Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into clarLive

Author: roygara

.openpublishing.redirection.azure-monitor.json

@@ -346,6 +346,11 @@
             "redirect_url": "/azure/azure-monitor/faq#vm-insights",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/azure-monitor/app/proactive-cloud-services.md" ,
+            "redirect_url": "https://docs.microsoft.com/azure/azure-monitor/alerts/alerts-overview",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/azure-monitor/vm/vminsights-log-search.md" ,
             "redirect_url": "/azure/azure-monitor/alerts/vminsights-log-query",

articles/active-directory/develop/access-tokens.md

@@ -269,7 +269,9 @@ Don't use mutable, human-readable identifiers like `email` or `upn` for uniquely
 
 #### Validate application sign-in
 
-Use the `scp` claim to validate that the user has granted the calling application permission to call the API. Ensure the calling client is allowed to call the API using the `appid` claim.
+* Use the `scp` claim to validate that the user has granted the calling app permission to call your API.
+* Ensure the calling client is allowed to call your API using the `appid` claim (for v1.0 tokens) or the `azp` claim (for v2.0 tokens).
+    * You only need to validate these claims (`appid`, `azp`) if you want to restrict your web API to be called only by pre-determined applications (e.g., line-of-business applications or web APIs called by well-known frontends). APIs intended to allow access from any calling application do not need to validate these claims.
 
 ## User and application tokens
 

articles/active-directory/devices/howto-vm-sign-in-azure-ad-linux.md

@@ -191,7 +191,7 @@ There are two ways to configure role assignments for a VM:
 - Azure Cloud Shell experience
 
 > [!NOTE]
-> The Virtual Machine Administrator Login and Virtual Machine User Login roles use `dataActions` and can be assigned at the management group, subscription, resource group, or resource scope. We recommend that you assign the roles at the management group, subscription, or resource level and not at the individual VM level. This practice avoids the risk of reaching the [Azure role assignments limit](../../role-based-access-control/troubleshooting.md#azure-role-assignments-limit) per subscription.
+> The Virtual Machine Administrator Login and Virtual Machine User Login roles use `dataActions` and can be assigned at the management group, subscription, resource group, or resource scope. We recommend that you assign the roles at the management group, subscription, or resource level and not at the individual VM level. This practice avoids the risk of reaching the [Azure role assignments limit](../../role-based-access-control/troubleshooting.md#limits) per subscription.
 
 ### Azure AD portal
 
@@ -443,7 +443,7 @@ If you get a message that says the token couldn't be retrieved from the local ca
 
 ### Access denied: Azure role not assigned
 
-If you see an "Azure role not assigned" error on your SSH prompt, verify that you've configured Azure RBAC policies for the VM that grants the user either the Virtual Machine Administrator Login role or the Virtual Machine User Login role. If you're having problems with Azure role assignments, see the article [Troubleshoot Azure RBAC](../../role-based-access-control/troubleshooting.md#azure-role-assignments-limit).
+If you see an "Azure role not assigned" error on your SSH prompt, verify that you've configured Azure RBAC policies for the VM that grants the user either the Virtual Machine Administrator Login role or the Virtual Machine User Login role. If you're having problems with Azure role assignments, see the article [Troubleshoot Azure RBAC](../../role-based-access-control/troubleshooting.md#limits).
 
 ### Problems deleting the old (AADLoginForLinux) extension
 

articles/active-directory/devices/howto-vm-sign-in-azure-ad-windows.md

@@ -364,7 +364,7 @@ You might get the following error message when you initiate a remote desktop con
 Verify that you've [configured Azure RBAC policies](../../virtual-machines/linux/login-using-aad.md) for the VM that grant the user the Virtual Machine Administrator Login or Virtual Machine User Login role.
 
 > [!NOTE]
-> If you're having problems with Azure role assignments, see [Troubleshoot Azure RBAC](../../role-based-access-control/troubleshooting.md#azure-role-assignments-limit).
+> If you're having problems with Azure role assignments, see [Troubleshoot Azure RBAC](../../role-based-access-control/troubleshooting.md#limits).
  
 ### Unauthorized client or password change required
 

articles/active-directory/managed-identities-azure-resources/managed-identity-best-practice-recommendations.md

@@ -102,7 +102,7 @@ You'll need to manually delete a user-assigned identity when it's no longer requ
 Role assignments aren't automatically deleted when either system-assigned or user-assigned managed identities are deleted. These role assignments should be manually deleted so the limit of role assignments per subscription isn't exceeded. 
 
 Role assignments that are associated with deleted managed identities
-will be displayed with “Identity not found” when viewed in the portal. [Read more](../../role-based-access-control/troubleshooting.md#role-assignments-with-identity-not-found).
+will be displayed with “Identity not found” when viewed in the portal. [Read more](../../role-based-access-control/troubleshooting.md#symptom---role-assignments-with-identity-not-found).
 
 :::image type="content" source="media/managed-identity-best-practice-recommendations/identity-not-found.png" alt-text="Identity not found for role assignment.":::
 

articles/active-directory/privileged-identity-management/pim-resource-roles-activate-your-roles.md

@@ -19,7 +19,7 @@ ms.collection: M365-identity-device-management
 
 # Activate my Azure resource roles in Privileged Identity Management
 
-Use Privileged Identity Management (PIM) in Azure Active Diretory (Azure AD), part of Microsoft Entra, to allow eligible role members for Azure resources to schedule activation for a future date and time. They can also select a specific activation duration within the maximum (configured by administrators).
+Use Privileged Identity Management (PIM) in Azure Active Directory (Azure AD), part of Microsoft Entra, to allow eligible role members for Azure resources to schedule activation for a future date and time. They can also select a specific activation duration within the maximum (configured by administrators).
 
 This article is for members who need to activate their Azure resource role in Privileged Identity Management.
 
@@ -82,88 +82,90 @@ The following is a sample HTTP request to activate an eligible assignment for an
 ### Request
 
 ````HTTP
-PUT https://management.azure.com/providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleEligibilityScheduleRequests/64caffb6-55c0-4deb-a585-68e948ea1ad6?api-version=2020-10-01-preview
+PUT https://management.azure.com/providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleAssignmentScheduleRequests/fea7a502-9a96-4806-a26f-eee560e52045?api-version=2020-10-01
 ````
 
 ### Request body
 
 ````JSON
-{
-  "properties": {
-    "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
-    "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
-    "requestType": "SelfActivate",
-    "linkedRoleEligibilityScheduleId": "b1477448-2cc6-4ceb-93b4-54a202a89413",
-    "scheduleInfo": {
-      "startDateTime": "2020-09-09T21:35:27.91Z",
-      "expiration": {
-        "type": "AfterDuration",
-        "endDateTime": null,
-        "duration": "PT8H"
-      }
-    },
-    "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'",
-    "conditionVersion": "1.0"
-  }
-}
+{ 
+"properties": { 
+   "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", 
+   "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", 
+   "requestType": "SelfActivate", 
+   "linkedRoleEligibilityScheduleId": "b1477448-2cc6-4ceb-93b4-54a202a89413", 
+   "scheduleInfo": { 
+       "startDateTime": "2020-09-09T21:35:27.91Z", 
+       "expiration": { 
+           "type": "AfterDuration", 
+           "endDateTime": null, 
+           "duration": "PT8H" 
+       } 
+   }, 
+   "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'", 
+   "conditionVersion": "1.0" 
+ } 
+} 
+
 ````
 
 ### Response
 
 Status code: 201
 
 ````HTTP
-{
-  "properties": {
-    "targetRoleAssignmentScheduleId": "c9e264ff-3133-4776-a81a-ebc7c33c8ec6",
-    "targetRoleAssignmentScheduleInstanceId": null,
-    "scope": "/providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f",
-    "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
-    "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
-    "principalType": "User",
-    "requestType": "SelfActivate",
-    "status": "Provisioned",
-    "approvalId": null,
-    "scheduleInfo": {
-      "startDateTime": "2020-09-09T21:35:27.91Z",
-      "expiration": {
-        "type": "AfterDuration",
-        "endDateTime": null,
-        "duration": "PT8H"
-      }
-    },
-    "ticketInfo": {
-      "ticketNumber": null,
-      "ticketSystem": null
-    },
-    "justification": null,
-    "requestorId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
-    "createdOn": "2020-09-09T21:35:27.91Z",
-    "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'",
-    "conditionVersion": "1.0",
-    "expandedProperties": {
-      "scope": {
-        "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f",
-        "displayName": "Pay-As-You-Go",
-        "type": "subscription"
-      },
-      "roleDefinition": {
-        "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
-        "displayName": "Contributor",
-        "type": "BuiltInRole"
-      },
-      "principal": {
-        "id": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
-        "displayName": "User Account",
-        "email": "[email protected]",
-        "type": "User"
-      }
-    }
-  },
-  "name": "fea7a502-9a96-4806-a26f-eee560e52045",
-  "id": "/providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleAssignmentScheduleRequests/fea7a502-9a96-4806-a26f-eee560e52045",
-  "type": "Microsoft.Authorization/RoleAssignmentScheduleRequests"
-}
+{ 
+  "properties": { 
+    "targetRoleAssignmentScheduleId": "c9e264ff-3133-4776-a81a-ebc7c33c8ec6", 
+    "targetRoleAssignmentScheduleInstanceId": null, 
+    "scope": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", 
+    "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", 
+    "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", 
+    "principalType": "User", 
+    "requestType": "SelfActivate", 
+    "status": "Provisioned", 
+    "approvalId": null, 
+    "scheduleInfo": { 
+      "startDateTime": "2020-09-09T21:35:27.91Z", 
+      "expiration": { 
+        "type": "AfterDuration", 
+        "endDateTime": null, 
+        "duration": "PT8H" 
+      } 
+    }, 
+    "ticketInfo": { 
+      "ticketNumber": null, 
+      "ticketSystem": null 
+    }, 
+    "justification": null, 
+    "requestorId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", 
+    "createdOn": "2020-09-09T21:35:27.91Z", 
+    "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'", 
+    "conditionVersion": "1.0", 
+    "expandedProperties": { 
+      "scope": { 
+        "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", 
+        "displayName": "Pay-As-You-Go", 
+        "type": "subscription" 
+      }, 
+      "roleDefinition": { 
+        "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", 
+        "displayName": "Contributor", 
+        "type": "BuiltInRole" 
+      }, 
+      "principal": { 
+        "id": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", 
+        "displayName": "User Account", 
+        "email": "[email protected]", 
+        "type": "User" 
+      } 
+    } 
+  }, 
+  "name": "fea7a502-9a96-4806-a26f-eee560e52045", 
+  "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleAssignmentScheduleRequests/fea7a502-9a96-4806-a26f-eee560e52045", 
+  "type": "Microsoft.Authorization/RoleAssignmentScheduleRequests" 
+} 
+
 ````
 
 ## View the status of your requests

articles/azure-monitor/app/java-in-process-agent.md

@@ -412,15 +412,15 @@ The following table represents currently supported custom telemetry types that y
 - Custom requests, dependencies, and exceptions are supported through `opentelemetry-api`.
 - Any type of the custom telemetry is supported through the [Application Insights Java 2.x SDK](#send-custom-telemetry-by-using-the-2x-sdk).
 
-| Custom telemetry type            | Micrometer | Log4j, logback, JUL | 2.x SDK | opentelemetry-api |
-|---------------------|------------|---------------------|---------|-------------------|
-| Custom events       |            |                     |  Yes    |                   |
-| Custom metrics      |  Yes       |                     |  Yes    |                   |
-| Dependencies        |            |                     |  Yes    |  Yes              |
-| Exceptions          |            |  Yes                |  Yes    |  Yes              |
-| Page views          |            |                     |  Yes    |                   |
-| Requests            |            |                     |  Yes    |  Yes              |
-| Traces              |            |  Yes                |  Yes    |  Yes              |
+| Custom telemetry type | Micrometer | Log4j, logback, JUL | 2.x SDK | opentelemetry-api |
+|-----------------------|------------|---------------------|---------|-------------------|
+| Custom events         |            |                     |  Yes    |                   |
+| Custom metrics        |  Yes       |                     |  Yes    |  Yes              |
+| Dependencies          |            |                     |  Yes    |  Yes              |
+| Exceptions            |            |  Yes                |  Yes    |  Yes              |
+| Page views            |            |                     |  Yes    |                   |
+| Requests              |            |                     |  Yes    |  Yes              |
+| Traces                |            |  Yes                |  Yes    |  Yes              |
 
 Currently, we're not planning to release an SDK with Application Insights 3.x.