Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into WI60224-ddos-attack

Author: ElazarK

articles/automation/update-management/overview.md

@@ -177,9 +177,9 @@ Update Management requires [Log Analytics agent](../../azure-monitor/agents/lo
 
 You must update Log Analytics agent to the latest version, by following below steps:  
 
-Check the current version of Log Analytics agent for your machine:  Go to the installation path - *C:\ProgramFiles\Microsoft Monitoring Agent\Agent* and right-click on *HealthService.exe* to check **Properties**. In the **Details** tab, the field **Product version** provides version number of the Log Analytics agent. 
+1. Check the current version of Log Analytics agent for your machine:  Go to the installation path - *C:\ProgramFiles\Microsoft Monitoring Agent\Agent* and right-click on *HealthService.exe* to check **Properties**. In the **Details** tab, the field **Product version** provides version number of the Log Analytics agent. 
 
-If your Log Analytics agent version is prior to [10.20.18053 (bundle) and 1.0.18053.0 (extension)](../../virtual-machines/extensions/oms-windows.md#agent-and-vm-extension-version), upgrade to the latest version of the Windows Log Analytics agent, following these [guidelines](../../azure-monitor/agents/agent-manage.md).  
+1. If your Log Analytics agent version is prior to [10.20.18053 (bundle) and 1.0.18053.0 (extension)](../../virtual-machines/extensions/oms-windows.md#agent-and-vm-extension-version), upgrade to the latest version of the Windows Log Analytics agent, following these [guidelines](../../azure-monitor/agents/agent-manage.md).  
 
 >[!NOTE]
 > During the upgrade process, update management schedules might fail. Ensure to do this when there is no planned schedule. 

articles/azure-monitor/containers/container-insights-enable-arc-enabled-clusters.md

@@ -117,7 +117,7 @@ az k8s-extension create --name azuremonitor-containers --cluster-name <cluster-n
 To use [managed identity authentication (preview)](container-insights-onboard.md#authentication), add the `configuration-settings` parameter as in the following:
 
 ```azurecli
-az k8s-extension create --name azuremonitor-containers --cluster-name <cluster-name> --resource-group <resource-group> --cluster-type connectedClusters --extension-type Microsoft.AzureMonitor.Containers --configuration-settings amalogsagent.useAADAuth=true
+az k8s-extension create --name azuremonitor-containers --cluster-name <cluster-name> --resource-group <resource-group> --cluster-type connectedClusters --extension-type Microsoft.AzureMonitor.Containers --configuration-settings amalogs.useAADAuth=true
 ```
 
 
@@ -134,7 +134,7 @@ az k8s-extension create --name azuremonitor-containers --cluster-name <cluster-n
 If you want to tweak the default resource requests and limits, you can use the advanced configurations settings:
 
 ```azurecli
-az k8s-extension create --name azuremonitor-containers --cluster-name <cluster-name> --resource-group <resource-group> --cluster-type connectedClusters --extension-type Microsoft.AzureMonitor.Containers --configuration-settings  amalogsagent.resources.daemonset.limits.cpu=150m amalogsagent.resources.daemonset.limits.memory=600Mi amalogsagent.resources.deployment.limits.cpu=1 amalogsagent.resources.deployment.limits.memory=750Mi
+az k8s-extension create --name azuremonitor-containers --cluster-name <cluster-name> --resource-group <resource-group> --cluster-type connectedClusters --extension-type Microsoft.AzureMonitor.Containers --configuration-settings  amalogs.resources.daemonset.limits.cpu=150m amalogs.resources.daemonset.limits.memory=600Mi amalogs.resources.deployment.limits.cpu=1 amalogs.resources.deployment.limits.memory=750Mi
 ```
 
 Checkout the [resource requests and limits section of Helm chart](https://github.com/microsoft/Docker-Provider/blob/ci_prod/charts/azuremonitor-containers/values.yaml) for the available configuration settings.
@@ -144,7 +144,7 @@ Checkout the [resource requests and limits section of Helm chart](https://github
 If the Azure Arc-enabled Kubernetes cluster is on Azure Stack Edge, then a custom mount path `/home/data/docker` needs to be used.
 
 ```azurecli
-az k8s-extension create --name azuremonitor-containers --cluster-name <cluster-name> --resource-group <resource-group> --cluster-type connectedClusters --extension-type Microsoft.AzureMonitor.Containers --configuration-settings amalogsagent.logsettings.custommountpath=/home/data/docker
+az k8s-extension create --name azuremonitor-containers --cluster-name <cluster-name> --resource-group <resource-group> --cluster-type connectedClusters --extension-type Microsoft.AzureMonitor.Containers --configuration-settings amalogs.logsettings.custommountpath=/home/data/docker
 ```
 
 
@@ -233,7 +233,7 @@ az k8s-extension show --name azuremonitor-containers --cluster-name \<cluster-na
 Enable Container insights extension with managed identity authentication option using the workspace returned in the first step. 
 
 ```cli
-az k8s-extension create --name azuremonitor-containers --cluster-name \<cluster-name\> --resource-group \<resource-group\> --cluster-type connectedClusters --extension-type Microsoft.AzureMonitor.Containers --configuration-settings amalogsagent.useAADAuth=true logAnalyticsWorkspaceResourceID=\<workspace-resource-id\> 
+az k8s-extension create --name azuremonitor-containers --cluster-name \<cluster-name\> --resource-group \<resource-group\> --cluster-type connectedClusters --extension-type Microsoft.AzureMonitor.Containers --configuration-settings amalogs.useAADAuth=true logAnalyticsWorkspaceResourceID=\<workspace-resource-id\> 
 ```
 
 ## [Resource Manager](#tab/migrate-arm)

articles/cost-management-billing/costs/enable-preview-features-cost-management-labs.md

@@ -71,7 +71,7 @@ Cost analysis is your tool for interactive analytics and insights. You've seen t
 
 The first time you open the cost analysis preview, you'll see a list of all views. When you return, you'll see a list of the recently used views to help you get back to where you left off quicker than ever. You can pin any view or even rename or subscribe to alerts for your saved views.
 
-The recent and pinned views can be enabled from the [Try preview](https://aka.ms/costmgmt/trypreview) page in the Azure portal. Use the **How would you rate the cost analysis preview?** option at the bottom of the page to share feedback about the preview.
+**Recent and pinned views are available by default in the cost analysis preview.** Use the **How would you rate the cost analysis preview?** option at the bottom of the page to share feedback.
 
 
 <a name="aksnestedtable"></a>

articles/defender-for-cloud/custom-security-policies.md

@@ -3,7 +3,7 @@ title: Create custom Azure security policies in Microsoft Defender for Cloud
 description: Azure custom policy definitions monitored by Microsoft Defender for Cloud.
 ms.topic: how-to
 ms.custom: ignite-2022
-ms.date: 07/20/2022
+ms.date: 01/22/2023
 zone_pivot_groups: manage-asc-initiatives
 ---
 
@@ -35,26 +35,36 @@ You can view your custom initiatives organized by controls, similar to the contr
 
     :::image type="content" source="media/custom-security-policies/accessing-security-policy-page.png" alt-text="Screenshot of accessing the security policy page in Microsoft Defender for Cloud." lightbox="media/custom-security-policies/accessing-security-policy-page.png":::
 
-1. In the Add custom initiatives page, review the list of custom policies already created in your organization.
+1. Review the list of custom policies already created in your organization, and select **Add** to assign a policy to your subscription.
 
-    - If you see one you want to assign to your subscription, select **Add**. 
-    - If there isn't an initiative in the list that meets your needs, create a new custom initiative:
+If there isn't an initiative in the list that meets your needs, you can create one.
 
-        1. Select **Create new**.
-        1. Enter the definition's location and name.
-        1. Select the policies to include and select **Add**.
-        1. Enter any desired parameters.
-        1. Select **Save**.
-        1. In the Add custom initiatives page, select refresh. Your new initiative will be available.
-        1. Select **Add** and assign it to your subscription.
+**To create a new custom initiative**:
+
+1. Select **Create new**.
+
+1. Enter the definition's location and custom name.
+
+    > [!NOTE]
+    > Custom initiatives shouldn't have the same name as other initiatives (custom or built-in). If you create a custom initiative with the the same name, it will cause a conflict in the information displayed in the dashboard.
+
+1. Select the policies to include and select **Add**.
+
+1. Enter any desired parameters.
+
+1. Select **Save**.
+
+1. In the Add custom initiatives page, select refresh. Your new initiative will be available.
+
+1. Select **Add** and assign it to your subscription.
 
     ![Create or add a policy.](media/custom-security-policies/create-or-add-custom-policy.png)
 
 
     > [!NOTE]
     > Creating new initiatives requires subscription owner credentials. For more information about Azure roles, see [Permissions in Microsoft Defender for Cloud](permissions.md).
 
-    Your new initiative takes effect and you can see the impact in the following two ways:
+    Your new initiative takes effect and you can see the results in the following two ways:
 
     * From the Defender for Cloud menu, select **Regulatory compliance**. The compliance dashboard opens to show your new custom initiative alongside the built-in initiatives.
 
@@ -250,7 +260,7 @@ The metadata should be added to the policy definition for a policy that is part
     },
 ```
 
-Below is an example of a custom policy including the metadata/securityCenter property:
+Here's another example of a custom policy including the metadata/securityCenter property:
 
   ```json
   {

articles/defender-for-cloud/governance-rules.md

@@ -2,12 +2,11 @@
 title: Driving your organization to remediate security issues with recommendation governance in Microsoft Defender for Cloud
 description: Learn how to assign owners and due dates to security recommendations and create rules to automatically assign owners and due dates
 services: defender-for-cloud
-author: bmansheim
-ms.author: benmansheim
 ms.service: defender-for-cloud
 ms.topic: how-to
-ms.date: 11/13/2022
+ms.date: 01/23/2023
 ---
+
 # Drive your organization to remediate security recommendations with governance
 
 Security teams are responsible for improving the security posture of their organizations but they may not have the resources or authority to actually implement security recommendations. [Assigning owners with due dates](#manually-assigning-owners-and-due-dates-for-recommendation-remediation) and [defining governance rules](#building-an-automated-process-for-improving-security-with-governance-rules) creates accountability and transparency so you can drive the process of improving the security posture in your organization.
@@ -40,9 +39,9 @@ You can then review the progress of the tasks by subscription, recommendation, o
 
 ### Defining governance rules to automatically set the owner and due date of recommendations
 
-Governance rules can identify resources that require remediation according to specific recommendations or severities, and the rule assigns an owner and due date to make sure the recommendations are handled. Many governance rules can apply to the same recommendations, so the rule with lower priority value is the one that assigns the owner and due date.
+Governance rules can identify resources that require remediation according to specific recommendations or severities. The rule assigns an owner and due date to ensure the recommendations are handled. Many governance rules can apply to the same recommendations, so the rule with lower priority value is the one that assigns the owner and due date.
 
-The due date set for the recommendation to be remediated is based on a timeframe of 7, 14, 30, or 90 days from when the recommendation is found by the rule. For example, if the rule identifies the resource on March 1st and the remediation timeframe is 14 days, March 15th is the due date. You can apply a grace period so that the resources that are given a due date don't impact your secure score until they're overdue.
+The due date set for the recommendation to be remediated is based on a timeframe of 7, 14, 30, or 90 days from when the recommendation is found by the rule. For example, if the rule identifies the resource on March 1 and the remediation timeframe is 14 days, March 15 is the due date. You can apply a grace period so that the resources that 's given a due date don't affect your secure score until they're overdue.
 
 You can also set the owner of the resources that are affected by the specified recommendations. In organizations that use resource tags to associate resources with an owner, you can specify the tag key and the governance rule reads the name of the resource owner from the tag.
 
@@ -72,7 +71,7 @@ To define a governance rule that assigns an owner and due date:
     - **By resource tag** - Enter the resource tag on your resources that defines the resource owner.
     - **By email address** - Enter the email address of the owner to assign to the recommendations.
 1. Set the **remediation timeframe**, which is the time between when the resources are identified to require remediation and the time that the remediation is due.
-1. If you don't want the resources to impact your secure score until they're overdue, select **Apply grace period**.
+1. If you don't want the resources to affect your secure score until they're overdue, select **Apply grace period**.
 1. If you don't want either the owner or the owner's manager to receive weekly emails, clear the notification options.
 1. Select **Create**.
 
@@ -90,9 +89,13 @@ If there are existing recommendations that match the definition of the governanc
 > -	Create and apply rules on multiple scopes at once using management scopes cross cloud.
 > -	Check effective rules on selected scope using the scope filter.
 
+To view the effect of rules on a specific scope, use the Scope filter to select a specific scope.
+
+Conflicting rules are applied in priority order. For example, rules on a management scope (Azure management groups, AWS accounts and GCP organizations), take effect before rules on scopes (for example, Azure subscriptions, AWS accounts, or GCP projects). 
+
 ## Manually assigning owners and due dates for recommendation remediation
 
-For every resource affected by a recommendation, you can assign an owner and a due date so that you know who needs to implement the security changes to improve your security posture and when they're expected to do it by. You can also apply a grace period so that the resources that are given a due date don't impact your secure score unless they become overdue.
+For every resource affected by a recommendation, you can assign an owner and a due date so that you know who needs to implement the security changes to improve your security posture and when they're expected to do it by. You can also apply a grace period so that the resources that 's given a due date don't affect your secure score unless they become overdue.
 
 To manually assign owners and due dates to recommendations:
 
@@ -108,7 +111,7 @@ To manually assign owners and due dates to recommendations:
 1. For any resource that doesn't have an owner or due date, select the resources and select **Assign owner**.
 1. Enter the email address of the owner that needs to make the changes that remediate the recommendation for those resources.
 1. Select the date by which to remediate the recommendation for the resources.
-1. You can select **Apply grace period** to keep the resource from impacting the secure score until it's overdue.
+1. You can select **Apply grace period** to keep the resource from affecting the secure score until it's overdue.
 1. Select **Save**.
 
 The recommendation is now shown as assigned and on time.

articles/defender-for-cloud/media/custom-security-policies/accessing-security-policy-page.png

@@ -219,7 +219,7 @@ Azure Container Registry can be configured to use a private endpoint. Use the fo
     If you've [installed the Machine Learning extension v2 for Azure CLI](how-to-configure-cli.md), you can use the `az ml workspace show` command to show the workspace information. The v1 extension does not return this information.
 
     ```azurecli-interactive
-    az ml workspace show -w yourworkspacename -g resourcegroupname --query 'container_registry'
+    az ml workspace show -n yourworkspacename -g resourcegroupname --query 'container_registry'
     ```
 
     This command returns a value similar to `"/subscriptions/{GUID}/resourceGroups/{resourcegroupname}/providers/Microsoft.ContainerRegistry/registries/{ACRname}"`. The last part of the string is the name of the Azure Container Registry for the workspace.

articles/machine-learning/how-to-secure-workspace-vnet.md

@@ -1,14 +1,14 @@
 ---
-title: Azure network round-trip latency statistics | Microsoft Docs
+title: Azure network round-trip latency statistics
 description: Learn about round-trip latency statistics between Azure regions.
 services: networking
 author: mbender-ms
 ms.service: virtual-network
 ms.topic: article
-ms.date: 06/08/2021
+ms.date: 06/30/2022
 ms.author: mbender
-
 ---
+
 # Azure network round-trip latency statistics
 
 Azure continuously monitors the latency (speed) of core areas of its network using internal monitoring tools as well as measurements collected by [ThousandEyes](https://thousandeyes.com), a third-party synthetic monitoring service.
@@ -23,9 +23,11 @@ The monthly Percentile P50 round trip times between Azure regions for the past 3
 
 :::image type="content" source="media/azure-network-latency/azure-network-latency-thmb-july-2022.png" alt-text="Chart of the inter-region latency statistics as of June 30, 2022." lightbox="media/azure-network-latency/azure-network-latency-july-2022.png":::
 
-> [IMPORTANT!}
+> [!IMPORTANT]
 > Monthly latency numbers across Azure regions do not change regulary. Given this, you can expect an update of this table every 6 to 9 months outside of the addition of new regions. When new regions come online, we will update this document as soon as data is available.
 
 ## Next steps
 
 Learn about [Azure regions](https://azure.microsoft.com/global-infrastructure/regions/).
+
+