Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into rolyon-abac-attributes-allowed-values-update-v2

Author: rolyon

articles/attestation/policy-version-1-0.md

@@ -19,6 +19,8 @@ This article introduces the workings of the attestation service and the policy e
 
 The minimum version of the policy supported by the service is version 1.0.
 
+:::image type="content" source="./media/maa-policy-version-10.png" alt-text="A diagram showing Azure attestation using policy version 1.0":::
+
 The attestation service flow is as follows:
 - The platform sends the attestation evidence in the attest call to the attestation service.
 - The attestation service parses the evidence and creates a list of claims that is then used in the attestation evaluation. These claims are logically categorized as incoming claims sets.

articles/attestation/policy-version-1-1.md

@@ -17,6 +17,8 @@ This article introduces the workings of the attestation service and the policy e
 
 ## Policy version 1.1
 
+:::image type="content" source="./media/maa-policy-version-11.png" alt-text="A diagram showing Azure attestation using policy version 1.1":::
+
 The attestation flow is as follows:
 - The platform sends the attestation evidence in the attest call to the attestation service.
 - The attestation service parses the evidence and creates a list of claims that is then used during rule evaluation. The claims are logically categorized as incoming claims sets.

articles/attestation/policy-version-1-2.md

@@ -17,6 +17,8 @@ This article introduces the workings of the attestation service and the policy e
 
 ## Policy Version 1.2
 
+:::image type="content" source="./media/maa-policy-version-12.png" alt-text="A diagram showing Azure attestation using policy version 1.2":::
+
 The attestation flow is as follows:
 - The platform sends the attestation evidence in the attest call to the attestation service.
 - The attestation service parses the evidence and creates a list of claims that is then used in the attestation evaluation. The evidence is also parsed and maintained as a JSON format, which is used to provide a broader set of measurements to the policy writer. These claims are logically categorized as incoming claims sets.
@@ -27,7 +29,7 @@ Policy version 1.2 has four segments:
 - **version:** The version is the version number of the grammar.
 - **configurationrules:** During policy evaluation, sometimes it may be required to control the behavior of the policy engine itself. Configuration rules can be used to indicate to the policy evaluation engine how to handle some claims in the evaluation.
 - **authorizationrules:** A collection of claim rules that will be checked first, to determine if attestation should continue to issuancerules. This section should be used to filter out calls that don’t require the issuancerules to be applied. No claims can be issued from this section to the response token. These rules can be used to fail attestation.
-- **issuancerules:** A collection of claim rules that will be evaluated to add information to the attestation result as defined in the policy. The claim rules apply in the order they're defined and are also optional. A collection of claim rules that will be evaluated to add information to the attestation result as defined in the policy. The claim rules apply in the order they are defined and are also optional. These rules can be used to add to the outgoing claim set and the response token, these rules can't be used to fail attestation.
+**issuancerules:** A collection of claim rules that will be evaluated to add information to the attestation result as defined in the policy. The claim rules apply in the order they're defined and are also optional. A collection of claim rules that will be evaluated to add information to the attestation result as defined in the policy. The claim rules apply in the order they are defined and are also optional. These rules can be used to add to the outgoing claim set and the response token, these rules can't be used to fail attestation.
 
 The following **configurationrules** are available to the policy author.
 

articles/attestation/tpm-attestation-concepts.md

@@ -1,5 +1,5 @@
 ---
-title: Azure Attestation TPM attestation overview
+title: TPM attestation overview for Azure
 description: TPM Attestation overview
 services: attestation
 author: prsriva
@@ -38,6 +38,8 @@ Validate the measurements made during the boot using the Azure Attestation servi
 - Relying parties can perform an attestation against the Azure Attestation service, which can be used to validate measurements made during the boot process.
 - A relying party can then rely on the attestation statement to gate access to resources or other actions.
 
+![Conceptual device attestation flow](./media/device-tpm-attestation-flow.png)
+
 Conceptually, TPM attestation can be visualized as above, where the relying party applies Azure Attestation service to verify the platform(s) integrity and any violation of promises, providing the confidence to run workloads or provide access to resources.
 
 ## Protection from malicious boot attacks

articles/cost-management-billing/reservations/exchange-and-refund-azure-reservations.md

@@ -6,7 +6,7 @@ ms.reviewer: primittal
 ms.service: cost-management-billing
 ms.subservice: reservations
 ms.topic: how-to
-ms.date: 11/18/2021
+ms.date: 05/03/2022
 ms.author: banders
 ---
 
@@ -106,6 +106,10 @@ Azure has the following policies for cancellations, exchanges, and refunds.
 - Only reservation order owners can process a refund. [Learn how to Add or change users who can manage a reservation](manage-reserved-vm-instance.md#who-can-manage-a-reservation-by-default).
 - For CSP program, the 50,000 USD limit is per customer.
 
+Let's look at an example with the previous points in mind. If you bought a $300,000 reservation, you can exchange it at any time for another reservation that equals or costs more (of the remaining reservation balance, not the original purchase price). For this example:
+- There's no penalty or annual limits for exchanges. 
+- The refund that results from the exchange doesn't count against the refund limit. 
+
 ## Need help? Contact us.
 
 If you have questions or need help, [create a support request](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest).

articles/iot-hub/iot-hub-devguide-device-twins.md

@@ -26,7 +26,7 @@ Use device twins to:
 
 * Store device-specific metadata in the cloud. For example, the deployment location of a vending machine.
 
-* Report current state information such as available capabilities and conditions from your device app. For example, a device is connected to your IoT hub over cellular or WiFi.
+* Report current state information such as available capabilities and conditions from your device app. For example, whether a device is connected to your IoT hub over cellular or WiFi.
 
 * Synchronize the state of long-running workflows between device app and back-end app. For example, when the solution back end specifies the new firmware version to install, and the device app reports the various stages of the update process.
 
@@ -362,7 +362,9 @@ This information is kept at every level (not just the leaves of the JSON structu
 
 ## Optimistic concurrency
 
-Tags, desired, and reported properties all support optimistic concurrency.
+Tags, desired properties, and reported properties all support optimistic concurrency. If you need to guarantee order of twin property updates, consider implementing synchronization at the application level by waiting for reported properties callback before sending the next update. 
+
+Tags have an ETag, as per [RFC7232](https://tools.ietf.org/html/rfc7232), that represents the tag's JSON representation. You can use ETags in conditional update operations from the solution back end to ensure consistency.
 
 Device twins have an ETag (`etag` property), as per [RFC7232](https://tools.ietf.org/html/rfc7232), that represents the twin's JSON representation. You can use the `etag` property in conditional update operations from the solution back end to ensure consistency. This is the only option for ensuring consistency in operations that involve the `tags` container.
 

articles/marketplace/azure-app-technical-configuration.md

@@ -7,7 +7,7 @@ ms.reviewer: dannyevers
 ms.service: marketplace
 ms.subservice: partnercenter-marketplace-publisher
 ms.topic: how-to
-ms.date: 06/01/2021
+ms.date: 04/29/2022
 ---
 
 # Add technical details for an Azure application offer

articles/storage/scripts/storage-blobs-container-calculate-size-powershell.md

@@ -16,7 +16,7 @@ ms.custom: devx-track-azurepowershell
 
 # Calculate the size of a blob container with PowerShell
 
-This script calculates the size of a container in Azure Blob Storage by totaling the size of the blobs in the container.
+This script calculates the size of a container in Azure Blob Storage. It first displays the total number of bytes used by the blobs within the container, then displays their individual names and lengths.
 
 [!INCLUDE [sample-powershell-install](../../../includes/sample-powershell-install-no-ssh-az.md)]
 
@@ -52,4 +52,4 @@ For a script that calculates container size for billing purposes, see [Calculate
 
 For more information on the Azure PowerShell module, see [Azure PowerShell documentation](/powershell/azure/).
 
-Additional storage PowerShell script samples can be found in [PowerShell samples for Azure Storage](../blobs/storage-samples-blobs-powershell.md).
+Find more PowerShell script samples in [PowerShell samples for Azure Storage](../blobs/storage-samples-blobs-powershell.md).