Merge pull request #273583 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: Saisang

articles/aks/image-integrity.md

@@ -157,6 +157,13 @@ In this article, we use a self-signed CA cert from the official Ratify documenta
       name: store-oras
     spec:
       name: oras
+    # If you want to you use Workload Identity for Ratify to access Azure Container Registry,
+    # uncomment the following lines, and fill the proper ClientID:
+    # See more: https://ratify.dev/docs/reference/oras-auth-provider
+    # parameters:
+    #  authProvider:
+    #    name: azureWorkloadIdentity
+    #    clientID: XXX
     ---
     apiVersion: config.ratify.deislabs.io/v1beta1
     kind: Verifier

articles/aks/learn/tutorial-kubernetes-workload-identity.md

@@ -103,7 +103,7 @@ To help simplify steps to configure the identities required, the steps below def
 1. Create an Azure Key Vault in resource group you created in this tutorial using the [az keyvault create][az-keyvault-create] command.
 
     ```azurecli-interactive
-    az keyvault create --resource-group "${RESOURCE_GROUP}" --location "${LOCATION}" --name "${KEYVAULT_NAME}"
+    az keyvault create --resource-group "${RESOURCE_GROUP}" --location "${LOCATION}" --name "${KEYVAULT_NAME}" --enable-rbac-authorization false
     ```
 
     The output of this command shows properties of the newly created key vault. Take note of the two properties listed below:

articles/aks/tutorial-kubernetes-paas-services.md

@@ -143,7 +143,7 @@ In previous tutorials, you used a RabbitMQ container to store orders submitted b
     ```
 
 2. Open the `aks-store-quickstart.yaml` file in a text editor.
-3. Remove the existing `rabbitmq` Deployment, ConfigMap, and Service sections and replace the existing `order-service` Deployment section with the following content:
+3. Remove the existing `rabbitmq` StatefulSet, ConfigMap, and Service sections and replace the existing `order-service` Deployment section with the following content:
 
     ```yaml
     apiVersion: apps/v1

articles/aks/tutorial-kubernetes-prepare-app.md

@@ -183,7 +183,7 @@ You can use [Docker Compose][docker-compose] to automate building container imag
 
 ### Docker
 
-1. Create the container image, download the Redis image, and start the application using the `docker compose` command:
+1. Create the container image, download the RabbitMQ image, and start the application using the `docker compose` command:
 
     ```console
     docker compose -f docker-compose-quickstart.yml up -d

articles/iot-hub-device-update/device-update-data-privacy.md

@@ -3,7 +3,7 @@ title: Data privacy for Device Update for Azure IoT Hub
 description: Understand how Device Update for IoT Hub protects data privacy.
 author: eshashah-msft
 ms.author: eshashah
-ms.date: 01/19/2023
+ms.date: 04/26/2024
 ms.topic: conceptual
 ms.service: iot-hub-device-update
 ---
@@ -29,3 +29,7 @@ Microsoft maintains no information and has no access to data that would allow co
 For more information on Microsoft's privacy commitments, see the "Enterprise and developer products" section of the [Microsoft Privacy Statement](https://privacy.microsoft.com/en-us/privacystatement).
 
 For more information about data residency with Device Update, see [Regional mapping for disaster recovery for Device Update](device-update-region-mapping.md).
+
+**Device Update usage of Content Delivery Networks**
+
+In order to maintain the scalability and availability of your imported updates, the Device Update for IoT Hub service distributes imported updates to select global Content Delivery Networks (CDNs). This allows your IoT devices to download your imported updates from the closest available CDN endpoint, increasing download speed and reliability. To learn more, visit [Content Delivery Networks](/azure/architecture/best-practices/cdn).

articles/key-vault/general/security-features.md

@@ -102,7 +102,7 @@ When you create a key vault in a resource group, you manage access by using Micr
 - **Resource group**: An Azure role assigned at the resource group level applies to all resources in that resource group.
 - **Specific resource**: An Azure role assigned for a specific resource applies to that resource. In this case, the resource is a specific key vault.
 
-There are several predefined roles. If a predefined role doesn't fit your needs, you can define your own role. For more information, see [Azure RBAC: Built-in roles](../../role-based-access-control/built-in-roles.md)w
+There are several predefined roles. If a predefined role doesn't fit your needs, you can define your own role. For more information, see [Azure RBAC: Built-in roles](../../role-based-access-control/built-in-roles.md).
 
 > [!IMPORTANT]
 > When using the Access Policy permission model, if a user has `Contributor`, `Key Vault Contributor` or other role with `Microsoft.KeyVault/vaults/write` permissions to a key vault management plane, the user can grant themselves access to the data plane by setting a Key Vault access policy. You should tightly control who has `Contributor` role access to your key vaults with the Access Policy permission model to ensure that only authorized persons can access and manage your key vaults, keys, secrets, and certificates. It is recommended to use the new **Role Based Access Control (RBAC) permission model** to avoid this issue. With the RBAC permission model, permission management is limited to 'Owner' and 'User Access Administrator' roles, which allows separation of duties between roles for security operations and general administrative operations.

articles/postgresql/index.yml

@@ -46,6 +46,8 @@ landingContent:
             url: flexible-server/quickstart-create-server-portal.md
           - text: Create an Azure Database for PostgreSQL - Flexible Server instance using ARM template
             url: flexible-server/quickstart-create-server-arm-template.md
+          - text: Create an Azure Database for PostgreSQL - Flexible Server instance using Azure CLI
+            url: flexible-server/quickstart-create-server-cli.md
       - linkListType: tutorial
         links:
           - text: Create App and database server in virtual network
@@ -224,4 +226,4 @@ landingContent:
       - linkListType: learn
         links:
           - text: Azure Database for PostgreSQL - Flexible Server
-            url: /training/paths/introduction-to-azure-postgres/
+            url: /training/paths/introduction-to-azure-postgres/

articles/synapse-analytics/synapse-link/synapse-link-for-sql-known-issues.md

@@ -118,7 +118,7 @@ The following sections list limitations for Azure Synapse Link for SQL.
         EXEC sys.sp_change_feed_disable_db
         ```
 
-### Trying to re-enable change feed on a table for that was recently disabled table will show an error. This is an uncommon behavior.
+### Trying to re-enable change feed on a table for which it was recently disabled will show an error. (This is an uncommon behavior.)
 
 * Applies To - Azure Synapse Link for Azure SQL Database and SQL Server 2022
 * Issue - When you try to enable a table that has been recently disabled with its metadata not yet been cleaned up and state marked as DISABLED, an error is thrown stating `A table can only be enabled once among all table groups`.