Merge branch 'main' into alt-test-engine-location

Author: ntrogh

.openpublishing.publish.config.json

@@ -899,6 +899,7 @@
     "articles/virtual-machine-scale-sets/.openpublishing.redirection.virtual-machine-scale-sets.json",
     "articles/mysql/.openpublishing.redirection.mysql.json",
     "articles/container-apps/.openpublishing.redirection.container-apps.json",
-    "articles/spring-cloud/.openpublishing.redirection.spring-cloud.json"
+    "articles/spring-cloud/.openpublishing.redirection.spring-cloud.json",
+    "articles/load-testing/.openpublishing.redirection.azure-load-testing.json"
   ]
 }

articles/app-service/deploy-container-github-action.md

@@ -99,10 +99,11 @@ OpenID Connect is an authentication method that uses short-lived tokens. Setting
      az ad sp create --id $appId
     ```
 
-1. Create a new role assignment by subscription and object. By default, the role assignment will be tied to your default subscription. Replace `$subscriptionId` with your subscription ID and `$assigneeObjectId` with the generated `assignee-object-id`. Learn [how to manage Azure subscriptions with the Azure CLI](/cli/azure/manage-azure-subscriptions-azure-cli). 
+1. Create a new role assignment by subscription and object. By default, the role assignment will be tied to your default subscription. Replace `$subscriptionId` with your subscription ID, `$resourceGroupName` with your resource group name, and `$assigneeObjectId` with the generated `assignee-object-id`. Learn [how to manage Azure subscriptions with the Azure CLI](/cli/azure/manage-azure-subscriptions-azure-cli). 
 
     ```azurecli-interactive
-    az role assignment create --role contributor --subscription $subscriptionId --assignee-object-id  $assigneeObjectId --assignee-principal-type ServicePrincipal
+    az role assignment create --role contributor --subscription $subscriptionId --assignee-object-id  $assigneeObjectId --assignee-principal-type ServicePrincipal --scopes /subscriptions/$subscriptionId/resourceGroups/$resourceGroupName
+/providers/Microsoft.Web/sites/
     ```
 
 1. Run the following command to [create a new federated identity credential](/graph/api/application-post-federatedidentitycredentials?view=graph-rest-beta&preserve-view=true) for your active directory application.

articles/app-service/deploy-github-actions.md

@@ -122,10 +122,10 @@ OpenID Connect is an authentication method that uses short-lived tokens. Setting
      az ad sp create --id $appId
     ```
 
-1. Create a new role assignment by subscription and object. By default, the role assignment will be tied to your default subscription. Replace `$subscriptionId` with your subscription ID and `$assigneeObjectId` with the generated `assignee-object-id`. Learn [how to manage Azure subscriptions with the Azure CLI](/cli/azure/manage-azure-subscriptions-azure-cli). 
+1. Create a new role assignment by subscription and object. By default, the role assignment will be tied to your default subscription. Replace `$subscriptionId` with your subscription ID, `$resourceGroupName` with your resource group name, and `$assigneeObjectId` with the generated `assignee-object-id`. Learn [how to manage Azure subscriptions with the Azure CLI](/cli/azure/manage-azure-subscriptions-azure-cli). 
 
     ```azurecli-interactive
-    az role assignment create --role contributor --subscription $subscriptionId --assignee-object-id  $assigneeObjectId --assignee-principal-type ServicePrincipal
+    az role assignment create --role contributor --subscription $subscriptionId --assignee-object-id  $assigneeObjectId --scopes /subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Web/sites/--assignee-principal-type ServicePrincipal
     ```
 
 1. Run the following command to [create a new federated identity credential](/graph/api/application-post-federatedidentitycredentials?view=graph-rest-beta&preserve-view=true) for your active directory application.

articles/app-service/environment/app-service-app-service-environment-control-inbound-traffic.md

@@ -37,6 +37,9 @@ The following list contains the ports used by an App Service Environment. All po
 * 4016: Used for remote debugging with Visual Studio 2012.  This port can be safely blocked if the feature isn't being used.  On an ILB-enabled ASE, this port is bound to the ILB address of the ASE.
 * 4018: Used for remote debugging with Visual Studio 2013.  This port can be safely blocked if the feature isn't being used.  On an ILB-enabled ASE, this port is bound to the ILB address of the ASE.
 * 4020: Used for remote debugging with Visual Studio 2015.  This port can be safely blocked if the feature isn't being used.  On an ILB-enabled ASE, this port is bound to the ILB address of the ASE.
+* 4022: Used for remote debugging with Visual Studio 2017.  This port can be safely blocked if the feature isn't being used.  On an ILB-enabled ASE, this port is bound to the ILB address of the ASE.
+* 4024 Used for remote debugging with Visual Studio 2019.  This port can be safely blocked if the feature isn't being used.  On an ILB-enabled ASE, this port is bound to the ILB address of the ASE.
+* 4026: Used for remote debugging with Visual Studio 2022.  This port can be safely blocked if the feature isn't being used.  On an ILB-enabled ASE, this port is bound to the ILB address of the ASE.
 
 ## Outbound Connectivity and DNS Requirements
 For an App Service Environment to function properly, it also requires outbound access to various endpoints. A full list of the external endpoints used by an ASE is in the "Required Network Connectivity" section of the [Network Configuration for ExpressRoute](app-service-app-service-environment-network-configuration-expressroute.md#required-network-connectivity) article.

articles/app-service/environment/network-info.md

@@ -189,10 +189,13 @@ If you put a *deny everything else* rule before the default rules, you prevent t
 
 If you assigned an IP address to your app, make sure you keep the ports open. To see the ports, select **App Service Environment** > **IP addresses**.  
 
-All the items shown in the following outbound rules are needed, except for the last item. They enable network access to the App Service Environment dependencies that were noted earlier in this article. If you block any of them, your App Service Environment stops working. The last item in the list enables your App Service Environment to communicate with other resources in your virtual network.
+All the items shown in the following outbound rules are needed, except for the rule named **ASE-internal-outbound**. They enable network access to the App Service Environment dependencies that were noted earlier in this article. If you block any of them, your App Service Environment stops working. The rule named **ASE-internal-outbound** in the list enables your App Service Environment to communicate with other resources in your virtual network.
 
 ![Screenshot that shows outbound security rules.][5]
 
+> [!NOTE]
+> The IP range in the ASE-internal-outbound rule is only an example and should be changed to match the subnet range for the App Service Environment subnet.
+
 After your NSGs are defined, assign them to the subnet. If you don't remember the virtual network or subnet, you can see it from the App Service Environment portal. To assign the NSG to your subnet, go to the subnet UI and select the NSG.
 
 ## Routes

articles/azure-app-configuration/use-key-vault-references-spring-boot.md

@@ -122,7 +122,7 @@ To add a secret to the vault, you need to take just a few additional steps. In t
 
     ```azurecli
     az ad sp show --id <clientId-of-your-service-principal>
-    az role assignment create --role "App Configuration Data Reader" --assignee-object-id <objectId-of-your-service-principal> --resource-group <your-resource-group>
+    az role assignment create --role "App Configuration Data Reader" --scope /subscriptions/<subscriptionId>/resourceGroups/<group-name> --assignee-principal-type --assignee-object-id <objectId-of-your-service-principal> --resource-group <your-resource-group>
     ```
 
 1. Create the environment variables **AZURE_CLIENT_ID**, **AZURE_CLIENT_SECRET**, and **AZURE_TENANT_ID**. Use the values for the service principal that were displayed in the previous steps. At the command line, run the following commands and restart the command prompt to allow the change to take effect:

articles/azure-resource-manager/bicep/key-vault-parameter.md

@@ -132,6 +132,7 @@ The following procedure shows how to create a role with the minimum permission,
     az role definition create --role-definition "<path-to-role-file>"
     az role assignment create \
       --role "Key Vault resource manager template deployment operator" \
+      --scope /subscriptions/<Subscription-id>/resourceGroups/<resource-group-name> \
       --assignee <user-principal-name> \
       --resource-group ExampleGroup
     ```

articles/azure-resource-manager/templates/key-vault-parameter.md

@@ -136,6 +136,7 @@ For other users, grant the `Microsoft.KeyVault/vaults/deploy/action` permission.
     az role definition create --role-definition "<path-to-role-file>"
     az role assignment create \
       --role "Key Vault resource manager template deployment operator" \
+      --scope /subscriptions/<Subscription-id>/resourceGroups/<resource-group-name> \
       --assignee <user-principal-name> \
       --resource-group ExampleGroup
     ```

articles/azure-sql/database/application-authentication-get-client-id-keys.md

@@ -80,7 +80,7 @@ $svcprincipal = az ad sp create --id $azureAdApplication.ApplicationId
 Start-Sleep -s 15 # to avoid a PrincipalNotFound error, pause for 15 seconds
 
 # if you still get a PrincipalNotFound error, then rerun the following until successful.
-$roleassignment = az role assignment create --role "Contributor" --assignee $azureAdApplication.ApplicationId.Guid
+$roleassignment = az role assignment create --role "Contributor" --scope /subscriptions/{Subscription-id}/resourceGroups/{resource-group-name} --assignee $azureAdApplication.ApplicationId.Guid
 
 # output the values we need for our C# application to successfully authenticate
 Write-Output "Copy these values into the C# sample app"

articles/backup/backup-overview.md

@@ -2,7 +2,7 @@
 title: What is Azure Backup?
 description: Provides an overview of the Azure Backup service, and how it contributes to your business continuity and disaster recovery (BCDR) strategy.
 ms.topic: overview
-ms.date: 01/04/2022
+ms.date: 03/11/2022
 ms.custom: mvc
 ---
 # What is the Azure Backup service?
@@ -19,7 +19,7 @@ The Azure Backup service provides simple, secure, and cost-effective solutions t
 - **Azure Files shares** - [Back up Azure File shares to a storage account](backup-afs.md)
 - **SQL Server in Azure VMs** -  [Back up SQL Server databases running on Azure VMs](backup-azure-sql-database.md)
 - **SAP HANA databases in Azure VMs** - [Backup SAP HANA databases running on Azure VMs](backup-azure-sap-hana-database.md)
-- **Azure Database for PostgreSQL servers (preview)** -  [Back up Azure PostgreSQL databases and retain the backups for up to 10 years](backup-azure-database-postgresql.md)
+- **Azure Database for PostgreSQL servers** -  [Back up Azure PostgreSQL databases and retain the backups for up to 10 years](backup-azure-database-postgresql.md)
 - **Azure Blobs** - [Overview of operational backup for Azure Blobs](blob-backup-overview.md)
 
 ![Azure Backup Overview](./media/backup-overview/azure-backup-overview.png)