Merge pull request #265400 from MicrosoftDocs/main

2/6 11:00 AM IST Publish

Author: Saisang

.openpublishing.publish.config.json

@@ -1215,6 +1215,7 @@
   ".openpublishing.redirection.container-service.json",
   ".openpublishing.redirection.defender-for-cloud.json",
   ".openpublishing.redirection.defender-for-iot.json",
+  ".openpublishing.redirection.guidance.json",
   ".openpublishing.redirection.iot-hub-device-update.json",
   ".openpublishing.redirection.key-vault.json",
   ".openpublishing.redirection.machine-configuration.json",

.openpublishing.redirection.guidance.json

@@ -7,7 +7,7 @@ ms.topic: article
 ms.service: azure-government
 ms.custom: references_regions
 recommendations: false
-ms.date: 11/09/2023
+ms.date: 02/05/2023
 ---
 
 # Azure, Dynamics 365, Microsoft 365, and Power Platform services compliance scope
@@ -50,7 +50,7 @@ For current Azure Government regions and available services, see [Products avail
 This article provides a detailed list of Azure, Dynamics 365, Microsoft 365, and Power Platform cloud services in scope for FedRAMP High, DoD IL2, DoD IL4, DoD IL5, and DoD IL6 authorizations across Azure, Azure Government, and Azure Government Secret cloud environments. For other authorization details in Azure Government Secret and Azure Government Top Secret, contact your Microsoft account representative.
 
 ## Azure public services by audit scope
-*Last updated: November 2023*
+*Last updated: January 2024*
 
 ### Terminology used
 
@@ -88,6 +88,7 @@ This article provides a detailed list of Azure, Dynamics 365, Microsoft 365, and
 | [Azure for Education](https://azureforeducation.microsoft.com/) | ✅ | ✅ |
 | [Azure Information Protection](/azure/information-protection/) | ✅ | ✅ |
 | [Azure Kubernetes Service (AKS)](../../aks/index.yml) | ✅ | ✅ |
+| [Azure Managed Grafana](../../managed-grafana/index.yml) | ✅ | ✅ |
 | [Azure Marketplace portal](https://azuremarketplace.microsoft.com/) | ✅ | ✅ |
 | [Azure Maps](../../azure-maps/index.yml) | ✅ | ✅ |
 | [Azure Monitor](../../azure-monitor/index.yml) (incl. [Application Insights](../../azure-monitor/app/app-insights-overview.md), [Log Analytics](../../azure-monitor/logs/data-platform-logs.md), and [Application Change Analysis](../../azure-monitor/app/change-analysis.md)) | ✅ | ✅ |
@@ -117,7 +118,8 @@ This article provides a detailed list of Azure, Dynamics 365, Microsoft 365, and
 | [Bot Service](/azure/bot-service/) | ✅ | ✅ |
 | [Cloud Services](../../cloud-services/index.yml) | ✅ | ✅ |
 | [Cloud Shell](../../cloud-shell/overview.md) | ✅ | ✅ |
-| [Cognitive Search](../../search/index.yml) (formerly Azure Search) | ✅ | ✅ |
+| [Azure AI Health Bot](/healthbot/) | ✅ | ✅ |
+| [Azure AI Search](../../search/index.yml) (formerly Azure Cognitive Search) | ✅ | ✅ |
 | [Azure AI services: Anomaly Detector](../../ai-services/anomaly-detector/index.yml) | ✅ | ✅ |
 | [Azure AI services: Computer Vision](../../ai-services/computer-vision/index.yml) | ✅ | ✅ |
 | [Azure AI services: Content Moderator](../../ai-services/content-moderator/index.yml) | ✅ | ✅ |
@@ -147,7 +149,7 @@ This article provides a detailed list of Azure, Dynamics 365, Microsoft 365, and
 | [Dedicated HSM](../../dedicated-hsm/index.yml) | ✅ | ✅ |
 | [DevTest Labs](../../devtest-labs/index.yml) | ✅ | ✅ |
 | [DNS](../../dns/index.yml) | ✅ | ✅ |
-| [Dynamics 365 Chat (Omnichannel Engagement Hub)](/dynamics365/omnichannel/introduction-omnichannel) | ✅ | ✅ |
+| [Omnichannel for Customer Service (Formerly Dynamics 365 Chat and Omnichannel Engagement Hub)](/dynamics365/omnichannel/introduction-omnichannel) | ✅ | ✅ |
 | [Dynamics 365 Commerce](/dynamics365/commerce/)| ✅ | ✅ |
 | [Dynamics 365 Customer Service](/dynamics365/customer-service/overview)| ✅ | ✅ |
 | [Dynamics 365 Field Service](/dynamics365/field-service/overview)| ✅ | ✅ |
@@ -167,8 +169,6 @@ This article provides a detailed list of Azure, Dynamics 365, Microsoft 365, and
 | [Azure AI Document Intelligence](../../ai-services/document-intelligence/index.yml) | ✅ | ✅ |
 | [Front Door](../../frontdoor/index.yml) | ✅ | ✅ |
 | [Functions](../../azure-functions/index.yml) | ✅ | ✅ |
-| [GitHub AE](https://docs.github.com/github-ae@latest/admin/overview/about-github-ae) | ✅ | ✅ |
-| [Health Bot](/healthbot/) | ✅ | ✅ |
 | [HDInsight](../../hdinsight/index.yml) | ✅ | ✅ |
 | [HPC Cache](../../hpc-cache/index.yml) | ✅ | ✅ |
 | [Immersive Reader](../../ai-services/immersive-reader/index.yml) | ✅ | ✅ |
@@ -194,7 +194,7 @@ This article provides a detailed list of Azure, Dynamics 365, Microsoft 365, and
 | [Microsoft Defender for Identity](/defender-for-identity/) (formerly Azure Advanced Threat Protection) | ✅ | ✅ |
 | **Service** | **FedRAMP High** | **DoD IL2** |
 | [Microsoft Defender for IoT](../../defender-for-iot/index.yml) (formerly Azure Security for IoT) | ✅ | ✅ |
-| [Microsoft Defender Vulnerability Management](../../defender-for-iot/index.yml) | ✅ | ✅ |
+| [Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/) | ✅ | ✅ |
 | [Microsoft Graph](/graph/) | ✅ | ✅ |
 | [Microsoft Intune](/mem/intune/) | ✅ | ✅ |
 | [Microsoft Purview](../../purview/index.yml) (incl. Data Map, Data Estate Insights, and governance portal) | ✅ | ✅ |
@@ -229,7 +229,6 @@ This article provides a detailed list of Azure, Dynamics 365, Microsoft 365, and
 | [Site Recovery](../../site-recovery/index.yml) | ✅ | ✅ |
 | [SQL Database](/azure/azure-sql/database/sql-database-paas-overview) | ✅ | ✅ |
 | [SQL Managed Instance](/azure/azure-sql/managed-instance/sql-managed-instance-paas-overview) | ✅ | ✅ |
-| [SQL Server Registry](/sql/sql-server/end-of-support/sql-server-extended-security-updates) | ✅ | ✅ |
 | [SQL Server Stretch Database](../../sql-server-stretch-database/index.yml) | ✅ | ✅ |
 | [Storage: Archive](../../storage/blobs/access-tiers-overview.md) | ✅ | ✅ |
 | [Storage: Blobs](../../storage/blobs/index.yml) (incl. [Azure Data Lake Storage Gen2](../../storage/blobs/data-lake-storage-introduction.md)) | ✅ | ✅ |
@@ -312,7 +311,7 @@ This article provides a detailed list of Azure, Dynamics 365, Microsoft 365, and
 | [Azure Resource Manager](../../azure-resource-manager/management/index.yml) | ✅ | ✅ | ✅ | ✅ | ✅ |
 | [Azure Service Manager (RDFE)](/previous-versions/azure/ee460799(v=azure.100)) | ✅ | ✅ | ✅ | ✅ | ✅ |
 | [Azure Sign-up portal](https://signup.azure.com/) | ✅ | ✅ | ✅ | ✅ | |
-| [Azure Stack Bridge](/azure-stack/operator/azure-stack-usage-reporting) | ✅ | ✅ | ✅ | ✅ | ✅ |
+| [Azure Stack](/azure-stack/operator/azure-stack-usage-reporting) | ✅ | ✅ | ✅ | ✅ | ✅ |
 | [Azure Stack Edge](../../databox-online/index.yml) (formerly Data Box Edge) ***** | ✅ | ✅ | ✅ | ✅ | ✅ |
 | [Azure Stack HCI](/azure-stack/hci/) | ✅ | ✅ | ✅ |  |  |
 | [Azure Video Indexer](/azure/azure-video-indexer/)  | ✅ | ✅ | ✅ | | |
@@ -413,7 +412,6 @@ This article provides a detailed list of Azure, Dynamics 365, Microsoft 365, and
 | [Power BI](/power-bi/fundamentals/) | ✅ | ✅ | ✅ | ✅ | ✅ |
 | [Power BI Embedded](/power-bi/developer/embedded/) | ✅ | ✅ | ✅ | ✅ | |
 | [Power Data Integrator for Dataverse](/power-platform/admin/data-integrator) (formerly Dynamics 365 Integrator App) | ✅ | ✅ | ✅ | ✅ | |
-| [Power Query Online](/power-query/) | ✅ | ✅ | ✅ | ✅ | ✅ |
 | [Power Virtual Agents](/power-virtual-agents/) | ✅ | ✅ | ✅ | | |
 | [Private Link](../../private-link/index.yml) | ✅ | ✅ | ✅ | ✅ | |
 | [Public IP](../../virtual-network/ip-services/public-ip-addresses.md) | ✅ | ✅ | ✅ | ✅ | |

.openpublishing.redirection.json

@@ -120,13 +120,13 @@ For detailed steps, see [Assign Azure roles by using the Azure portal](../role-b
 
 ### Create a key vault
 
-User subscription mode requires [Azure Key Vault](/azure/key-vault/general/overview). The key vault must be in the same subscription and region as the Batch account and use a [Vault Access Policy](/azure/key-vault/general/assign-access-policy).
+User subscription mode requires [Azure Key Vault](/azure/key-vault/general/overview). The key vault must be in the same subscription and region as the Batch account.
 
 To create a new key vault:
 
 1. Search for and select **key vaults** from the Azure Search box, and then select **Create** on the **Key vaults** page.
 1. On the **Create a key vault** page, enter a name for the key vault, and choose an existing resource group or create a new one in the same region as your Batch account.
-1. On the **Access configuration** tab, select **Vault access policy** under **Permission model**.
+1. On the **Access configuration** tab, select either **Azure role-based access control** or **Vault access policy** under **Permission model**, and under **Resource access**, check all 3 checkboxes for **Azure Virtual Machine for deployment**, **Azure Resource Manager for template deployment** and **Azure Disk Encryption for volume encryption**.
 1. Leave the remaining settings at default values, select **Review + create**, and then select **Create**.
 
 ### Create a Batch account in user subscription mode
@@ -140,8 +140,18 @@ To create a Batch account in user subscription mode:
 
 ### Grant access to the key vault manually
 
-You can also grant access to the key vault manually.
+You can also grant access to the key vault manually in [Azure portal](https://portal.azure.com).
 
+#### If the Key Vault permission model is **Azure role-based access control**:
+1. Select **Access control (IAM)** from the left navigation of the key vault page.
+1. At the top of the **Access control (IAM)** page, select **Add** > **Add role assignment**.
+1. On the **Add role assignment** screen, under **Role** tab, under **Job function roles** sub tab, select either **Key Vault Secrets Officer** or **Key Vault Administrator** role for the Batch account, and then select **Next**.
+1. On the **Members** tab, select **Select members**. On the **Select members** screen, search for and select **Microsoft Azure Batch**, and then select **Select**.
+1. Click the **Review + create** button on the bottom to go to **Review + assign** tab, and click the **Review + create** button on the bottom again.
+
+For detailed steps, see [Assign Azure roles by using the Azure portal](../role-based-access-control/role-assignments-portal.md).
+
+#### If the Key Vault permission model is **Vault access policy**:
 1. Select **Access policies** from the left navigation of the key vault page.
 1. On the **Access policies** page, select **Create**.
 1. On the **Create an access policy** screen, select a minimum of **Get**, **List**, **Set**, and **Delete** permissions under **Secret permissions**. For [key vaults with soft-delete enabled](/azure/key-vault/general/soft-delete-overview), also select **Recover**.

articles/azure-government/compliance/azure-services-in-fedramp-auditscope.md

@@ -26,19 +26,19 @@ This article shows you how to:
 The application code that runs on your IoT Plug and Play must:
 
 - Connect to Azure IoT Hub using the [Device Provisioning Service (DPS)](../iot-dps/about-iot-dps.md).
-- Follow the [IoT Plug an Play conventions](../iot-develop/concepts-developer-guide-device.md) to implement of telemetry, properties, and commands.
+- Follow the [IoT Plug an Play conventions](../iot/concepts-developer-guide-device.md) to implement of telemetry, properties, and commands.
 
 The application is software that's installed separately from the operating system or is bundled with the operating system in a firmware image that's flashed to the device.
 
-Prior to certifying your device through the certification process for IoT Plug and Play, you will want to validate that the device implementation matches the telemetry, properties and commands defined in the [Digital Twins Definition Language (DTDL)](https://github.com/Azure/opendigitaltwins-dtdl) device model locally prior to submitting to the [Azure IoT Public Model Repository](../iot-develop/concepts-model-repository.md).
+Prior to certifying your device through the certification process for IoT Plug and Play, you will want to validate that the device implementation matches the telemetry, properties and commands defined in the [Digital Twins Definition Language (DTDL)](https://github.com/Azure/opendigitaltwins-dtdl) device model locally prior to submitting to the [Azure IoT Public Model Repository](../iot/concepts-model-repository.md).
 
 To meet the certification requirements, your device must:
 
 - Connects to Azure IoT Hub using the [DPS](../iot-dps/about-iot-dps.md).
 - Implement of telemetry, properties, or commands following the IoT Plug and Play convention.
 - Describe the device interactions with a [DTDL v2](https://aka.ms/dtdl) model.
-- Send the model ID during [DPS registration](../iot-develop/concepts-developer-guide-device.md#dps-payload) in the DPS provisioning payload.
-- Announce the model ID during the [MQTT connection](../iot-develop/concepts-developer-guide-device.md#model-id-announcement).
+- Send the model ID during [DPS registration](../iot/concepts-developer-guide-device.md#dps-payload) in the DPS provisioning payload.
+- Announce the model ID during the [MQTT connection](../iot/concepts-developer-guide-device.md#model-id-announcement).
 
 ## Test with the Azure IoT Extension CLI
 

articles/batch/batch-account-create-portal.md

@@ -37,7 +37,7 @@ While running the tests, if you receive a result of `Passed with warnings`, this
 
 ## When you need help with the model repository
 
-For IoT Plug and Play issues related to the model repository, refer to [our Docs guidance about the device model repository](../iot-develop/concepts-model-repository.md).
+For IoT Plug and Play issues related to the model repository, refer to [our Docs guidance about the device model repository](../iot/concepts-model-repository.md).
 
 ## Next steps
 

articles/certification/how-to-test-pnp.md

@@ -24,7 +24,7 @@ IoT Plug and Play enables solution builders to integrate smart devices with thei
 Promise of IoT Plug and Play certification are:
 
 1.	Defined device models and interfaces are compliant with the [Digital Twin Definition Language](https://github.com/Azure/opendigitaltwins-dtdl)
-1.	Easy integration with Azure IoT based solutions using the [Digital Twin APIs](../iot-develop/concepts-digital-twin.md)  : Azure IoT Hub and Azure IoT Central
+1.	Easy integration with Azure IoT based solutions using the [Digital Twin APIs](../iot/concepts-digital-twin.md)  : Azure IoT Hub and Azure IoT Central
 1.	Product truth validated through testing telemetry from end point to cloud using DTDL 
 
 > [!Note]
@@ -63,7 +63,7 @@ Promise of IoT Plug and Play certification are:
 | **OS**                  | Agnostic                                                     |
 | **Validation Type**     | Automated                                                    |
 | **Validation**          | The [portal workflow](https://certify.azure.com) validates: **1.** Model ID announcement and ensure the device is connected using either the MQTT or MQTT over WebSockets protocol **2.** Models are compliant with the DTDL v2 **3.** Telemetry, properties, and commands are properly implemented and interact between IoT Hub Digital Twin and Device Twin on the device |
-| **Resources**           | [Public Preview Refresh updates](../iot-develop/overview-iot-plug-and-play.md) |
+| **Resources**           | [Public Preview Refresh updates](../iot/overview-iot-plug-and-play.md) |
 
 **[Required] Device models are published in public model repository**
 
@@ -74,7 +74,7 @@ Promise of IoT Plug and Play certification are:
 | **OS**                  | Agnostic                                                     |
 | **Validation Type**     | Automated                                                    |
 | **Validation**          | All device models are required to be published in public repository. Device models are resolved via models available in public repository **1.** User must manually publish the models to the public repository before submitting for the certification. **2.** Note that once the models are published, it is immutable. We strongly recommend publishing only when the models and embedded device code are finalized.*1  *1 User must contact Microsoft support to revoke the models once published to the model repository **3.** [Portal workflow](https://certify.azure.com) checks the existence of the models in the public repository when the device is connected to the certification service |
-| **Resources**           | [Model repository](../iot-develop/overview-iot-plug-and-play.md) |
+| **Resources**           | [Model repository](../iot/overview-iot-plug-and-play.md) |
 
 
 **[If implemented] Device info Interface:  The purpose of test is to validate device info interface is implemented properly in the device code**
@@ -86,7 +86,7 @@ Promise of IoT Plug and Play certification are:
 | **OS**                  | Agnostic                                                     |
 | **Validation Type**     | Automated                                                    |
 | **Validation**          | [Portal workflow](https://certify.azure.com) validates the device code implements device info interface **1.** Checks the values are emitted by the device code to IoT Hub **2.** Checks the interface is implemented in the DCM (this implementation will change in DTDL v2) **3.** Checks properties are not write-able (read only) **4.** Checks the schema type is string and/or long and not null |
-| **Resources**           | [Microsoft defined interface](../iot-develop/overview-iot-plug-and-play.md) |
+| **Resources**           | [Microsoft defined interface](../iot/overview-iot-plug-and-play.md) |
 | **Azure Recommended**  | N/A                                                          |
 
 **[If implemented] Cloud to device:  The purpose of test is to make sure messages can be sent from cloud to devices**