges
+
+- Resetting credentials and creating administrative users
+
+- Encrypting disks
+
+Learn more about [Defender for Cloud latest protections against the abuse of Azure VM extensions](https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/microsoft-defender-for-cloud-latest-protection-against/ba-p/3970121).
+
 | Alert (alert type)                                                                                                                                              | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | MITRE tactics<br>([Learn more](#intentions)) | Severity |
 |-----------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------------------------------------------:|----------|
 | **Suspicious failure installing GPU extension in your subscription (Preview)**<br>(VM_GPUExtensionSuspiciousFailure)                                            | Suspicious intent of installing a GPU extension on unsupported VMs. This extension should be installed on virtual machines equipped with a graphic processor, and in this case the virtual machines are not equipped with such. These failures can be seen when malicious adversaries execute multiple installations of such extension for crypto-mining purposes.                                                                                                                                                                                             |                    Impact                    | Medium   |
@@ -742,3 +756,4 @@ VM_Webshell | Possible malicious web shell detected | Medium
 - [Security alerts in Microsoft Defender for Cloud](alerts-overview.md)
 - [Manage and respond to security alerts in Microsoft Defender for Cloud](managing-and-responding-alerts.md)
 - [Continuously export Defender for Cloud data](continuous-export.md)
+

articles/defender-for-cloud/includes/defender-for-containers-enable-plan-aks.md

@@ -53,9 +53,9 @@ The following table provides detailed information on enablement method for each
 | Vulnerability assessment | Agentless registry scan (powered by Microsoft Defender Vulnerability Management) |  Vulnerability assessment for images in ACR | Enable **Agentless container vulnerability assessment** toggle | Agentless | Commercial clouds |
 | Vulnerability assessment | Agentless/agent-based runtime (powered by Microsoft Defender Vulnerability Management)| Vulnerability assessment for running images in AKS | Enable **Agentless container vulnerability assessment** toggle | Agentless **OR** install Defender agent for shorter refresh rate | Commercial clouds |
 | Runtime threat protection | Control plane threat detection | Detection of suspicious activity for Kubernetes based on Kubernetes audit trail | Enabled with plan | Agentless | Commercial clouds<br><br> National clouds: Azure Government, Azure operated by 21Vianet |
-| Runtime threat protection | Workload threat detection | Detection of suspicious activity for Kubernetes for cluster level, node level, and workload level | Enable **Defender DaemonSet** toggle **OR** deploy Defender agent on individual clusters | Defender agent | Commercial clouds |
+| Runtime threat protection | Workload threat detection | Detection of suspicious activity for Kubernetes for cluster level, node level, and workload level | Enable **Defender Agent in Azure** toggle **OR** deploy Defender agent on individual clusters | Defender agent | Commercial clouds |
 | Deployment & monitoring | Discovery of unprotected clusters | Discovering Kubernetes clusters missing Defender agents| Enabled with plan | Agentless | Commercial clouds<br><br> National clouds: Azure Government, Azure operated by 21Vianet |
-| Deployment & monitoring | Defender agent auto provisioning | Automatic deployment of Defender agent | Enable **Defender Daemonset** toggle | Agentless | Commercial clouds<br><br> National clouds: Azure Government, Azure operated by 21Vianet |
+| Deployment & monitoring | Defender agent auto provisioning | Automatic deployment of Defender agent | Enable **Defender Agent in Azure** toggle | Agentless | Commercial clouds<br><br> National clouds: Azure Government, Azure operated by 21Vianet |
 | Deployment & monitoring | Azure Policy for Kubernetes auto provisioning | Automatic deployment of Azure policy agent for Kubernetes | Enable **Azure policy for Kubernetes** toggle | Agentless | Commercial clouds<br><br> National clouds: Azure Government, Azure operated by 21Vianet |
 
 ### Roles and permissions

articles/machine-learning/how-to-troubleshoot-auto-ml.md

@@ -4,10 +4,11 @@ titleSuffix: Azure Machine Learning
 description: Learn how to troubleshoot and resolve issues in your automated machine learning experiments.
 author: PhaniShekhar
 ms.author: phmantri
+ms.reviewer: ssalgado
 services: machine-learning
 ms.service: machine-learning
 ms.subservice: automl
-ms.date: 10/21/2021
+ms.date: 12/21/2023
 ms.topic: troubleshooting
 ms.custom: automl, sdkv2
 ---
@@ -20,23 +21,23 @@ In this guide, learn how to identify and resolve issues in your automated machin
 
 ## Troubleshoot automated ML for Images and NLP in Studio
 
-In case of failures in runs for Automated ML for Images and NLP, you can use the following steps to understand the error.
-1. In the studio UI, the AutoML run should have a failure message indicating the reason for failure.
-2. For more details, go to the child run of this AutoML run. This child run is a HyperDrive run.
-3. In the "Trials" tab, you can check all the trials done for this HyperDrive run.
-4. Go to the failed trial runs.
-5. These runs should have an error message in the "Status" section of the "Overview" tab indicating the reason for failure.
-   Please click on "See more details" to get more details about the failure.
-6. You can look at "std_log.txt" in the "Outputs + Logs" tab to look at detailed logs and exception traces.
-
-If your Automated ML runs uses pipeline runs for trials, you can follow the following steps to understand the error.
-1. Please follow the steps 1-4 above to identify the failed trial run.
+If there is a job failure for Automated ML for Images and NLP, you can use the following steps to understand the error.
+1. In the studio UI, the AutoML job should have a failure message indicating the reason for failure.
+2. For more details, go to the child job of this AutoML job. This child run is a HyperDrive job.
+3. In the **Trials** tab, you can check all the trials done for this HyperDrive run.
+4. Go to the failed trial job.
+5. These jobs should have an error message in the **Status** section of the **Overview** tab indicating the reason for failure.
+   Select **See more details** to get more details about the failure.
+6. Additionally you can view **std_log.txt** in the **Outputs + Logs** tab to look at detailed logs and exception traces.
+
+If your Automated ML runs uses pipeline runs for trials, follow these steps to understand the error.
+1. Follow the steps 1-4 above to identify the failed trial job.
 2. This run should show you the pipeline run and the failed nodes in the pipeline are marked with Red color.
-:::image type="content" source="./media/how-to-troubleshoot-auto-ml/pipeline-graph-sample.jpg" alt-text="Diagram that shows a failed pipeline run." lightbox="./media/how-to-troubleshoot-auto-ml/pipeline-graph-sample.jpg":::
-3. Double click the failed node in the pipeline.
-4. These runs should have an error message in the "Status" section of the "Overview" tab indicating the reason for failure.
-   Please click on "See more details" to get more details about the failure.
-5. You can look at "std_log.txt" in the "Outputs + Logs" tab to look at detailed logs and exception traces.
+:::image type="content" source="./media/how-to-troubleshoot-auto-ml/pipeline-graph-sample.jpg" alt-text="Diagram that shows a failed pipeline job." lightbox="./media/how-to-troubleshoot-auto-ml/pipeline-graph-sample.jpg":::
+3. Select the failed node in the pipeline.
+4. These jobs should have an error message in the **Status** section of the **Overview** tab indicating the reason for failure.
+   Select **See more details** to get more details about the failure.
+5. You can look at **std_log.txt** in the **Outputs + Logs** tab to look at detailed logs and exception traces.
 
 ## Next steps