Merge pull request #221065 from MicrosoftDocs/repo_sync_working_branch

huypub · web-flow · commit 71216fa6a2db · 2022-12-12T09:46:16.000-08:00
Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)
diff --git a/articles/active-directory/roles/includes/authentication-table-include.md b/articles/active-directory/roles/includes/authentication-table-include.md
@@ -16,7 +16,7 @@ The following table compares the capabilities of this role with related roles.
 
 | Role | Manage user's auth methods | Manage per-user MFA | Manage MFA settings | Manage auth method policy | Manage password protection policy | Update sensitive properties | Delete and restore users |
 | ---- | ---- | ---- | ---- | ---- | ---- | ---- | --- |
-| [Authentication Administrator](#authentication-administrator) | Yes for some users | Yes for some users | No | No | No | Yes for some users | Yes for some users |
+| [Authentication Administrator](#authentication-administrator) | Yes for [some users](#who-can-perform-sensitive-actions) | Yes for [some users](#who-can-perform-sensitive-actions) | No | No | No | Yes for [some users](#who-can-perform-sensitive-actions) | Yes for [some users](#who-can-perform-sensitive-actions) |
 | [Privileged Authentication Administrator](#privileged-authentication-administrator) | Yes for all users | Yes for all users | No | No | No | Yes for all users | Yes for all users |
 | [Authentication Policy Administrator](#authentication-policy-administrator) | No | No | Yes | Yes | Yes | No | No |
-| [User Administrator](#user-administrator) | No | No | No | No | No | Yes for some users | Yes for some users |
+| [User Administrator](#user-administrator) | No | No | No | No | No | Yes for [some users](#who-can-perform-sensitive-actions) | Yes for [some users](#who-can-perform-sensitive-actions) |
diff --git a/articles/azure-app-configuration/concept-enable-rbac.md b/articles/azure-app-configuration/concept-enable-rbac.md
@@ -30,7 +30,7 @@ Azure provides the following Azure built-in roles for authorizing access to App
 
 - **App Configuration Data Owner**: Use this role to give read/write/delete access to App Configuration data. This does not grant access to the App Configuration resource.
 - **App Configuration Data Reader**: Use this role to give read access to App Configuration data. This does not grant access to the App Configuration resource.
-- **Contributor** or **Owner**: Use this role to manage the App Configuration resource. It grants access to the resource's access keys. While the App Configuration data can be accessed using access keys, this role does not grant direct access to the data using Azure AD.
+- **Contributor** or **Owner**: Use this role to manage the App Configuration resource. It grants access to the resource's access keys. While the App Configuration data can be accessed using access keys, this role does not grant direct access to the data using Azure AD. This role is required if you access the App Configuration data via ARM template, Bicep, or Terraform during deployment. For more information, see [authorization](quickstart-resource-manager.md#authorization).
 - **Reader**: Use this role to give read access to the App Configuration resource. This does not grant access to the resource's access keys, nor to the data stored in App Configuration.
 
 > [!NOTE]
diff --git a/articles/azure-functions/functions-bindings-cosmosdb-v2.md b/articles/azure-functions/functions-bindings-cosmosdb-v2.md
@@ -53,7 +53,7 @@ The process for installing the extension varies depending on the extension versi
 
 # [Functions 2.x+](#tab/functionsv2/in-process)
 
-Working with the trigger and bindings requires that you reference the appropriate NuGet package. Install the [NuGet package](https://www.nuget.org/packages/Microsoft.Azure.WebJobs.Extensions.CosmosDB), version 3.x.
+Working with the trigger and bindings requires that you reference the appropriate NuGet package. Install the [NuGet package](https://www.nuget.org/packages/Microsoft.Azure.WebJobs.Extensions.CosmosDB/3.0.10), version 3.x.
 
 # [Extension 4.x+ (preview)](#tab/extensionv4/in-process)
 
diff --git a/articles/defender-for-cloud/alerts-reference.md b/articles/defender-for-cloud/alerts-reference.md
diff --git a/articles/defender-for-cloud/plan-defender-for-servers-agents.md b/articles/defender-for-cloud/plan-defender-for-servers-agents.md
@@ -45,14 +45,14 @@ Azure Arc is used to onboard AWS, GCP, and on-premises machines to Azure, and is
 
 ## Log Analytics agent/Azure Monitor agent
 
-Defender for Cloud uses the Log Analytics agent/Azure Monitor agent to collect information from compute resources, and then sends it to a Log Analytics workspace for further analysis. Agents are used in Defender for Servers as follows.
+Defender for Cloud uses the Log Analytics agent/Azure Monitor agent to collect information from compute resources, and then sends it to a Log Analytics workspace for further analysis. Review the [differences and recommendations regarding both agents](../azure-monitor/agents/agents-overview.md). Agents are used in Defender for Servers as follows.
 
 
 Feature | Log Analytics agent | Azure Monitor agent
 --- | --- | --- 
-Fundamental CSPM recommendations (free) that depend on agent: [OS baseline recommendation](apply-security-baseline.md) (Azure VMs) | :::image type="icon" source="./media/icons/yes-icon.png" alt-text="Icon that shows it's supported by the Log Analytics agent.":::| :::image type="icon" source="./media/icons/yes-icon.png" alt-text="Icon that shows it's supported by the Azure Monitor agent.":::<br/><br/> With the Azure Monitor agent, the Azure Policy [guest configuration extension](../virtual-machines/extensions/guest-configuration.md) is used.
-Fundamental CSPM: [System updates recommendations](recommendations-reference.md#compute-recommendations) (Azure VMs) | :::image type="icon" source="./media/icons/yes-icon.png" alt-text="Icon that shows it's supported by the Log Analytics agent"::: | Not yet available.
-Fundamental CSPM: [Antimalware/Endpoint protection recommendations](endpoint-protection-recommendations-technical.md) (Azure VMs) | :::image type="icon" source="./media/icons/yes-icon.png" alt-text="Icon that shows it's supported by the Log Analytics agent."::: | :::image type="icon" source="./media/icons/yes-icon.png" alt-text="Icon that shows it's supported by the Azure Monitor agent.":::
+Foundational CSPM recommendations (free) that depend on agent: [OS baseline recommendation](apply-security-baseline.md) (Azure VMs) | :::image type="icon" source="./media/icons/yes-icon.png" alt-text="Icon that shows it's supported by the Log Analytics agent.":::| :::image type="icon" source="./media/icons/yes-icon.png" alt-text="Icon that shows it's supported by the Azure Monitor agent.":::<br/><br/> With the Azure Monitor agent, the Azure Policy [guest configuration extension](../virtual-machines/extensions/guest-configuration.md) is used.
+Foundational CSPM: [System updates recommendations](recommendations-reference.md#compute-recommendations) (Azure VMs) | :::image type="icon" source="./media/icons/yes-icon.png" alt-text="Icon that shows it's supported by the Log Analytics agent"::: | Not yet available.
+Foundational CSPM: [Antimalware/Endpoint protection recommendations](endpoint-protection-recommendations-technical.md) (Azure VMs) | :::image type="icon" source="./media/icons/yes-icon.png" alt-text="Icon that shows it's supported by the Log Analytics agent."::: | :::image type="icon" source="./media/icons/yes-icon.png" alt-text="Icon that shows it's supported by the Azure Monitor agent.":::
 Attack detection at the OS level and network layer, including fileless attack detection).<br/><br/> Plan 1 relies on Defender for Endpoint capabilities for attack detection. | :::image type="icon" source="./media/icons/yes-icon.png" alt-text="Icon that shows it's supported by the Log Analytics agent. Plan 1 relies on Defender for Endpoint.":::<br/><br/> Plan 2| :::image type="icon" source="./media/icons/yes-icon.png" alt-text="Icon that shows it's supported by the Azure Monitor agent. Plan 1 relies on Defender for Endpoint.":::<br/><br/> Plan 2
 File integrity monitoring (Plan 2 only)  | :::image type="icon" source="./media/icons/yes-icon.png" alt-text="Icon that shows it's supported by the Log Analytics agent."::: | :::image type="icon" source="./media/icons/yes-icon.png" alt-text="Icon that shows it's supported by the Azure Monitor agent."::: 
 [Adaptive application controls](adaptive-application-controls.md) (Plan 2 only) | :::image type="icon" source="./media/icons/yes-icon.png" alt-text="Icon that shows it's supported by the Log Analytics agent."::: | :::image type="icon" source="./media/icons/yes-icon.png" alt-text="Icon that shows it's supported by the Azure Monitor agent.":::
diff --git a/articles/logic-apps/block-connections-across-tenants.md b/articles/logic-apps/block-connections-across-tenants.md
@@ -45,7 +45,7 @@ As a security measure to prevent this scenario, you can block access to and from
     
     - The choice whether to allow inbound connections to your tenant from each allowed tenant.
 
-    - The choice whether to allow inbound connections from your tenant to each allowed tenant.
+    - The choice whether to allow outbound connections from your tenant to each allowed tenant.
 
 - To test the tenant isolation policy, you need a second Azure AD tenant. From this tenant, you'll try connecting to and from the isolated tenant after the isolation policy takes effect.
 
diff --git a/articles/machine-learning/tutorial-azure-ml-in-a-day.md b/articles/machine-learning/tutorial-azure-ml-in-a-day.md
@@ -98,7 +98,7 @@ For this example, you only need a basic cluster, so you'll use a Standard_DS3_v2
 
 ## Create a job environment
 
-To run your AzureML job on your compute resource, you'll need an [environment](concept-environments.md). An environment lists the software runtime and libraries that you want installed on the compute where you’ll be training. It's similar to your python environment on your local machine.
+To run your AzureML job on your compute resource, you'll need an [environment](concept-environments.md). An environment lists the software runtime and libraries that you want installed on the compute where you’ll be training. It's similar to your Python environment on your local machine.
 
 AzureML provides many curated or ready-made environments, which are useful for common training and inference scenarios. You can also create your own custom environments using a docker image, or a conda configuration.
 
@@ -131,7 +131,7 @@ After running the training job, you'll deploy the model, then use it to produce
 
 ## Create training script
 
-Let's start by creating the training script - the *main.py* python file.
+Let's start by creating the training script - the *main.py* Python file.
 
 First create a source folder for the script:
 
diff --git a/articles/machine-learning/tutorial-pipeline-python-sdk.md b/articles/machine-learning/tutorial-pipeline-python-sdk.md
@@ -174,7 +174,7 @@ Azure ML pipelines are reusable ML workflows that usually consist of several com
 
 ## Create component 1: data prep (using programmatic definition)
 
-Let's start by creating the first component. This component handles the preprocessing of the data. The preprocessing task is performed in the *data_prep.py* python file.
+Let's start by creating the first component. This component handles the preprocessing of the data. The preprocessing task is performed in the *data_prep.py* Python file.
 
 First create a source folder for the data_prep component:
 
@@ -228,9 +228,9 @@ Now that both your components are defined and registered, you can start implemen
 
 Here, you'll use *input data*, *split ratio* and *registered model name* as input variables. Then call the components and connect them via their inputs/outputs identifiers. The outputs of each step can be accessed via the `.outputs` property.
 
-The python functions returned by `load_component()` work as any regular python function that we'll use within a pipeline to call each step.
+The Python functions returned by `load_component()` work as any regular Python function that we'll use within a pipeline to call each step.
 
-To code the pipeline, you use a specific `@dsl.pipeline` decorator that identifies the Azure ML pipelines. In the decorator, we can specify the pipeline description and default resources like compute and storage. Like a python function, pipelines can have inputs. You can then create multiple instances of a single pipeline with different inputs.
+To code the pipeline, you use a specific `@dsl.pipeline` decorator that identifies the Azure ML pipelines. In the decorator, we can specify the pipeline description and default resources like compute and storage. Like a Python function, pipelines can have inputs. You can then create multiple instances of a single pipeline with different inputs.
 
 Here, we used *input data*, *split ratio* and *registered model name* as input variables. We then call the components and connect them via their inputs/outputs identifiers. The outputs of each step can be accessed via the `.outputs` property.
 
diff --git a/articles/purview/create-microsoft-purview-python.md b/articles/purview/create-microsoft-purview-python.md
@@ -12,7 +12,7 @@ ms.custom: mode-api
 
 # Quickstart: Create a Microsoft Purview (formerly Azure Purview) account using Python
 
-In this quickstart, you’ll create a Microsoft Purview (formerly Azure Purview) account programatically using Python. [The python reference for Microsoft Purview](/python/api/azure-mgmt-purview/) is available, but this article will take you through all the steps needed to create an account with Python.
+In this quickstart, you’ll create a Microsoft Purview (formerly Azure Purview) account programatically using Python. [The Python reference for Microsoft Purview](/python/api/azure-mgmt-purview/) is available, but this article will take you through all the steps needed to create an account with Python.
 
 The Microsoft Purview governance portal surfaces tools like the Microsoft Purview Data Map and Microsoft Purview Data Catalog that help you manage and govern your data landscape. By connecting to data across your on-premises, multi-cloud, and software-as-a-service (SaaS) sources, the Microsoft Purview Data Map creates an up-to-date map of your information. It identifies and classifies sensitive data, and provides end-to-end linage. Data consumers are able to discover data across your organization, and data administrators are able to audit, secure, and ensure right use of your data.
 
diff --git a/articles/purview/tutorial-using-python-sdk.md b/articles/purview/tutorial-using-python-sdk.md
@@ -116,7 +116,7 @@ Microsoft Purview now has the required reading right to scan your Blob Storage.
 
 ## Create Python script file
 
-Create a plain text file, and save it as a python script with the suffix .py.
+Create a plain text file, and save it as a Python script with the suffix .py.
 For example: tutorial.py.
 
 ## Instantiate a Scanning, Catalog, and Administration client
@@ -194,7 +194,7 @@ In this section, you'll register your Blob Storage.
 
 1. Gather the resource ID for your storage account by following this guide: [get the resource ID for a storage account.](../storage/common/storage-account-get-info.md#get-the-resource-id-for-a-storage-account)
 
-1. Then, in your python file, define the following information to be able to register the Blob storage programmatically:
+1. Then, in your Python file, define the following information to be able to register the Blob storage programmatically:
 
     ```python
     storage_name = "<name of your Storage Account>"
diff --git a/articles/synapse-analytics/quickstart-transform-data-using-spark-job-definition.md b/articles/synapse-analytics/quickstart-transform-data-using-spark-job-definition.md
@@ -86,7 +86,7 @@ On this panel, you can reference to the Spark job definition to run.
      |Main class name| The fully qualified identifier or the main class that is in the main definition file. <br> Sample: `WordCount`|
      |Command-line arguments| You can add command-line arguments by clicking the **New** button. It should be noted that adding command-line arguments will override the command-line arguments defined by the Spark job definition. <br> *Sample: `abfss://…/path/to/shakespeare.txt` `abfss://…/path/to/result`* <br> |
      |Apache Spark pool| You can select Apache Spark pool from the list.|
-     |Python code reference| Additional python code files used for reference in the main definition file. <br> It supports passing files (.py, .py3, .zip) to the "pyFiles" property. It will override the "pyFiles" property defined in Spark job definition. <br>|
+     |Python code reference| Additional Python code files used for reference in the main definition file. <br> It supports passing files (.py, .py3, .zip) to the "pyFiles" property. It will override the "pyFiles" property defined in Spark job definition. <br>|
      |Reference files | Additional files used for reference in the main definition file. |
      |Dynamically allocate executors| This setting maps to the dynamic allocation property in Spark configuration for Spark Application executors allocation.|
      |Min executors| Min number of executors to be allocated in the specified Spark pool for the job.|
diff --git a/articles/synapse-analytics/spark/apache-spark-development-using-notebooks.md b/articles/synapse-analytics/spark/apache-spark-development-using-notebooks.md
@@ -450,7 +450,7 @@ You can access data in the primary storage account directly. There's no need to
 
 ## IPython Widgets
 
-Widgets are eventful python objects that have a representation in the browser, often as a control like a slider, textbox etc. IPython Widgets only works in Python environment, it's not supported in other languages (e.g. Scala, SQL, C#) yet. 
+Widgets are eventful Python objects that have a representation in the browser, often as a control like a slider, textbox etc. IPython Widgets only works in Python environment, it's not supported in other languages (e.g. Scala, SQL, C#) yet. 
 
 ### To use IPython Widget
 1. You need to import `ipywidgets` module first to use the Jupyter Widget framework.
diff --git a/articles/synapse-analytics/spark/data-sources/apache-spark-cdm-connector.md b/articles/synapse-analytics/spark/data-sources/apache-spark-cdm-connector.md
@@ -62,7 +62,7 @@ When reading CSV data, the connector uses the Spark FAILFAST option by default.
   .option("entity", "permissive") or .option("mode", "failfast")
 ```
 
-For example, [here's an example python sample.](https://github.com/Azure/spark-cdm-connector/blob/master/samples/SparkCDMsamplePython.ipynb)
+For example, [here's an example Python sample.](https://github.com/Azure/spark-cdm-connector/blob/master/samples/SparkCDMsamplePython.ipynb)
 
 ## Writing data
 
diff --git a/articles/virtual-machines/linux/proximity-placement-groups.md b/articles/virtual-machines/linux/proximity-placement-groups.md
@@ -29,7 +29,7 @@ az ppg create \
    -n myPPG \
    -g myPPGGroup \
    -l eastus \
-   -t standard 
+   -t standard \
    --intent-vm-sizes Standard_E64s_v4 Standard_M416ms_v2 \
    -z 1
 ```
diff --git a/articles/virtual-machines/workloads/oracle/oracle-database-backup-azure-backup.md b/articles/virtual-machines/workloads/oracle/oracle-database-backup-azure-backup.md
@@ -1083,7 +1083,7 @@ Now the database has been restored you must recover the database. Please follow
 
 1. Unmount the restore point.
 
-   When all databases on the VM have been successfully recovered you may unmount the restore point. This can be done on the VM using the `unmount` command or in Azure portal from the File Recovery blade. You can also unmount the recovery volumes by running the python script again with the **-clean** option.
+   When all databases on the VM have been successfully recovered you may unmount the restore point. This can be done on the VM using the `unmount` command or in Azure portal from the File Recovery blade. You can also unmount the recovery volumes by running the Python script again with the **-clean** option.
 
    In the VM using unmount:
    ```bash
