Merge branch 'MicrosoftDocs:main' into cosmos-nosql-howto-geospatial

Author: seesharprun

.openpublishing.redirection.defender-for-cloud.json

@@ -413,7 +413,7 @@
         {
             "source_path_from_root": "/articles/security-center/defender-for-dns-introduction.md",
             "redirect_url": "/azure/defender-for-cloud/defender-for-dns-introduction",
-            "redirect_document_id": true
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/security-center/defender-for-key-vault-introduction.md",
@@ -840,6 +840,11 @@
             "redirect_url": "/azure/defender-for-cloud/enable-agentless-scanning-vms",
             "redirect_document_id": true
         },
+        {
+            "source_path_from_root": "/articles/defender-for-cloud/tutorial-enable-dns-plan.md",
+            "redirect_url": "/azure/defender-for-cloud/defender-for-dns-introduction",
+            "redirect_document_id": true
+        },
         {
             "source_path_from_root": "/articles/defender-for-cloud/defender-for-storage-exclude.md",
             "redirect_url": "/azure/defender-for-cloud/defender-for-storage-classic-enable#exclude-a-storage-account-from-a-protected-subscription-in-the-per-transaction-plan",

articles/active-directory/develop/multi-service-web-app-access-storage.md

@@ -7,7 +7,7 @@ manager: CelesteDG
 ms.service: app-service
 ms.topic: tutorial
 ms.workload: identity
-ms.date: 03/24/2023
+ms.date: 07/31/2023
 ms.author: ryanwi
 ms.reviewer: stsoneff
 ms.devlang: csharp, javascript
@@ -162,6 +162,9 @@ az storage container create \
 
 You need to grant your web app access to the storage account before you can create, read, or delete blobs. In a previous step, you configured the web app running on App Service with a managed identity. Using Azure RBAC, you can give the managed identity access to another resource, just like any security principal. The Storage Blob Data Contributor role gives the web app (represented by the system-assigned managed identity) read, write, and delete access to the blob container and data.
 
+> [!NOTE]
+> Some operations on private blob containers are not supported by Azure RBAC, such as viewing blobs or copying blobs between accounts. A blob container with private access level requires a SAS token for any operation that is not authorized by Azure RBAC.  For more information, see [When to use a shared access signature](/azure/storage/common/storage-sas-overview#when-to-use-a-shared-access-signature).
+
 # [Portal](#tab/azure-portal)
 
 In the [Azure portal](https://portal.azure.com), go into your storage account to grant your web app access. Select **Access control (IAM)** in the left pane, and then select **Role assignments**. You'll see a list of who has access to the storage account. Now you want to add a role assignment to a robot, the app service that needs access to the storage account. Select **Add** > **Add role assignment** to open the **Add role assignment** page.

articles/active-directory/external-identities/auditing-and-reporting.md

@@ -35,12 +35,12 @@ You can dive into each of these events to get the details. For example, let's lo
 
 You can also export these logs from Azure AD and use the reporting tool of your choice to get customized reports.
 
-## Sponsor field for B2B users (preview) 
+## Sponsors field for B2B users (preview) 
 
-You can also manage and track your guest users in the organization using the sponsor feature (preview). The **Sponsor** field on the user account displays who is responsible for the guest user. A sponsor can be a user or a group. To learn more about the sponsor feature (preview), see [Add sponsors to a guest user](b2b-sponsors.md).
+You can also manage and track your guest users in the organization using the sponsors feature (preview). The **Sponsors** field on the user account displays who is responsible for the guest user. A sponsor can be a user or a group. To learn more about the sponsors feature (preview), see [Add sponsors to a guest user](b2b-sponsors.md).
 
 ### Next steps
 
 - [B2B collaboration user properties](user-properties.md)
 - [Leave an organization](leave-the-organization.md)
-- [Troubleshoot B2B collaboration](troubleshoot.md)
+- [Troubleshoot B2B collaboration](troubleshoot.md)

articles/active-directory/multi-tenant-organizations/cross-tenant-synchronization-configure-graph.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: how-to
-ms.date: 04/12/2023
+ms.date: 07/31/2023
 ms.author: jeedes
 
 ---
@@ -31,10 +31,10 @@ You configure and test Azure AD single sign-on for CITI Program in a test enviro
 
 To integrate Azure Active Directory with CITI Program, you need:
 
+* CITI Program Single Sign-On (SSO) enabled subscription. Note that [SSO is a paid service with CITI Program](https://support.citiprogram.org/s/article/single-sign-on-sso-and-shibboleth-technical-specs#General).
 * An Azure AD user account. If you don't already have one, you can [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
 * One of the following roles: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.
 * An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
-* CITI Program single sign-on (SSO) enabled subscription.
 
 ## Add application and assign a test user
 
@@ -78,7 +78,7 @@ Complete the following steps to enable Azure AD single sign-on in the Azure port
 
 	![Screenshot shows the image of attributes configuration.](common/default-attributes.png "Default Attributes")
 
-1. CITI Program application expects urn:oid named attributes to be passed back in the SAML response, which are shown below. These attributes are also pre-populated but you can review them as per your requirements. These are all required.
+1. CITI Program application expects urn: oid named attributes to be passed back in the SAML response, which are shown below. These attributes are also pre-populated but you can review them as per your requirements. These are all required.
 
 	| Name |  Source Attribute|
 	| ---------------|  --------- |
@@ -93,6 +93,7 @@ Complete the following steps to enable Azure AD single sign-on in the Azure port
 	| ---------------|  --------- |
 	| urn:oid:2.16.840.1.113730.3.1.241 | user.displayname |
 	| urn:oid:2.16.840.1.113730.3.1.3 | user.employeeid |
+	| urn:oid:1.3.6.1.4.1.22704.1.1.1.8 | [other user attribute] |
 
 1. On the **Set-up single sign-on with SAML** page, in the **SAML Signing Certificate** section,  find **Federation Metadata XML** and select **Download** to download the certificate and save it on your computer.
 
@@ -132,4 +133,4 @@ CITI Program supports just-in-time user provisioning. First time SSO users will
 
 ## Next steps
 
-Once you configure CITI Program you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
+Once you configure CITI Program you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).

articles/active-directory/saas-apps/citi-program-tutorial.md

@@ -16,7 +16,7 @@ ms.author: eur
 |English (India)|`en-IN` |
 |English (United Kingdom)|`en-GB`|
 |English (United States)|`en-US`|  
-|French (Canada)|`fr-CA`<sup>1</sup> | 
+|French (Canada)|`fr-CA`| 
 |French (France)|`fr-FR`|  
 |German (Germany)|`de-DE`|
 |Italian (Italy)|`it-IT`<sup>1</sup>|
@@ -25,6 +25,7 @@ ms.author: eur
 |Malay (Malaysia)|`ms-MY`<sup>1</sup>|
 |Norwegian Bokmål (Norway)|`nb-NO`<sup>1</sup>|
 |Portuguese (Brazil)|`pt-BR`<sup>1</sup>|
+|Russian (Russia)|`ru-RU`<sup>1</sup>|
 |Spanish (Mexico)|`es-MX` | 
 |Spanish (Spain)|`es-ES` | 
 |Tamil (India)|`ta-IN`<sup>1</sup> | 

articles/ai-services/speech-service/includes/language-support/pronunciation-assessment.md

@@ -96,7 +96,7 @@ With the cross-lingual feature, you can transfer your custom neural voice model
 
 # [Pronunciation assessment](#tab/pronunciation-assessment)
 
-The table in this section summarizes the 19 locales supported for pronunciation assessment, and each language is available on all [Speech to text regions](regions.md#speech-service). Latest update extends support from English to 18 additional languages and quality enhancements to existing features, including accuracy, fluency and miscue assessment. You should specify the language that you're learning or practicing improving pronunciation. The default language is set as `en-US`. If you know your target learning language, [set the locale](how-to-pronunciation-assessment.md#get-pronunciation-assessment-results) accordingly. For example, if you're learning British English, you should specify the language as `en-GB`. If you're teaching a broader language, such as Spanish, and are uncertain about which locale to select, you can run various accent models (`es-ES`, `es-MX`) to determine the one that achieves the highest score to suit your specific scenario. 
+The table in this section summarizes the 20 locales supported for pronunciation assessment, and each language is available on all [Speech to text regions](regions.md#speech-service). Latest update extends support from English to 19 additional languages and quality enhancements to existing features, including accuracy, fluency and miscue assessment. You should specify the language that you're learning or practicing improving pronunciation. The default language is set as `en-US`. If you know your target learning language, [set the locale](how-to-pronunciation-assessment.md#get-pronunciation-assessment-results) accordingly. For example, if you're learning British English, you should specify the language as `en-GB`. If you're teaching a broader language, such as Spanish, and are uncertain about which locale to select, you can run various accent models (`es-ES`, `es-MX`) to determine the one that achieves the highest score to suit your specific scenario. 
 
 [!INCLUDE [Language support include](includes/language-support/pronunciation-assessment.md)]
 

articles/ai-services/speech-service/language-support.md

@@ -5,8 +5,8 @@ keywords: app service, azure app service, scale, app service plan, change, creat
 ms.assetid: 4859d0d5-3e3c-40cc-96eb-f318b2c51a3d
 ms.topic: article
 ms.author: msangapu
-ms.date: 06/29/2023
-ms.custom: seodec18
+ms.date: 07/31/2023
+ms.custom: "UpdateFrequency3"
 
 ---
 # Manage an App Service plan in Azure
@@ -20,27 +20,25 @@ An [Azure App Service plan](overview-hosting-plans.md) provides the resources th
 
 You can create an empty App Service plan, or you can create a plan as part of app creation.
 
-1. In the [Azure portal](https://portal.azure.com), select **Create a resource**.
+1. To start creating an App Service Plan, browse to [https://ms.portal.azure.com/#create/Microsoft.AppServicePlanCreate](https://ms.portal.azure.com/#create/Microsoft.AppServicePlanCreate).
 
-   ![Create a resource in the Azure portal.][createResource] 
+   :::image type="content" source="./media/azure-web-sites-web-hosting-plans-in-depth-overview/create-appserviceplan.png" alt-text="Create an App Service Plan in the Azure portal.":::
 
-1. Select **New** > **Web App** or another kind of App service app.
+2. Configure the **Project Details** section before configuring the App Service plan. 
+  
+3. In the **App Service Plan details** section, name the App Service Plan, then select the **Operating System** and **Region**. Region determines where your App Service plan is created.
 
-   ![Create an app in the Azure portal.][createWebApp] 
+4. When creating a plan, you can select the pricing tier of the new plan. In **Pricing Tier**, select a **Pricing plan** or select **Explore pricing plans** to view additional details. 
 
-2. Configure the **Instance Details** section before configuring the App Service plan. Settings such as **Publish** and **Operating Systems** can change the available pricing tiers for your App Service plan. **Region** determines where your App Service plan is created. 
-   
-3. In the **App Service Plan** section, select an existing plan, or create a plan by selecting **Create new**.
-
-   ![Create an App Service plan.][createASP] 
+5. In the **Zone redundancy** section, select whether the App Service Plan zone redundancy should be enabled or disabled.
 
-4. When creating a plan, you can select the pricing tier of the new plan. In **Sku and size**, select **Change size** to change the pricing tier. 
+6. Select **Review + create** to create the App Service Plan.
 
 <a name="move"></a>
 
 ## Move an app to another App Service plan
 
-You can move an app to another App Service plan, as long as the source plan and the target plan are in the _same resource group, geographical region,and of the same OS type_. Any change in type such as Windows to Linux or any type that is different from the originating type is not supported.
+You can move an app to another App Service plan, as long as the source plan and the target plan are in the _same resource group, geographical region, and of the same OS type_. Any change in type such as Windows to Linux or any type that is different from the originating type is not supported.
 
 
 > [!NOTE]
@@ -96,6 +94,5 @@ To avoid unexpected charges, when you delete the last app in an App Service plan
 > [Scale up an app in Azure](manage-scale-up.md)
 
 [change]: ./media/azure-web-sites-web-hosting-plans-in-depth-overview/change-appserviceplan.png
-[createASP]: ./media/azure-web-sites-web-hosting-plans-in-depth-overview/create-appserviceplan.png
 [createWebApp]: ./media/azure-web-sites-web-hosting-plans-in-depth-overview/create-web-app.png
 [createResource]: ./media/azure-web-sites-web-hosting-plans-in-depth-overview/create-a-resource.png

articles/app-service/app-service-plan-manage.md

@@ -170,6 +170,9 @@ az storage container create \
 
 You need to grant your web app access to the storage account before you can create, read, or delete blobs. In a previous step, you configured the web app running on App Service with a managed identity. Using Azure RBAC, you can give the managed identity access to another resource, just like any security principal. The Storage Blob Data Contributor role gives the web app (represented by the system-assigned managed identity) read, write, and delete access to the blob container and data.
 
+> [!NOTE]
+> Some operations on private blob containers are not supported by Azure RBAC, such as viewing blobs or copying blobs between accounts. A blob container with private access level requires a SAS token for any operation that is not authorized by Azure RBAC.  For more information, see [When to use a shared access signature](/azure/storage/common/storage-sas-overview#when-to-use-a-shared-access-signature).
+
 # [Portal](#tab/azure-portal)
 
 In the [Azure portal](https://portal.azure.com), go into your storage account to grant your web app access. Select **Access control (IAM)** in the left pane, and then select **Role assignments**. You'll see a list of who has access to the storage account. Now you want to add a role assignment to a robot, the app service that needs access to the storage account. Select **Add** > **Add role assignment** to open the **Add role assignment** page.