Merge pull request #192701 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: TimShererWithAquent

articles/active-directory/authentication/active-directory-passwords-faq.yml

@@ -92,9 +92,10 @@ sections:
         answer: |
             > Yes, there are security features built into password reset to protect it from misuse. 
             >
-            > Users can try only five password reset attempts within a 24 hour period before they're locked out for 24 hours. 
             >
-            > Users can try to validate a phone number, send a SMS, or validate security questions and answers only five times within an hour before they're locked out for 24 hours. 
+            > Users can attempt to validate their information (such as their phone number), but if they're unable to prove their identity five times within a 24-hour period, they're locked out for 24 hours.
+            >
+            > Users can try to validate a phone number, auth app, send a SMS, or validate security questions and answers only five times within an hour before they're locked out for 24 hours. 
             >
             > Users can send an email a maximum of 10 times within a 10 minute period before they're locked out for 24 hours.
             >

articles/active-directory/conditional-access/concept-conditional-access-cloud-apps.md

@@ -97,7 +97,6 @@ The following key applications are included in the Office 365 client app:
 - Microsoft Whiteboard Services
 - Office Delve
 - Office Online
-- Office.com
 - OneDrive
 - Power Apps
 - Power Automate
@@ -202,4 +201,4 @@ For more information about authentication context use in applications, see the f
 
 - [Conditional Access: Conditions](concept-conditional-access-conditions.md)
 - [Conditional Access common policies](concept-conditional-access-policy-common.md)
-- [Client application dependencies](service-dependencies.md)
+- [Client application dependencies](service-dependencies.md)

articles/azure-sql/managed-instance/doc-changes-updates-known-issues.md

@@ -23,7 +23,7 @@ This article lists the currently known issues with [Azure SQL Managed Instance](
 |Issue  |Date discovered  |Status  |Date resolved  |
 |---------|---------|---------|---------|
 |[Querying external table fails with 'not supported' error message](#querying-external-table-fails-with-not-supported-error-message)|Jan 2022|Has Workaround||
-|[When using SQL Server authentication, usernames with '@' are not supported](#when-using-sql-server-authentication-usernames-with--are-not-supported)|Oct 2021|||
+|[When using SQL Server authentication, usernames with '@' are not supported](#when-using-sql-server-authentication-usernames-with--are-not-supported)|Oct 2021|Resolved|Feb 2022|
 |[Misleading error message on Azure portal suggesting recreation of the Service Principal](#misleading-error-message-on-azure-portal-suggesting-recreation-of-the-service-principal)|Sep 2021||Oct 2021|
 |[Changing the connection type does not affect connections through the failover group endpoint](#changing-the-connection-type-does-not-affect-connections-through-the-failover-group-endpoint)|Jan 2021|Has Workaround||
 |[Procedure sp_send_dbmail may transiently fail when @query parameter is used](#procedure-sp_send_dbmail-may-transiently-fail-when--parameter-is-used)|Jan 2021|Has Workaround||
@@ -284,10 +284,6 @@ using (var scope = new TransactionScope())
 
 ## No resolution
 
-### When using SQL Server authentication, usernames with '@' are not supported
-
-Usernames that contain the '@' symbol in the middle (e.g. 'abc@xy') are not able to log in using SQL Server authentication.
-
 ### Azure AD logins and users are not supported in SSDT
 
 SQL Server Data Tools don't fully support Azure AD logins and users.
@@ -313,6 +309,10 @@ Error logs that are available in SQL Managed Instance aren't persisted, and thei
 
 ## Resolved
 
+### When using SQL Server authentication, usernames with '@' are not supported
+
+Usernames that contain the '@' symbol in the middle (e.g. 'abc@xy') are not able to log in using SQL Server authentication.
+
 ### Restoring manual backup without CHECKSUM might fail
 
 In certain circumstances manual backup of databases that was made on a managed instance without CHECKSUM might fail to be restored. In such cases, retry restoring the backup until you're successful.

articles/cognitive-services/Face/ReleaseNotes.md

@@ -47,7 +47,7 @@ The Azure Face service is updated on an ongoing basis. Use this article to stay
 ### New detectable Face attributes
 * The `faceMask` attribute is available with the latest Detection 03 model, along with the additional attribute `"noseAndMouthCovered"` which detects whether the face mask is worn as intended, covering both the nose and mouth. To use the latest mask detection capability, users need to specify the detection model in the API request: assign the model version with the _detectionModel_ parameter to `detection_03`. See [Specify a face detection model](./face-api-how-to-topics/specify-detection-model.md) for more details.
 ### New Face API Recognition Model
-* The new Recognition 04 model is the most accurate recognition model currently available. If you're a new customer, we recommend using this model for verification and identification. It improves upon the accuracy of Recognition 03, including improved recognition for enrolled users wearing face covers (surgical masks, N95 masks, cloth masks). Now customers can build safe and seamless user experiences that detect whether an enrolled user is wearing a face cover with the latest Detection 03 model, and recognize who they are with the latest Recognition 04 model. See [Specify a face recognition model](./face-api-how-to-topics/specify-recognition-model.md) for more details.
+* The new Recognition 04 model is the most accurate recognition model currently available. If you're a new customer, we recommend using this model for verification and identification. It improves upon the accuracy of Recognition 03, including improved recognition for users wearing face covers (surgical masks, N95 masks, cloth masks). Note that we recommend against enrolling images of users wearing face covers as this will lower recognition quality. Now customers can build safe and seamless user experiences that detect whether a user is wearing a face cover with the latest Detection 03 model, and recognize them with the latest Recognition 04 model. See [Specify a face recognition model](./face-api-how-to-topics/specify-recognition-model.md) for more details.
 
 
 ## January 2021
@@ -147,4 +147,4 @@ The Azure Face service is updated on an ongoing basis. Use this article to stay
  [Face - Detect](https://westus.dev.cognitive.microsoft.com/docs/services/563879b61984550e40cbbe8d/operations/563879b61984550f30395236), [Face - Identify](https://westus.dev.cognitive.microsoft.com/docs/services/563879b61984550e40cbbe8d/operations/563879b61984550f30395239), [Face - Find Similar](https://westus.dev.cognitive.microsoft.com/docs/services/563879b61984550e40cbbe8d/operations/563879b61984550f30395237) and [Face - Group](https://westus.dev.cognitive.microsoft.com/docs/services/563879b61984550e40cbbe8d/operations/563879b61984550f30395238).
 * Updated the minimal detectable face size to 36x36 pixels. Faces smaller than 36x36 pixels will not be detected.
 * Deprecated the PersonGroup and Person data in Face V0. Those data cannot be accessed with the Face V1.0 service.
-* Deprecated the V0 endpoint of Face API on June 30, 2016.
+* Deprecated the V0 endpoint of Face API on June 30, 2016.

articles/cosmos-db/sql/sql-api-java-application.md

@@ -250,4 +250,4 @@ Trying to do capacity planning for a migration to Azure Cosmos DB? You can use i
 * If you know typical request rates for your current database workload, read about [estimating request units using Azure Cosmos DB capacity planner](estimate-ru-with-capacity-planner.md)
 
 > [!div class="nextstepaction"]
-> [Build a node.js application with Azure Cosmos DB](sql-api-nodejs-application.md)
+> [Build a Node.js application with Azure Cosmos DB](sql-api-nodejs-application.md)

articles/cosmos-db/sql/sql-api-sdk-node.md

@@ -172,7 +172,7 @@ Add DISTINCT and LIMIT/OFFSET queries (#306)
 
 ### Improved browser experience
 
-While it was possible to use the v2 SDK in the browser, it was not an ideal experience. You needed to Polyfill several node.js built-in libraries and use a bundler like webpack or Parcel. The v3 SDK makes the out of the box experience much better for browser users.
+While it was possible to use the v2 SDK in the browser, it was not an ideal experience. You needed to Polyfill several Node.js built-in libraries and use a bundler like webpack or Parcel. The v3 SDK makes the out of the box experience much better for browser users.
 
 * Replace request internals with fetch (#245)
 * Remove usage of Buffer (#330)

articles/defender-for-iot/organizations/concept-supported-protocols.md

@@ -16,19 +16,20 @@ Defender for IoT can detect the following protocols when identifying assets and
 
 |Brand  |Protocols  |
 |---------|---------|
-|**ABB**     |   IEC61850 MMS (including ABB extension)      |
+|**ABB**     |   ABB 800xA DCS (IEC61850 MMS including ABB extension)      |
 |**ASHRAE**     |    BACnet<br> BACnet BACapp<br> BACnet BVLC     |
 |**Beckhoff**     |   AMS (ADS)<br> Twincat       |
 |**Cisco**     |   CAPWAP Control<br> CAPWAP Data<br> CDP<br>  LWAPP      |
 |**DNP. org**     |   DNP3      |
 |**Emerson**     |   DeltaV<br> Emerson OpenBSI/BSAP<br> Ovation DCS ADMD<br>Ovation DCS DPUSTAT<br> Ovation DCS SSRPC      |
 |**Emerson Fischer**     |  ROC       |
 |**Eurocontrol**     |      ASTERIX   |
-|**GE**     | Bentley Nevada (System 1)<br>  EGD<br>  GSM (GE MarkVI and MarkVIe)<br>  SRTP (GE)        |
+|**GE**     | Bentley Nevada (System 1 / BN3500)<br>  EGD<br>  GSM (GE MarkVI and MarkVIe)<br>  SRTP (GE)        |
+|**Generic Applications** | Active Directory<br> RDP<br> Teamviewer<br> VNC<br>  |
 |**Honeywell**     |    ENAP<br> Experion DCS CDA<br> Experion DCS FDA     |
 |**IEC**     |     Codesys V3<br> ICCP TASE.2/IEC-60870<br> IEC60870-5 (IEC104/101)<br> IEC60870-5-103 (encapsulated serial)<br> IEC61850 GOOSE<br> IEC61850 MMS<br> IEC61850 SMV (SAMPLED-VALUES)<br> LonTalk (LonWorks)    |
 |**IEEE**     |     LLC<br> STP<br> VLAN    |
-|**IETF**     |  ARP<br> DCE RPC<br> DNS<br> FTP (FTP_ADAT<br> FTP_DATA)<br> GSSAPI (RFC2743)<br> HTTP<br> ICMP<br> IPv4<br> IPv6<br> LLDP<br> MDNS<br> NBNS<br> NTLM (NTLMSSP Auth Protocol)<br> RPC<br> SMB / Browse / NBDGM<br> SMB / CIFS<br> SNMP<br> SPNEGO (RFC4178)<br> SSH<br> Syslog<br> Telnet<br> TFTP<br> TPKT<br> UDP       |
+|**IETF**     |  ARP<br> DHCP<br> DCE RPC<br> DNS<br> FTP (FTP_ADAT<br> FTP_DATA)<br> GSSAPI (RFC2743)<br> HTTP<br> ICMP<br> IPv4<br> IPv6<br> LLDP<br> MDNS<br> NBNS<br> NTLM (NTLMSSP Auth Protocol)<br> RPC<br> SMB / Browse / NBDGM<br> SMB / CIFS<br> SNMP<br> SPNEGO (RFC4178)<br> SSH<br> Syslog<br> TCP<br> Telnet<br> TFTP<br> TPKT<br> UDP       |
 |**ISO**     |  CLNP (ISO 8473)<br> COTP (ISO 8073)<br> ISO Industrial Protocol<br>  MQTT (IEC 20922)       |
 |**Medical**     |ASTM<br> HL7         |
 |**Microsoft**     | Horizon community dissectors<br> Horizon proprietary dissectors (developed by customers)        |
@@ -40,7 +41,7 @@ Defender for IoT can detect the following protocols when identifying assets and
 |**Schneider Electric / Invensys**     |   Foxboro Evo<br> Foxboro I/A<br> Trident<br> TriGP<br> TriStation      |
 |**Schneider Electric / Modicon**     |   Modbus RTU      |
 |**Schneider Electric / Wonderware**     |    Wonderware Suitelink     |
-|**Siemens**     | CAMP<br> PCS7<br> PCS7 WinCC – Historian<br> Profinet DCP<br> Profinet Realtime<br> Siemens PHD<br> Siemens S7<br> Siemens S7-Plus<br> Siemens S7-Plus<br> Siemens SICAM<br> Siemens WinCC        |
+|**Siemens**     | CAMP<br> PCS7<br> PCS7 WinCC – Historian<br> Profinet DCP<br> Profinet Realtime<br> Siemens PHD<br> Siemens S7<br> Siemens S7-Plus<br> Siemens SICAM<br> Siemens WinCC        |
 |**Toshiba**     |Toshiba Computer Link         |
 |**Yokogawa**     |   Centum ODEQ (Centum / ProSafe DCS)<br> HIS Equalize<br> Vnet/IP      |
 

articles/defender-for-iot/organizations/connect-sensors.md

@@ -342,7 +342,7 @@ This procedure describes how to install and configure a connection between your
 > [!IMPORTANT]
 > Some organizations must define firewall rules by IP addresses. If this is true for your organization, it's important to know that the Azure public IP ranges are updated weekly.
 >
-> Make sure to download the new JSON file each week and make the required changes on your site to correctly identify services running in Azure. You'll need the updated IP ranges for **AzureIoTHub**, **Storage**, and **EventHub**.
+> Make sure to download the new JSON file each week and make the required changes on your site to correctly identify services running in Azure. You'll need the updated IP ranges for **AzureIoTHub**, **Storage**, and **EventHub**. See the [latest IP ranges](https://www.microsoft.com/en-us/download/details.aspx?id=56519).
 >
 
 ## Connect directly
@@ -355,7 +355,7 @@ This section describes what you need to configure a direct sensor connection to
     - **Threat Intelligence**: `*.blob.core.windows.net`
     - **Eventhub**: `*.servicebus.windows.net`
 
-1. Azure public IP addresses are updated weekly. If you must define firewall rules based on IP addresses, make sure to download the new JSON file each week and make the required changes on your site to correctly identify services running in Azure. You'll need the updated IP ranges for **AzureIoTHub**, **Storage**, and **EventHub**.
+1. Azure public IP addresses are updated weekly. If you must define firewall rules based on IP addresses, make sure to download the new JSON file each week and make the required changes on your site to correctly identify services running in Azure. You'll need the updated IP ranges for **AzureIoTHub**, **Storage**, and **EventHub**. See the [latest IP ranges](https://www.microsoft.com/en-us/download/details.aspx?id=56519).
 
 ## Connect via multi-cloud vendors
 

articles/defender-for-iot/organizations/how-to-set-up-snmp-mib-monitoring.md

@@ -7,9 +7,9 @@ ms.topic: how-to
 
 # Set up SNMP MIB monitoring
 
-You can perform sensor health monitoring by using Simple Network Management Protocol (SNMP). The sensor responds to SNMP queries sent from an authorized monitoring server. The SNMP monitor polls the sensor OIDs periodically (up to 50 times a second).
+Monitoring sensor health is possible through the Simple Network Management Protocol (SNMP). The sensor responds to SNMP requests sent by an authorized monitoring server. The SNMP monitor polls sensor OIDs periodically (up to 50 times a second).
 
-The SNMP supported versions are SNMP v2 or SNMP v3. SNMP uses UDP as its transport protocol with port 161 (SNMP).
+Supported SNMP versions are SNMP version 2 and version 3. The SNMP protocol utilizes UDP as its transport protocol with port 161.
 
 ## Sensor OIDs
 
@@ -33,11 +33,14 @@ Note that:
 - Hardware-related MIBs (CPU usage, CPU temperature, memory usage, disk usage) should be tested on all architectures and physical sensors. CPU temperature on virtual machines is expected to be not applicable.
 - You can download the log that contains all the SNMP queries that the sensor receives, including the connection data and raw data.
 
+## Prerequisites for AES and 3-DES Encryption Support for SNMP Version 3
+- The network management station (NMS) must support Simple Network Management Protocol (SNMP) Version 3 to be able to use this feature.
+- It is important to understand the SNMP architecture and the terminology of the architecture to understand the security model used and how the security model interacts with the other subsystems in the architecture.
+- Before you begin configuring SNMP monitoring, you need to open the port UDP 161 in the firewall.
 
 
 ## Set up SNMP monitoring
 
-1. Before you begin configuring SNMP monitoring, you need to open the port UDP 161 in the firewall.
 1. On the side menu, select **System Settings**.
 2. Expand **Sensor Management**, and select **SNMP MIB Monitoring** :
 3. Select **Add host** and enter the IP address of the server that performs the system health monitoring. You can add multiple servers.
@@ -49,9 +52,12 @@ Note that:
         |--|--|
         | **Username** | The SNMP username can contain up to 32 characters and include any combination of alphanumeric characters (uppercase letters, lowercase letters, and numbers). Spaces are not allowed. <br /> <br />The username for the SNMP v3 authentication must be configured on the system and on the SNMP server. |
         | **Password** | Enter a case-sensitive authentication password. The authentication password can contain 8 to 12 characters and include any combination of alphanumeric characters (uppercase letters, lowercase letters, and numbers). <br /> <br/>The username for the SNMP v3 authentication must be configured on the system and on the SNMP server. |
-        | **Auth Type** | Select MD5 or SHA. |
-        | **Encryption** | Select DES or AES. |
+        | **Auth Type** | Select MD5 or SHA-1. |
+        | **Encryption** | Select DES (56 bit key size)[^1] or AES (AES 128 bits supported)[^2]. |
         | **Secret Key** | The key must contain exactly eight characters and include any combination of alphanumeric characters (uppercase letters, lowercase letters, and numbers). |
+        
+[^1] RFC3414 User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)
+[^2] RFC3826 The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP User-based Security Model
 
 5. Select **Save**.
 

articles/iot-central/core/howto-migrate.md

@@ -24,7 +24,7 @@ The steps to migrate an application from V2 to V3 are:
 
 1. Create a new V3 application from the V2 application.
 1. Configure the V3 application.
-1. Delete to V2 application.
+1. Delete the V2 application.
 
 ## Create a new V3 application