Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into pauljewell-java-resources

Author: pauljewellmsft

.openpublishing.redirection.defender-for-iot.json

@@ -1,12 +1,16 @@
 {
     "redirections": [
+        {
+            "source_path_from_root": "/articles/defender-for-iot/organizations/resources-training-sessions.md",
+            "redirect_url": "https://techcommunity.microsoft.com/t5/microsoft-defender-for-iot-blog/microsoft-defender-for-iot-ninja-training/ba-p/2428899",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/defender-for-iot/organizations/how-to-manage-the-alert-event.md",
             "redirect_url": "/azure/defender-for-iot/organizations/how-to-view-alerts",
             "redirect_document_id": false
         },
-        {
-            "source_path_from_root": "/articles/defender-for-iot/organizations/how-to-install-software.md",
+        {   "source_path_from_root": "/articles/defender-for-iot/organizations/how-to-install-software.md",
             "redirect_url": "/azure/defender-for-iot/organizations/ot-deploy/install-software-ot-sensor",
             "redirect_document_id": false
         },

articles/active-directory/roles/admin-units-assign-roles.md

@@ -50,7 +50,7 @@ The following Azure AD roles can be assigned with administrative unit scope. Add
 | [SharePoint Administrator](permissions-reference.md#sharepoint-administrator) | Can manage Microsoft 365 groups in the assigned administrative unit only. For SharePoint sites associated with Microsoft 365 groups in an administrative unit, can also update site properties (site name, URL, and external sharing policy) using the Microsoft 365 admin center. Cannot use the SharePoint admin center or SharePoint APIs to manage sites. |
 | [Teams Administrator](permissions-reference.md#teams-administrator) | Can manage Microsoft 365 groups in the assigned administrative unit only.  Can manage team members in the Microsoft 365 admin center for teams associated with groups in the assigned administrative unit only.  Cannot use the Teams admin center. |
 | [Teams Devices Administrator](permissions-reference.md#teams-devices-administrator) | Can perform management related tasks on Teams certified devices. |
-| [User Administrator](permissions-reference.md#user-administrator) | Can manage all aspects of users and groups, including resetting passwords for limited admins within the assigned administrative unit only. |
+| [User Administrator](permissions-reference.md#user-administrator) | Can manage all aspects of users and groups, including resetting passwords for limited admins within the assigned administrative unit only. Cannot currently manage users' profile photographs. |
 | [<Custom role>](custom-create.md) | Can perform actions that apply to users, groups, or devices, according to the definition of the custom role. |
 
 Certain role permissions apply only to non-administrator users when assigned with the scope of an administrative unit. In other words, administrative unit scoped [Helpdesk Administrators](permissions-reference.md#helpdesk-administrator) can reset passwords for users in the administrative unit only if those users do not have administrator roles. The following list of permissions are restricted when the target of an action is another administrator:

articles/active-directory/saas-apps/officespace-software-provisioning-tutorial.md

@@ -45,7 +45,7 @@ Before configuring and enabling automatic user provisioning, you should decide w
 
 ## Set up OfficeSpace Software for provisioning
 
-1. Sign in to your [OfficeSpace Software Admin Console](https://support.officespacesoftware.com/hc). Navigate to **Settings > Connectors**.
+1. Sign in to your [OfficeSpace Software Admin Console](https://support.officespacesoftware.com/s/). Navigate to **Settings > Connectors**.
 
 	![OfficeSpace Software Admin Console](media/officespace-software-provisioning-tutorial/settings.png)
 
@@ -147,4 +147,4 @@ For more information on how to read the Azure AD provisioning logs, see [Reporti
 
 ## Next steps
 
-* [Learn how to review logs and get reports on provisioning activity](../app-provisioning/check-status-user-account-provisioning.md)
+* [Learn how to review logs and get reports on provisioning activity](../app-provisioning/check-status-user-account-provisioning.md)

articles/aks/tutorial-kubernetes-deploy-application.md

@@ -1,36 +1,36 @@
 ---
-title: Kubernetes on Azure tutorial  - Deploy an application
+title: Kubernetes on Azure tutorial - Deploy an application
 description: In this Azure Kubernetes Service (AKS) tutorial, you deploy a multi-container application to your cluster using a custom image stored in Azure Container Registry.
 services: container-service
 ms.topic: tutorial
-ms.date: 05/24/2021
-
+ms.date: 01/04/2023
 ms.custom: mvc, devx-track-azurepowershell
 
 #Customer intent: As a developer, I want to learn how to deploy apps to an Azure Kubernetes Service (AKS) cluster so that I can deploy and run my own applications.
 ---
 
 # Tutorial: Run applications in Azure Kubernetes Service (AKS)
 
-Kubernetes provides a distributed platform for containerized applications. You build and deploy your own applications and services into a Kubernetes cluster, and let the cluster manage the availability and connectivity. In this tutorial, part four of seven, a sample application is deployed into a Kubernetes cluster. You learn how to:
+Kubernetes provides a distributed platform for containerized applications. You build and deploy your own applications and services into a Kubernetes cluster and let the cluster manage the availability and connectivity. In this tutorial, part four of seven, you deploy a sample application into a Kubernetes cluster. You learn how to:
 
 > [!div class="checklist"]
-> * Update a Kubernetes manifest file
-> * Run an application in Kubernetes
-> * Test the application
+>
+> * Update a Kubernetes manifest file.
+> * Run an application in Kubernetes.
+> * Test the application.
 
-In later tutorials, this application is scaled out and updated.
+In later tutorials, you'll scale out and update your application.
 
-This quickstart assumes a basic understanding of Kubernetes concepts. For more information, see [Kubernetes core concepts for Azure Kubernetes Service (AKS)][kubernetes-concepts].
+This quickstart assumes you have a basic understanding of Kubernetes concepts. For more information, see [Kubernetes core concepts for Azure Kubernetes Service (AKS)][kubernetes-concepts].
 
 > [!TIP]
-> AKS clusters can use GitOps for configuration management. This enables declarations of your cluster's state, which are pushed to source control, to be applied to the cluster automatically. To learn how to use GitOps to deploy an application with an AKS cluster, see the tutorial [Use GitOps with Flux v2][gitops-flux-tutorial] and follow the [prerequisites for Azure Kubernetes Service clusters][gitops-flux-tutorial-aks].
+> AKS clusters can use GitOps for configuration management. GitOp enables declarations of your cluster's state, which are pushed to source control, to be applied to the cluster automatically. To learn how to use GitOps to deploy an application with an AKS cluster, see the [prerequisites for Azure Kubernetes Service clusters][gitops-flux-tutorial-aks] in the [GitOps with Flux v2][gitops-flux-tutorial] tutorial.
 
 ## Before you begin
 
-In previous tutorials, an application was packaged into a container image, this image was uploaded to Azure Container Registry, and a Kubernetes cluster was created.
+In previous tutorials, you packaged an application into a container image, uploaded the image to Azure Container Registry, and created a Kubernetes cluster.
 
-To complete this tutorial, you need the pre-created `azure-vote-all-in-one-redis.yaml` Kubernetes manifest file. This file was downloaded with the application source code in a previous tutorial. Verify that you've cloned the repo, and that you have changed directories into the cloned repo. If you haven't done these steps, and would like to follow along, start with [Tutorial 1 – Create container images][aks-tutorial-prepare-app].
+To complete this tutorial, you need the pre-created `azure-vote-all-in-one-redis.yaml` Kubernetes manifest file. This file download was included with the application source code in a previous tutorial. Verify that you've cloned the repo and that you've changed directories into the cloned repo. If you haven't done these steps and would like to follow along, start with [Tutorial 1: Prepare an application for AKS][aks-tutorial-prepare-app].
 
 ### [Azure CLI](#tab/azure-cli)
 
@@ -48,37 +48,37 @@ In these tutorials, an Azure Container Registry (ACR) instance stores the contai
 
 ### [Azure CLI](#tab/azure-cli)
 
-Get the ACR login server name using the [az acr list][az-acr-list] command as follows:
+Get the ACR login server name using the [az acr list][az-acr-list] command.
 
 ```azurecli
 az acr list --resource-group myResourceGroup --query "[].{acrLoginServer:loginServer}" --output table
 ```
 
 ### [Azure PowerShell](#tab/azure-powershell)
 
-Get the ACR login server name using the [Get-AzContainerRegistry][get-azcontainerregistry] cmdlet as follows:
+Get the ACR login server name using the [Get-AzContainerRegistry][get-azcontainerregistry] cmdlet.
 
 ```azurepowershell
 (Get-AzContainerRegistry -ResourceGroupName myResourceGroup -Name <acrName>).LoginServer
 ```
 
 ---
 
-The sample manifest file from the git repo cloned in the first tutorial uses the images from Microsoft Container Registry (*mcr.microsoft.com*). Make sure that you're in the cloned *azure-voting-app-redis* directory, then open the manifest file with a text editor, such as `vi`:
+The sample manifest file from the git repo you cloned in the first tutorial uses the images from Microsoft Container Registry (*mcr.microsoft.com*). Make sure you're in the cloned *azure-voting-app-redis* directory, and then open the manifest file with a text editor, such as `vi`:
 
 ```console
 vi azure-vote-all-in-one-redis.yaml
 ```
 
-Replace *mcr.microsoft.com* with your ACR login server name. The image name is found on line 60 of the manifest file. The following example shows the default image name:
+Replace *mcr.microsoft.com* with your ACR login server name. You can find the image name on line 60 of the manifest file. The following example shows the default image name:
 
 ```yaml
 containers:
 - name: azure-vote-front
   image: mcr.microsoft.com/azuredocs/azure-vote-front:v1
 ```
 
-Provide your own ACR login server name so that your manifest file looks like the following example:
+Provide your own ACR login server name so your manifest file looks similar to the following example:
 
 ```yaml
 containers:
@@ -90,7 +90,7 @@ Save and close the file. In `vi`, use `:wq`.
 
 ## Deploy the application
 
-To deploy your application, use the [kubectl apply][kubectl-apply] command. This command parses the manifest file and creates the defined Kubernetes objects. Specify the sample manifest file, as shown in the following example:
+To deploy your application, use the [`kubectl apply`][kubectl-apply] command, specifying the sample manifest file. This command parses the manifest file and creates the defined Kubernetes objects.
 
 ```console
 kubectl apply -f azure-vote-all-in-one-redis.yaml
@@ -111,13 +111,13 @@ service "azure-vote-front" created
 
 When the application runs, a Kubernetes service exposes the application front end to the internet. This process can take a few minutes to complete.
 
-To monitor progress, use the [kubectl get service][kubectl-get] command with the `--watch` argument.
+To monitor progress, use the [`kubectl get service`][kubectl-get] command with the `--watch` argument.
 
 ```console
 kubectl get service azure-vote-front --watch
 ```
 
-Initially the *EXTERNAL-IP* for the *azure-vote-front* service is shown as *pending*:
+Initially the *EXTERNAL-IP* for the *azure-vote-front* service shows as *pending*.
 
 ```output
 azure-vote-front   LoadBalancer   10.0.34.242   <pending>     80:30676/TCP   5s
@@ -129,22 +129,23 @@ When the *EXTERNAL-IP* address changes from *pending* to an actual public IP add
 azure-vote-front   LoadBalancer   10.0.34.242   52.179.23.131   80:30676/TCP   67s
 ```
 
-To see the application in action, open a web browser to the external IP address of your service:
+To see the application in action, open a web browser to the external IP address of your service.
 
 :::image type="content" source="./media/container-service-kubernetes-tutorials/azure-vote.png" alt-text="Screenshot showing the container image Azure Voting App running in an AKS cluster opened in a local web browser" lightbox="./media/container-service-kubernetes-tutorials/azure-vote.png":::
 
-If the application didn't load, it might be due to an authorization problem with your image registry. To view the status of your containers, use the `kubectl get pods` command. If the container images can't be pulled, see [Authenticate with Azure Container Registry from Azure Kubernetes Service](cluster-container-registry-integration.md).
+If the application doesn't load, it might be an authorization problem with your image registry. To view the status of your containers, use the `kubectl get pods` command. If you can't pull the container images, see [Authenticate with Azure Container Registry from Azure Kubernetes Service](cluster-container-registry-integration.md).
 
 ## Next steps
 
-In this tutorial, a sample Azure vote application was deployed to a Kubernetes cluster in AKS. You learned how to:
+In this tutorial, you deployed a sample Azure vote application to a Kubernetes cluster in AKS. You learned how to:
 
 > [!div class="checklist"]
-> * Update a Kubernetes manifest files
-> * Run an application in Kubernetes
-> * Test the application
+>
+> * Update a Kubernetes manifest file.
+> * Run an application in Kubernetes.
+> * Test the application.
 
-Advance to the next tutorial to learn how to scale a Kubernetes application and the underlying Kubernetes infrastructure.
+In  the next tutorial, you'll learn how to scale a Kubernetes application and the underlying Kubernetes infrastructure.
 
 > [!div class="nextstepaction"]
 > [Scale Kubernetes application and infrastructure][aks-tutorial-scale]

articles/application-gateway/configuration-listeners.md

@@ -85,9 +85,9 @@ To configure a global custom error page, see [Azure PowerShell configuration](./
 
 ## TLS policy
 
-You can centralize TLS/SSL certificate management and reduce encryption-decryption overhead for a backend server farm. Centralized TLS handling also lets you specify a central TLS policy that's suited to your security requirements. You can choose *default*, *predefined*, or *custom* TLS policy.
+You can centralize TLS/SSL certificate management and reduce encryption-decryption overhead for a backend server farm. Centralized TLS handling also lets you specify a central TLS policy that's suited to your security requirements. You can choose *predefined* or *custom* TLS policy.
 
-You configure TLS policy to control TLS protocol versions. You can configure an application gateway to use a minimum protocol version for TLS handshakes from TLS1.0, TLS1.1, and TLS1.2. By default, SSL 2.0 and 3.0 are disabled and aren't configurable. For more information, see [Application Gateway TLS policy overview](./application-gateway-ssl-policy-overview.md).
+You configure TLS policy to control TLS protocol versions. You can configure an application gateway to use a minimum protocol version for TLS handshakes from TLS1.0, TLS1.1, TLS1.2, and TLS1.3. By default, SSL 2.0 and 3.0 are disabled and aren't configurable. For more information, see [Application Gateway TLS policy overview](./application-gateway-ssl-policy-overview.md).
 
 After you create a listener, you associate it with a request-routing rule. That rule determines how requests that are received on the listener are routed to the back end.
 

articles/application-gateway/ingress-controller-install-new.md

@@ -46,9 +46,9 @@ Follow the steps below to create an Azure Active Directory (Azure AD) [service p
     The `appId` and `password` values from the JSON output will be used in the following steps
 
 
-1. Use the `appId` from the previous command's output to get the `objectId` of the new service principal:
+1. Use the `appId` from the previous command's output to get the `id` of the new service principal:
     ```azurecli
-    objectId=$(az ad sp show --id $appId --query "objectId" -o tsv)
+    objectId=$(az ad sp show --id $appId --query "id" -o tsv)
     ```
     The output of this command is `objectId`, which will be used in the Azure Resource Manager template below
 
@@ -250,8 +250,13 @@ Kubernetes. We'll use it to install the `application-gateway-kubernetes-ingress`
     nano helm-config.yaml
     ```
 
+   > [!NOTE]
+   > **For deploying to Sovereign Clouds (e.g., Azure Government)**, the `appgw.environment` configuration parameter must be added and set to the appropriate value as documented below.
+
+
    Values:
      - `verbosityLevel`: Sets the verbosity level of the AGIC logging infrastructure. See [Logging Levels](https://github.com/Azure/application-gateway-kubernetes-ingress/blob/463a87213bbc3106af6fce0f4023477216d2ad78/docs/troubleshooting.md#logging-levels) for possible values.
+     - `appgw.environment`: Sets cloud environment. Possbile values: `AZURECHINACLOUD`, `AZUREGERMANCLOUD`, `AZUREPUBLICCLOUD`, `AZUREUSGOVERNMENTCLOUD`
      - `appgw.subscriptionId`: The Azure Subscription ID in which Application Gateway resides. Example: `a123b234-a3b4-557d-b2df-a0bc12de1234`
      - `appgw.resourceGroup`: Name of the Azure Resource Group in which Application Gateway was created. Example: `app-gw-resource-group`
      - `appgw.name`: Name of the Application Gateway. Example: `applicationgatewayd0f0`
@@ -347,4 +352,4 @@ kubectl apply -f aspnetapp.yaml
 
 ## Other Examples
 This [how-to guide](ingress-controller-expose-service-over-http-https.md) contains more examples on how to expose an AKS
-service via HTTP or HTTPS, to the Internet with Application Gateway.
+service via HTTP or HTTPS, to the Internet with Application Gateway.

articles/applied-ai-services/form-recognizer/containers/form-recognizer-container-install-run.md

@@ -7,7 +7,7 @@ manager: nitinme
 ms.service: applied-ai-services
 ms.subservice: forms-recognizer
 ms.topic: how-to
-ms.date: 11/29/2022
+ms.date: 01/04/2023
 ms.author: lajanuar
 monikerRange: 'form-recog-2.1.0'
 recommendations: false
@@ -246,7 +246,6 @@ services:
   azure-cognitive-service-layout:
     container_name: azure-cognitive-service-layout
     image: mcr.microsoft.com/azure-cognitive-services/form-recognizer/layout
-    user: root
     environment:
       - EULA=accept
       - billing={FORM_RECOGNIZER_ENDPOINT_URI}

articles/automation/shared-resources/certificates.md

@@ -3,7 +3,7 @@ title: Manage certificates in Azure Automation
 description: This article tells how to work with certificates for access by runbooks and DSC configurations.
 services: automation
 ms.subservice: shared-capabilities
-ms.date: 12/22/2020
+ms.date: 01/04/2023
 ms.topic: conceptual 
 ms.custom: devx-track-azurepowershell
 ---
@@ -59,7 +59,7 @@ When you create a new certificate, you upload a .cer or .pfx file to Automation.
 1. From your Automation account, on the left-hand pane select **Certificates** under **Shared Resource**.
 1. On the **Certificates** page, select **Add a certificate**.
 1. In the **Name** field, type a name for the certificate.
-1. To browse for a **.cer** or **.pfx** file, under **Upload a certificate file**, choose **Select a file**. If you select a **.pfx** file, specify a password and indicate if it can be exported.
+1. To browse for a **.cer** or **.pfx** file, under **Upload a certificate file**, choose **Select a file**. If you select a **.pfx** file, specify a password and indicate if it can be exported. If you are using Azure Automation portal to upload certificates, it might fail for partner (CSP) accounts. We recommend that you use [PowerShell cmdlets](#powershell-cmdlets-to-access-certificates) as a workaround to overcome this issue.
 1. Select **Create** to save the new certificate asset.
 
 ### Create a new certificate with PowerShell