Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into privlink-dns-region

Author: asudbring

articles/aks/auto-upgrade-node-image.md

@@ -9,7 +9,7 @@ ms.date: 02/03/2023
 
 # Automatically upgrade Azure Kubernetes Service cluster node operating system images (preview)
 
-AKS now supports an exclusive channel dedicated to controlling node-level OS security updates. This channel, referred to as the node OS auto-upgrade channel, works in tandem with the existing [Autoupgrade][auto-upgrade] channel which is used for Kubernetes version upgrades. 
+AKS now supports an exclusive channel dedicated to controlling node-level OS security updates. This channel, referred to as the node OS auto-upgrade channel, works in tandem with the existing [auto-upgrade][Autoupgrade] channel which is used for Kubernetes version upgrades. 
 
 [!INCLUDE [preview features callout](./includes/preview/preview-callout.md)]
 
@@ -64,7 +64,7 @@ The following upgrade channels are available:
 |---|---|
 | `None`| Your nodes won't have security updates applied automatically. This means you're solely responsible for your security updates|N/A|
 | `Unmanaged`|OS updates will be applied automatically through the OS built-in patching infrastructure. Newly allocated machines will be unpatched initially and will be patched at some point by the OS's infrastructure|Ubuntu applies security patches through unattended upgrade roughly once a day around 06:00 UTC. Windows and Mariner don't apply security patches automatically, so this option behaves equivalently to `None`|
-| `SecurityPatch`|AKS will update the node's virtual hard disk (VHD) with patches from the image maintainer labeled "security only" on a regular basis. Where possible, patches will also be applied without disruption to existing nodes. Some patches, such as kernel patches, can't be applied to existing nodes without disruption. For such patches, the VHD will be updated and existing machines will be upgraded to that VHD following maintenance windows and surge settings. This option incurs the extra cost of hosting the VHDs in your node resource group.|N/A|
+| `SecurityPatch`|AKS will update the node's virtual hard disk (VHD) with patches from the image maintainer labeled "security only" on a regular basis. Where possible, patches will also be applied without disruption to existing nodes. Some patches, such as kernel patches, can't be applied to existing nodes without disruption. For such patches, the VHD will be updated and existing machines will be upgraded to that VHD following maintenance windows and surge settings. This option incurs the extra cost of hosting the VHDs in your node resource group. If you use this channel, Linux [unattended upgrades][unattended-upgrades] will be disabled by default.|N/A|
 | `NodeImage`|AKS will update the nodes with a newly patched VHD containing security fixes and bug fixes on a weekly cadence. The update to the new VHD is disruptive, following maintenance windows and surge settings. No extra VHD cost is incurred when choosing this option. If you use this channel, Linux [unattended upgrades][unattended-upgrades] will be disabled by default.|
 
 To set the node OS auto-upgrade channel when creating a cluster, use the *node-os-upgrade-channel* parameter, similar to the following example.

articles/app-service/media/tutorial-auth-aad/app-home-page.png

@@ -71,7 +71,7 @@
     - name: N-tier app
       href: tutorial-secure-ntier-app.md
     - name: Authenticate users
-      href: tutorial-auth-aad.md
+      href: scenario-secure-app-authentication-app-service-as-user.md
     - name: Connect to Azure resource as app
       items:
         - name: Overview
@@ -116,14 +116,16 @@
       items:
         - name: Set up App Service authentication
           href: scenario-secure-app-authentication-app-service-as-user.md
-        - name: Connect to Microsoft Graph
+        - name: App to Microsoft Graph authentication
           items: 
             - name: .NET
               href: scenario-secure-app-access-microsoft-graph-as-user.md
             - name: JavaScript
               href: tutorial-connect-app-access-microsoft-graph-as-user-javascript.md
-        - name: Connect to another App Service
+        - name: App to app authentication
           href: tutorial-auth-aad.md
+
+
     - name: Isolate network traffic
       href: tutorial-networking-isolate-vnet.md
     - name: Host a RESTful API

articles/app-service/media/tutorial-auth-aad/app-profile-without-authentication.png

@@ -1,9 +1,14 @@
 {
     "redirections": [
     {
-    "source_path_from_root": "/articles/machine-learning/how-to-train-with-custom-image.md",
-    "redirect_url": "/azure/machine-learning/v1/how-to-train-with-custom-image",
-    "redirect_document_id": true
+        "source_path_from_root": "/articles/machine-learning/quickstart-spark-data-wrangling.md",
+        "redirect_url": "/azure/machine-learning/apache-spark-environment-configuration",
+        "redirect_document_id": true
+    },
+    {
+        "source_path_from_root": "/articles/machine-learning/how-to-train-with-custom-image.md",
+        "redirect_url": "/azure/machine-learning/v1/how-to-train-with-custom-image",
+        "redirect_document_id": true
     },
     {
         "source_path_from_root": "/articles/machine-learning/how-to-monitor-tensorboard.md",

articles/app-service/media/tutorial-auth-aad/app-profile.png

@@ -0,0 +1,120 @@
+--- 
+title: Apache Spark - Environment Configuration
+titleSuffix: Azure Machine Learning
+description: Learn how to configure your Apache Spark environment for interactive data wrangling
+author: ynpandey
+ms.author: franksolomon
+ms.reviewer: franksolomon
+ms.service: machine-learning
+ms.subservice: mldata
+ms.topic: how-to
+ms.date: 03/06/2023
+#Customer intent: As a Full Stack ML Pro, I want to perform interactive data wrangling in Azure Machine Learning with Apache Spark.
+---
+
+# Quickstart: Interactive Data Wrangling with Apache Spark in Azure Machine Learning (preview)
+
+[!INCLUDE [preview disclaimer](../../includes/machine-learning-preview-generic-disclaimer.md)]
+
+To handle interactive Azure Machine Learning notebook data wrangling, Azure Machine Learning integration with Azure Synapse Analytics (preview) provides easy access to the Apache Spark framework. This access allows for Azure Machine Learning Notebook interactive data wrangling.
+
+In this quickstart guide, you learn how to perform interactive data wrangling using Azure Machine Learning Managed (Automatic) Synapse Spark compute, Azure Data Lake Storage (ADLS) Gen 2 storage account, and user identity passthrough.
+
+## Prerequisites
+- An Azure subscription; if you don't have an Azure subscription, [create a free account](https://azure.microsoft.com/free) before you begin.
+- An Azure Machine Learning workspace. See [Create workspace resources](./quickstart-create-resources.md).
+- An Azure Data Lake Storage (ADLS) Gen 2 storage account. See [Create an Azure Data Lake Storage (ADLS) Gen 2 storage account](../storage/blobs/create-data-lake-storage-account.md).
+- To enable this feature:
+  1. Navigate to the Azure Machine Learning studio UI
+  2. In the icon section at the top right of the screen, select **Manage preview features** (megaphone icon)
+  3. In the **Managed preview feature** panel, toggle the **Run notebooks and jobs on managed Spark** feature to **on**
+  :::image type="content" source="./media/apache-spark-environment-configuration/how-to-enable-managed-spark-preview.png" lightbox="media/apache-spark-environment-configuration/how-to-enable-managed-spark-preview.png" alt-text="Screenshot showing the option to enable the Managed Spark preview.":::
+
+## Store Azure storage account credentials as secrets in Azure Key Vault
+
+To store Azure storage account credentials as secrets in the Azure Key Vault using the Azure portal user interface:
+
+1. Navigate to your Azure Key Vault in the Azure portal.
+1. Select **Secrets** from the left panel.
+1. Select **+ Generate/Import**.
+
+    :::image type="content" source="media/apache-spark-environment-configuration/azure-key-vault-secrets-generate-import.png" alt-text="Screenshot showing the Azure Key Vault Secrets Generate Or Import tab.":::
+
+1. At the **Create a secret** screen, enter a **Name** for the secret you want to create.
+1. Navigate to Azure Blob Storage Account, in the Azure portal, as seen in this image:
+
+    :::image type="content" source="media/apache-spark-environment-configuration/storage-account-access-keys.png" alt-text="Screenshot showing the Azure access key and connection string values screen.":::
+1. Select **Access keys** from the Azure Blob Storage Account page left panel.
+1. Select **Show** next to **Key 1**, and then **Copy to clipboard** to get the storage account access key.
+    > [!Note]
+    > Select appropriate options to copy
+    >  - Azure Blob storage container shared access signature (SAS) tokens
+    >  - Azure Data Lake Storage (ADLS) Gen 2 storage account service principal credentials
+    >    - tenant ID
+    >    - client ID and
+    >    - secret
+    >
+    >  on the respective user interfaces while creating Azure Key Vault secrets for them.
+1. Navigate back to the **Create a secret** screen.
+1. In the **Secret value** textbox, enter the access key credential for the Azure storage account, which was copied to the clipboard in the earlier step.
+1. Select **Create**.
+
+    :::image type="content" source="media/apache-spark-environment-configuration/create-a-secret.png" alt-text="Screenshot showing the Azure secret creation screen.":::
+
+> [!TIP]
+> [Azure CLI](../key-vault/secrets/quick-create-cli.md) and [Azure Key Vault secret client library for Python](../key-vault/secrets/quick-create-python.md#sign-in-to-azure) can also create Azure Key Vault secrets.
+
+## Add role assignments in Azure storage accounts
+
+We must ensure that the input and output data paths are accessible before we start interactive data wrangling. First, for
+
+- the user identity of the Notebooks session logged-in user or
+- a service principal
+
+assign **Reader** and **Storage Blob Data Reader** roles to the user identity of the logged-in user. However, in certain scenarios, we might want to write the wrangled data back to the Azure storage account. The **Reader** and **Storage Blob Data Reader** roles provide read-only access to the user identity or service principal. To enable read and write access, assign **Contributor** and **Storage Blob Data Contributor** roles to the user identity or service principal. To  assign appropriate roles to the user identity:
+
+1. Open the [Microsoft Azure portal](https://portal.azure.com).
+1. Search and select the **Storage accounts** service.
+
+    :::image type="content" source="media/apache-spark-environment-configuration/find-storage-accounts-service.png" lightbox="media/apache-spark-environment-configuration/find-storage-accounts-service.png" alt-text="Expandable screenshot showing Storage accounts service search and selection, in Microsoft Azure portal.":::
+
+1. On the **Storage accounts** page, select the Azure Data Lake Storage (ADLS) Gen 2 storage account from the list. A page showing the storage account **Overview** will open.
+
+    :::image type="content" source="media/apache-spark-environment-configuration/storage-accounts-list.png" lightbox="media/apache-spark-environment-configuration/storage-accounts-list.png" alt-text="Expandable screenshot showing selection of the Azure Data Lake Storage (ADLS) Gen 2 storage account  Storage account.":::
+
+1. Select **Access Control (IAM)** from the left panel
+1. Select **Add role assignment**
+
+    :::image type="content" source="media/apache-spark-environment-configuration/storage-account-add-role-assignment.png" lightbox="media/apache-spark-environment-configuration/storage-account-add-role-assignment.png" alt-text="Screenshot showing the Azure access keys screen.":::
+
+1. Find and select role **Storage Blob Data Contributor**
+1. Select **Next**
+
+    :::image type="content" source="media/apache-spark-environment-configuration/add-role-assignment-choose-role.png" lightbox="media/apache-spark-environment-configuration/add-role-assignment-choose-role.png" alt-text="Screenshot showing the Azure add role assignment screen.":::
+
+1. Select **User, group, or service principal**.
+1. Select **+ Select members**.
+1. Search for the user identity below **Select**
+1. Select the user identity from the list, so that it shows under **Selected members**
+1. Select the appropriate user identity
+1. Select **Next**
+
+    :::image type="content" source="media/apache-spark-environment-configuration/add-role-assignment-choose-members.png" lightbox="media/apache-spark-environment-configuration/add-role-assignment-choose-members.png" alt-text="Screenshot showing the Azure add role assignment screen Members tab.":::
+
+1. Select **Review + Assign**
+
+    :::image type="content" source="media/apache-spark-environment-configuration/add-role-assignment-review-and-assign.png" lightbox="media/apache-spark-environment-configuration/add-role-assignment-review-and-assign.png" alt-text="Screenshot showing the Azure add role assignment screen review and assign tab.":::
+1. Repeat steps 2-13 for **Contributor** role assignment.
+
+Once the user identity has the appropriate roles assigned, data in the Azure storage account should become accessible.
+
+> [!NOTE]
+> If an [attached Synapse Spark pool](./how-to-manage-synapse-spark-pool.md) points to a Synapse Spark pool in an Azure Synapse workspace that has a managed virtual network associated with it, [a managed private endpoint to storage account should be configured](../synapse-analytics/security/connect-to-a-secure-storage-account.md) to ensure data access.
+
+## Next steps
+- [Apache Spark in Azure Machine Learning (preview)](./apache-spark-azure-ml-concepts.md)
+- [Attach and manage a Synapse Spark pool in Azure Machine Learning (preview)](./how-to-manage-synapse-spark-pool.md)
+- [Interactive Data Wrangling with Apache Spark in Azure Machine Learning (preview)](./interactive-data-wrangling-with-apache-spark-azure-ml.md)
+- [Submit Spark jobs in Azure Machine Learning (preview)](./how-to-submit-spark-jobs.md)
+- [Code samples for Spark jobs using Azure Machine Learning CLI](https://github.com/Azure/azureml-examples/tree/main/cli/jobs/spark)
+- [Code samples for Spark jobs using Azure Machine Learning Python SDK](https://github.com/Azure/azureml-examples/tree/main/sdk/python/jobs/spark)