Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into diagramsAvail

Author: roygara

articles/aks/csi-secrets-store-configuration-options.md

@@ -69,6 +69,8 @@ To disable auto-rotation, you first need to disable the add-on. Then, you can re
     az aks addon enable -g myResourceGroup -n myAKSCluster2 -a azure-keyvault-secrets-provider
     ```
 
+If you are already using a `SecretProviderClass`, you can update the add-on without disabling it first by using `az aks addon enable` without specifying the `enable-secret-rotation` parameter.
+
 ### Sync mounted content with a Kubernetes secret
 
 > [!NOTE]

articles/aks/media/supported-kubernetes-versions/kubernetes-versions-gantt.png

@@ -19,7 +19,7 @@ Regular maintenance is performed on your AKS cluster automatically. There are tw
 * *AKS-initiated maintenance* involves the weekly releases that AKS performs to keep your cluster up to date with the latest features and fixes.
 * *User-initiated maintenance* includes [cluster auto-upgrades][aks-upgrade] and [node operating system (OS) automatic security updates][node-image-auto-upgrade].
 
-When you use the feature of planned maintenance in AKS, you can run both types of maintenance in a cadence of your choice to minimize workload impact.
+When you use the feature of planned maintenance in AKS, you can run both types of maintenance in a cadence of your choice to minimize workload impact. You can use planned maintenance to schedule the timing of automatic upgrades, but enabling or disabling planned maintenance won't enable or disable automatic upgrades.
 
 ## Before you begin
 

articles/aks/planned-maintenance.md

@@ -195,7 +195,7 @@ azcmagent config set extensions.agent.cpulimit 80
 
 Metadata information about a connected machine is collected after the Connected Machine agent registers with Azure Arc-enabled servers. Specifically:
 
-* Operating system name, type, and version
+* Operating system name, edition, type, and version
 * Computer name
 * Computer manufacturer and model
 * Computer fully qualified domain name (FQDN)
@@ -214,6 +214,15 @@ Metadata information about a connected machine is collected after the Connected
 * Total physical memory
 * Serial number
 * SMBIOS asset tag
+* Network interface information
+  * IP address
+  * Subnet
+* Windows licensing information
+  * OS license status
+  * OS license channel
+  * Extended Security Updates eligibility
+  * Extended Security Updates license status
+  * Extended Security Updates license channel
 * Cloud provider
 * Amazon Web Services (AWS) metadata, when running in AWS:
   * Account ID

articles/azure-arc/servers/agent-overview.md

@@ -11,9 +11,10 @@ ms.service: azure-large-instances
 ms.date: 06/01/2023
 ---
 
-# Azure Large Instances for Epic workload SKUs     
+# Azure Large Instances for Epic workload SKUs
 
 This article provides a list of available Azure Large Instances for Epic<sup>®</sup> workload SKUs.
+
 ## Azure Large Instances availability by region
 
 * West Europe
@@ -30,8 +31,8 @@ Azure Large Instances for Epic<sup>®</sup> workload has limited availability an
 * South Central US
 * West US 2 with Zones support
 
-> [!Note]
-> Zones support refers to availability zones within a region where Azure Large Instances can be deployed across zones for high resiliency and availability. This capability enables support for multi-site active-active scaling.
+>[!Note]
+>Zones support refers to availability zones within a region where Azure Large Instances can be deployed across zones for high resiliency and availability. This capability enables support for multi-site active-active scaling.
 
 ## Azure Large Instances for Epic availability
 
@@ -68,6 +69,10 @@ Azure Large Instances units for Epic deployed in different tenants can't communi
 A deployed tenant in the Azure Large Instances stamp is assigned to one Azure subscription for billing purposes. For a network, it can be accessed from virtual networks of other Azure subscriptions within the same Azure enrollment.
 If you deploy with another Azure subscription in the same Azure region, you also request for a separated Azure Large Instances tenant.
 
+### Operational model
+In addition to its BareMetal offering, Azure Large Instances also has an offering where Microsoft deploys a foundational ESXi environment onto the host servers and subsequent configuration of VMware vCenter by Microsoft as an ESXi VM in the cluster. Microsoft owns the ESXi licenses. On the storage configurations, Azure Large Instances comes with highly redundant Fiber Channel storage provisioned. Microsoft retains the root admin access to ESXi and provides a cloud admin role for customer’s use. The Cloud Admin role in Azure Large Instances Solution has the following privileges on vCenter Server.  
 
+:::image type="content" source="media/support-diagram.png" alt-text="A diagram showing the support responsibilities for Microsoft and partners.":::
 
+For more information, reach out to your Microsoft representative. 
 

articles/azure-large-instances/workloads/epic/available-skus.md

@@ -141,5 +141,10 @@ Accessibility by design is a principle across Microsoft products. UI Library fol
 
 Localization is key to making products for users around the world and who speak different languages. UI Library provides default support for some languages and capabilities, including right-to-left languages. You can provide their own localization files to use with UI Library.
 
+## Known Issues
+
+* The UI library doesn't support updating message type when editing existing messages at this time. Adding rich text formatting to an existing message will add html styling to the text content. Since this does not change the message type, it may result in displaying html content as plain text in the message thread.
+
+
 > [!div class="nextstepaction"]
 > [Visit UI Library storybook](https://azure.github.io/communication-ui-library)

articles/azure-large-instances/workloads/epic/media/support-diagram.png

@@ -85,7 +85,7 @@ EventGridEvent egEvent = new EventGridEvent(
 await client.SendEventAsync(egEvent);
 ```
 
-### Prerequisites
+### SDKs
 
 Following are the prerequisites to authenticate to Event Grid.
 
@@ -124,61 +124,6 @@ For more information, see the following articles:
 - [Azure Event Grid client library for JavaScript](/javascript/api/overview/azure/eventgrid-readme)
 - [Azure Event Grid client library for Python](/python/api/overview/azure/eventgrid-readme)
 
-## Disable key and shared access signature authentication
-
-Microsoft Entra authentication provides a superior authentication support than that's offered by access key or Shared Access Signature (SAS) token authentication. With Microsoft Entra authentication, the identity is validated against Microsoft Entra identity provider. As a developer, you won't have to handle keys in your code if you use Microsoft Entra authentication. You'll also benefit from all security features built into the Microsoft Identity platform, such as [Conditional Access](/entra/identity/conditional-access/overview) that can help you improve your application's security stance. 
-
-Once you decide to use Microsoft Entra authentication, you can disable authentication based on access keys or SAS tokens. 
-
-> [!NOTE]
-> Acess keys or SAS token authentication is a form of **local authentication**. you'll hear sometimes referring to "local auth" when discussing this category of authentication mechanisms that don't rely on Microsoft Entra ID. The API parameter used to disable local authentication is called, appropriately so, ``disableLocalAuth``.
-
-### Azure portal
-
-When creating a new topic, you can disable local authentication on the **Advanced** tab of the **Create Topic** page. 
-
-:::image type="content" source="./media/authenticate-with-microsoft-entra-id/create-topic-disable-local-auth.png" alt-text="Screenshot showing the Advanced tab of Create Topic page when you can disable local authentication.":::
-
-For an existing topic, following these steps to disable local authentication:
-
-1. Navigate to the **Event Grid Topic** page for the topic, and select **Enabled** under **Local Authentication**
-
-    :::image type="content" source="./media/authenticate-with-microsoft-entra-id/existing-topic-local-auth.png" alt-text="Screenshot showing the Overview page of an existing topic.":::
-2. In the **Local Authentication** popup window, select **Disabled**, and select **OK**.
-
-    :::image type="content" source="./media/authenticate-with-microsoft-entra-id/local-auth-popup.png" alt-text="Screenshot showing the Local Authentication window.":::
-
-
-### Azure CLI
-The following CLI command shows the way to create a custom topic with local authentication disabled. The disable local auth feature is currently available as a preview and you need to use API version ``2021-06-01-preview``.
-
-```cli
-az resource create --subscription <subscriptionId> --resource-group <resourceGroup> --resource-type Microsoft.EventGrid/topics --api-version 2021-06-01-preview --name <topicName> --location <location> --properties "{ \"disableLocalAuth\": true}"
-```
-
-For your reference, the following are the resource type values that you can use according to the topic you're creating or updating.
-
-| Topic type        | Resource type                        |
-| ------------------| :------------------------------------|
-| Domains           | Microsoft.EventGrid/domains          |
-| Partner Namespace | Microsoft.EventGrid/partnerNamespaces|
-| Custom Topic      | Microsoft.EventGrid/topics           |
-
-### Azure PowerShell
-
-If you're using PowerShell, use the following cmdlets to create a custom topic with local authentication disabled. 
-
-```PowerShell
-
-Set-AzContext -SubscriptionId <SubscriptionId>
-
-New-AzResource -ResourceGroupName <ResourceGroupName> -ResourceType Microsoft.EventGrid/topics -ApiVersion 2021-06-01-preview -ResourceName <TopicName> -Location <Location> -Properties @{disableLocalAuth=$true}
-```
-
-> [!NOTE]
-> - To learn about using the access key or shared access signature authentication, see [Authenticate publishing clients with keys or SAS tokens](security-authenticate-publishing-clients.md)
-> - This article deals with authentication when publishing events to Event Grid (event ingress). Authenticating Event Grid when delivering events (event egress) is the subject of article [Authenticate event delivery to event handlers](security-authentication.md). 
-
 ## Resources
 - Data plane SDKs
     - Java SDK: [GitHub](https://github.com/Azure/azure-sdk-for-java/tree/master/sdk/eventgrid/azure-messaging-eventgrid) | [samples](https://github.com/Azure/azure-sdk-for-java/tree/master/sdk/eventgrid/azure-messaging-eventgrid/src/samples/java/com/azure/messaging/eventgrid) | [migration guide from previous SDK version](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/eventgrid/azure-messaging-eventgrid/migration-guide.md)

articles/communication-services/concepts/ui-library/includes/web-ui-use-cases.md

@@ -58,7 +58,7 @@ Before you create a subscription for the custom topic, create an endpoint for th
    :::image type="content" source="~/reusable-content/ce-skilling/azure/media/template-deployments/deploy-to-azure-button.svg" alt-text="Button to deploy the Resource Manager template to Azure." border="false" link="https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure-Samples%2Fazure-event-grid-viewer%2Fmaster%2Fazuredeploy.json":::
 
 2. On the **Custom deployment** page, do the following steps: 
-    1. For **Resource group**, select the resource group that you created when creating the storage account. It will be easier for you to clean up after you're done with the tutorial by deleting the resource group.  
+    1. For **Resource group**, select an existing resource group or create a resource group.  
     2. For **Site Name**, enter a name for the web app.
     3. For **Hosting plan name**, enter a name for the App Service plan to use for hosting the web app.
     5. Select **Review + create**. 
@@ -68,7 +68,7 @@ Before you create a subscription for the custom topic, create an endpoint for th
 1. The deployment may take a few minutes to complete. Select Alerts (bell icon) in the portal, and then select **Go to resource group**. 
 
     :::image type="content" source="./media/blob-event-quickstart-portal/navigate-resource-group.png" alt-text="Screenshot showing the successful deployment message with a link to navigate to the resource group.":::
-4. On the **Resource group** page, in the list of resources, select the web app that you created. You also see the App Service plan and the storage account in this list. 
+4. On the **Resource group** page, in the list of resources, select the web app (**contosoegriviewer** in the following example) that you created. 
 
     :::image type="content" source="./media/blob-event-quickstart-portal/resource-group-resources.png" alt-text="Screenshot that shows the Resource Group page with the deployed resources.":::
 5. On the **App Service** page for your web app, select the URL to navigate to the web site. The URL should be in this format: `https://<your-site-name>.azurewebsites.net`.

articles/event-grid/authenticate-with-entra-id-namespaces.md

@@ -6,15 +6,27 @@ author: halkazwini
 ms.author: halkazwini
 ms.service: network-watcher
 ms.topic: how-to
-ms.date: 04/29/2024
+ms.date: 05/10/2024
 ms.custom: devx-track-azurepowershell
 
 #CustomerIntent: As an Azure administrator, I want to migrate my network security group flow logs to the new virtual network flow logs so that I can use all the benefits of virtual network flow logs, which overcome some of the network security group flow logs limitations.
 ---
 
 # Migrate from network security group flow logs to virtual network flow logs
 
-In this article, you learn how to migrate your existing network security group flow logs to virtual network flow logs. Virtual network flow logs overcome some of the limitations of network security group flow logs. For more information, see [Virtual network flow logs](vnet-flow-logs-overview.md).
+In this article, you learn how to migrate your existing network security group flow logs to virtual network flow logs using a migration script. Virtual network flow logs overcome some of the limitations of network security group flow logs. For more information, see [Virtual network flow logs](vnet-flow-logs-overview.md).
+
+> [!NOTE]
+> Use the migration script:
+> - when you don't have flow logging enabled on all network interfaces or subnets in a virtual network and you don't want to enable virtual network flow logging on all of them, or
+> - when your network security group flow logs in a virtual network have different configurations, and you want to create virtual network flow logs with those different configurations as the network security group flow logs.
+> 
+> Use Azure Policy:
+> - when you have the same network security group applied to all network interfaces or subnets in a virtual network,
+> - when you have the same network security group flow log configurations for all network interfaces or subnets in a virtual network, or
+> - when you want to enable virtual network flow logging on the virtual network level.
+> 
+> For more information, see [Deploy and configure virtual network flow logs using a built-in policy](vnet-flow-logs-policy.md#deploy-and-configure-virtual-network-flow-logs-using-a-built-in-policy).
 
 ## Prerequisites
 
@@ -122,6 +134,15 @@ In this section, you learn how to use the script file that you downloaded in the
 
     :::image type="content" source="./media/nsg-flow-logs-migrate/delete-flow-logs-confirmation.png" alt-text="Screenshot that shows how to confirm the deletion of migrated flow logs." lightbox="./media/nsg-flow-logs-migrate/delete-flow-logs-confirmation.png":::
 
+## Considerations
+
+- **Scale set with a load balancer**: The migration script enables virtual network flow logging on the subnet that has the scale set virtual machines.
+
+    > [!NOTE]
+    > If network security group flow logging is not enabled on all network interfaces of the scale set, or the network interfaces don't share the same network security group flow log, then a virtual network flow log is created on the subnet with the same configurations as one of the network interfaces of the scale set.
+
+- **PaaS**: The migration script doesn't support environments with PaaS solutions that have network security group flow logs in a user's subscription but target resources are in different subscriptions. For such environments, you should manually enable virtual network flow logging on the virtual network or subnet of the PaaS solution.
+
 ## Related content
 
 - [Network security group flow logs](nsg-flow-logs-overview.md)