Merge pull request #234883 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: huypub

articles/azure-maps/how-to-secure-device-code.md

@@ -1,7 +1,7 @@
 ---
-title: How to secure input constrained device with Azure AD and Azure Maps REST APIs
+title: How to secure an input constrained device using  Azure AD and Azure Maps REST API
 titleSuffix: Azure Maps
-description: How to configure a browser-less application which supports sign-in to Azure AD and calls Azure Maps REST APIs.
+description: How to configure a browser-less application that supports sign-in to Azure AD and calls Azure Maps REST API.
 author: eriklindeman
 ms.author: eriklind
 ms.date: 06/12/2020
@@ -10,52 +10,48 @@ ms.service: azure-maps
 services: azure-maps
 ---
 
-# Secure an input constrained device with Azure AD and Azure Maps REST APIs
+# Secure an input constrained device by using Azure Active Directory (Azure AD) and Azure Maps REST APIs
 
-This guide discusses how to secure public applications or devices that cannot securely store secrets or accept browser input. These types of applications fall under the category of IoT or internet of things. Some examples of these applications may include: Smart TV devices or sensor data emitting applications. 
+This guide discusses how to secure public applications or devices that can't securely store secrets or accept browser input. These types of applications fall under the internet of things (IoT) category. Examples include Smart TVs and sensor data emitting applications.
 
 [!INCLUDE [authentication details](./includes/view-authentication-details.md)]
 
 ## Create an application registration in Azure AD
 
 > [!NOTE]
-> * **Prerequisite Reading:** [Scenario: Desktop app that calls web APIs](../active-directory/develop/scenario-desktop-overview.md)
+>
+> * **Prerequisite Reading:** [Scenario: Desktop app that calls web APIs]
 > * The following scenario uses the device code flow, which does not involve a web browser to acquire a token.
 
-Create the device based application in Azure AD to enable Azure AD sign in. This application will be granted access to Azure Maps REST APIs.
+Create the device based application in Azure AD to enable Azure AD sign in, which is granted access to Azure Maps REST APIs.
 
 1. In the Azure portal, in the list of Azure services, select **Azure Active Directory** > **App registrations** > **New registration**.  
 
-    > [!div class="mx-imgBorder"]
-    > ![App registration](./media/how-to-manage-authentication/app-registration.png)
+    :::image type="content" source="./media/how-to-manage-authentication/app-registration.png" alt-text="A screenshot showing application registration in Azure AD":::
 
-2. Enter a **Name**, choose **Accounts in this organizational directory only** as the **Supported account type**. In **Redirect URIs**, specify **Public client / native (mobile & desktop)** then add `https://login.microsoftonline.com/common/oauth2/nativeclient` to the value. For more details please see Azure AD [Desktop app that calls web APIs: App registration](../active-directory/develop/scenario-desktop-app-registration.md). Then **Register** the application.
+2. Enter a **Name**, choose **Accounts in this organizational directory only** as the **Supported account type**. In **Redirect URIs**, specify **Public client / native (mobile & desktop)** then add `https://login.microsoftonline.com/common/oauth2/nativeclient` to the value. For more information, see Azure AD [Desktop app that calls web APIs: App registration]. Then **Register** the application.
 
-    > [!div class="mx-imgBorder"]
-    > ![Add app registration details for name and redirect uri](./media/azure-maps-authentication/devicecode-app-registration.png)
+    :::image type="content" source="./media/azure-maps-authentication/devicecode-app-registration.png" alt-text="A screenshot showing the settings used to register an application.":::
 
-3. Navigate to **Authentication** and enable **Treat application as a public client**. This will enable device code authentication with Azure AD.
+3. Navigate to **Authentication** and enable **Treat application as a public client** to enable device code authentication with Azure AD.
 
-    > [!div class="mx-imgBorder"]
-    > ![Enable app registration as public client](./media/azure-maps-authentication/devicecode-public-client.png)
+    :::image type="content" source="./media/azure-maps-authentication/devicecode-public-client.png" alt-text="A screenshot showing the advanced settings used to specify treating the application as a public client.":::
 
 4. To assign delegated API permissions to Azure Maps, go to the application. Then select **API permissions** > **Add a permission**. Under **APIs my organization uses**, search for and select **Azure Maps**.
 
-    > [!div class="mx-imgBorder"]
-    > ![Add app API permissions](./media/how-to-manage-authentication/app-permissions.png)
+    :::image type="content" source="./media/how-to-manage-authentication/app-permissions.png" alt-text="A screenshot showing where you request API permissions.":::
 
 5. Select the check box next to **Access Azure Maps**, and then select **Add permissions**.
 
-    > [!div class="mx-imgBorder"]
-    > ![Select app API permissions](./media/how-to-manage-authentication/select-app-permissions.png)
+    :::image type="content" source="./media/how-to-manage-authentication/select-app-permissions.png" alt-text="A screenshot showing where you specify the app permissions you require.":::
 
-6. Configure Azure role-based access control (Azure RBAC) for users or groups. See [Grant role-based access for users to Azure Maps](#grant-role-based-access-for-users-to-azure-maps).
+6. Configure Azure role-based access control (Azure RBAC) for users or groups. For more information, see [Grant role-based access for users to Azure Maps].
 
-7. Add code for acquiring token flow in the application, for implementation details see [Device code flow](../active-directory/develop/scenario-desktop-acquire-token-device-code-flow.md). When acquiring tokens, reference the scope: `user_impersonation` which was selected on earlier steps.
+7. Add code for acquiring token flow in the application, for implementation details see [Device code flow]. When acquiring tokens, reference the scope: `user_impersonation` that was selected on earlier steps.
 
     > [!Tip]
     > Use Microsoft Authentication Library (MSAL) to acquire access tokens.
-    > See recommendations on [Desktop app that calls web APIs: Code configuration](../active-directory/develop/scenario-desktop-app-configuration.md)
+    > For more information, see [Desktop app that calls web APIs: Code configuration] in the active directory documentation.
 
 8. Compose the HTTP request with the acquired token from Azure AD, and sent request with a valid HTTP client.
 
@@ -70,7 +66,7 @@ x-ms-client-id: 30d7cc….9f55
 Authorization: Bearer eyJ0e….HNIVN
 ```
 
- The sample request body below is in GeoJSON:
+ The following sample request body is in GeoJSON:
 
 ```json
 {
@@ -96,11 +92,18 @@ Operation-Location: https://us.atlas.microsoft.com/mapData/operations/{udid}?api
 Access-Control-Expose-Headers: Operation-Location
 ```
 
-
 [!INCLUDE [grant role-based access to users](./includes/grant-rbac-users.md)]
 
 ## Next steps
 
 Find the API usage metrics for your Azure Maps account:
+
 > [!div class="nextstepaction"]
-> [View usage metrics](how-to-view-api-usage.md)
+> [View usage metrics]
+
+[Desktop app that calls web APIs: App registration]: ../active-directory/develop/scenario-desktop-app-registration.md
+[Desktop app that calls web APIs: Code configuration]: ../active-directory/develop/scenario-desktop-app-configuration.md
+[Device code flow]: ../active-directory/develop/scenario-desktop-acquire-token-device-code-flow.md
+[Grant role-based access for users to Azure Maps]: #grant-role-based-access-for-users-to-azure-maps
+[Scenario: Desktop app that calls web APIs]: ../active-directory/develop/scenario-desktop-overview.md
+[View usage metrics]: how-to-view-api-usage.md

articles/azure-maps/how-to-secure-spa-app.md

@@ -13,28 +13,28 @@ ms.custom: devx-track-js, subject-rbac-steps
 
 # How to secure a single-page web application with non-interactive sign-in
 
-This article describes how to secure a single-page web application with Azure Active Directory (Azure AD), when the user isn't able to sign in to Azure AD.
+Secure a single-page web application with Azure Active Directory (Azure AD), even when the user isn't able to sign in to Azure AD.
 
-To create this non-interactive authentication flow, we'll create an Azure Function secure web service that's responsible for acquiring access tokens from Azure AD. This web service will be exclusively available only to your single-page web application.
+To create this non-interactive authentication flow, first create an Azure Function secure web service that's responsible for acquiring access tokens from Azure AD. This web service is exclusively available only to your single-page web application.
 
 [!INCLUDE [authentication details](./includes/view-authentication-details.md)]
 
-> [!Tip]
+> [!TIP]
 > Azure Maps can support access tokens from user sign-on or interactive flows. You can use interactive flows for a more restricted scope of access revocation and secret management.
 
 ## Create an Azure function
 
 To create a secured web service application that's responsible for authentication to Azure AD:
 
-1. Create a function in the Azure portal. For more information, see [Getting started with Azure Functions](../azure-functions/functions-get-started.md).
+1. Create a function in the Azure portal. For more information, see [Getting started with Azure Functions].
 
-2. Configure CORS policy on the Azure function to be accessible by the single-page web application. The CORS policy secures browser clients to the allowed origins of your web application. For more information, see [Add CORS functionality](../app-service/app-service-web-tutorial-rest-api.md#add-cors-functionality).
+2. Configure CORS policy on the Azure function to be accessible by the single-page web application. The CORS policy secures browser clients to the allowed origins of your web application. For more information, see [Add CORS functionality].
 
-3. [Add a system-assigned identity](../app-service/overview-managed-identity.md?tabs=dotnet#add-a-system-assigned-identity) on the Azure function to enable creation of a service principal to authenticate to Azure AD.  
+3. [Add a system-assigned identity] on the Azure function to enable creation of a service principal to authenticate to Azure AD.  
 
-4. Grant role-based access for the system-assigned identity to the Azure Maps account. For details, see [Grant role-based access](#grant-role-based-access-for-users-to-azure-maps).
+4. Grant role-based access for the system-assigned identity to the Azure Maps account. For more information, see [Grant role-based access].
 
-5. Write code for the Azure function to obtain Azure Maps access tokens using system-assigned identity with one of the supported mechanisms or the REST protocol. For more information, see [Obtain tokens for Azure resources](../app-service/overview-managed-identity.md?tabs=dotnet#add-a-system-assigned-identity)
+5. Write code for the Azure function to obtain Azure Maps access tokens using system-assigned identity with one of the supported mechanisms or the REST protocol. For more information, see [Obtain tokens for Azure resources].
 
     Here's an example REST protocol:
 
@@ -60,7 +60,7 @@ To create a secured web service application that's responsible for authenticatio
 
 6. Configure security for the Azure function HttpTrigger:
 
-   1. [Create a function access key](../azure-functions/functions-bindings-http-webhook-trigger.md?tabs=csharp#authorization-keys)
+   1. [Create a function access key]
    1. [Secure HTTP endpoint](../azure-functions/functions-bindings-http-webhook-trigger.md?tabs=csharp#secure-an-http-endpoint-in-production) for the Azure function in production.
 
 7. Configure a web application Azure Maps Web SDK.
@@ -111,3 +111,10 @@ Find the API usage metrics for your Azure Maps account:
 Explore other samples that show how to integrate Azure AD with Azure Maps:
 > [!div class="nextstepaction"]
 > [Azure Maps Samples](https://github.com/Azure-Samples/Azure-Maps-AzureAD-Samples/tree/master/src/ClientGrant)
+
+[Getting started with Azure Functions]: ../azure-functions/functions-get-started.md
+[Add CORS functionality]: ../app-service/app-service-web-tutorial-rest-api.md#add-cors-functionality
+[Add a system-assigned identity]: ../app-service/overview-managed-identity.md?tabs=dotnet#add-a-system-assigned-identity
+[Grant role-based access]: #grant-role-based-access-for-users-to-azure-maps
+[Obtain tokens for Azure resources]: ../app-service/overview-managed-identity.md?tabs=dotnet#add-a-system-assigned-identity
+[Create a function access key]: ../azure-functions/functions-bindings-http-webhook-trigger.md?tabs=csharp#authorization-keys

articles/event-hubs/event-hubs-go-get-started-send.md

@@ -142,8 +142,11 @@ import (
 
 func main() {
 
+	// create a container client using a connection string and container name
+	checkClient, err := container.NewClientFromConnectionString("AZURE STORAGE CONNECTION STRING", "CONTAINER NAME", nil)
+	
 	// create a checkpoint store that will be used by the event hub
-	checkpointStore, err := checkpoints.NewBlobStoreFromConnectionString("AZURE STORAGE CONNECTION STRING", "BLOB CONTAINER NAME", nil)
+	checkpointStore, err := checkpoints.NewBlobStore(checkClient, nil)
 
 	if err != nil {
 		panic(err)

articles/virtual-machines/managed-disks-overview.md

@@ -96,7 +96,7 @@ This disk has a maximum capacity of 4,095 GiB, however, many operating systems a
 
 ### Temporary disk
 
-Most VMs contain a temporary disk, which is not a managed disk. The temporary disk provides short-term storage for applications and processes, and is intended to only store data such as page or swap files. Data on the temporary disk may be lost during a [maintenance event](./understand-vm-reboots.md) or when you [redeploy a VM](/troubleshoot/azure/virtual-machines/redeploy-to-new-node-windows?toc=%2fazure%2fvirtual-machines%2fwindows%2ftoc.json). During a successful standard reboot of the VM, data on the temporary disk will persist. For more information about VMs without temporary disks, see [Azure VM sizes with no local temporary disk](azure-vms-no-temp-disk.yml).
+Most VMs contain a temporary disk, which is not a managed disk. The temporary disk provides short-term storage for applications and processes, and is intended to only store data such as page files, swap files, or SQL Server tempdb. Data on the temporary disk may be lost during a [maintenance event](./understand-vm-reboots.md) or when you [redeploy a VM](/troubleshoot/azure/virtual-machines/redeploy-to-new-node-windows?toc=%2fazure%2fvirtual-machines%2fwindows%2ftoc.json). During a successful standard reboot of the VM, data on the temporary disk will persist. For more information about VMs without temporary disks, see [Azure VM sizes with no local temporary disk](azure-vms-no-temp-disk.yml).
 
 On Azure Linux VMs, the temporary disk is typically /dev/sdb and on Windows VMs the temporary disk is D: by default. The temporary disk is not encrypted unless (for server side encryption) you enable encryption at host or (for Azure Disk Encryption) with the [VolumeType parameter set to All on Windows](./windows/disk-encryption-windows.md#enable-encryption-on-a-newly-added-data-disk) or [EncryptFormatAll on Linux](./linux/disk-encryption-linux.md#use-encryptformatall-feature-for-data-disks-on-linux-vms).