Merge pull request #201373 from MicrosoftDocs/main

6/13 AM Publish

Author: huypub

.openpublishing.publish.config.json

@@ -434,6 +434,12 @@
       "branch": "main",
       "branch_mapping": {}
     },
+    {
+      "path_to_root": "media-services-video-indexer",
+      "url": "https://github.com/Azure-Samples/media-services-video-indexer",
+      "branch": "main",
+      "branch_mapping": {}
+    },
     {
       "path_to_root": "remote-monitoring-webui",
       "url": "https://github.com/Azure/pcs-remote-monitoring-webui.git",

CODEOWNERS

@@ -11,7 +11,7 @@
 
 # Azure Monitor
 articles/azure-monitor/* @bwren
-articles/azure-monitor/agents @bwren
+articles/azure-monitor/agents @guywi-ms @bwren
 articles/azure-monitor/alerts @abbyMSFT
 articles/azure-monitor/app @AaronMaxwell 
 articles/azure-monitor/autoscale @rboucher

articles/active-directory/develop/refresh-tokens.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 05/25/2021
+ms.date: 06/10/2022
 ms.author: shermanouko
 ms.reviewer: mmacy, ludwignick
 ms.custom: aaddev, identityplatformtop40, fasttrack-edit
@@ -23,41 +23,41 @@ When a client acquires an access token to access a protected resource, the clien
 
 Before reading through this article, it's recommended that you go through the following articles:
 
-* [ID tokens](id-tokens.md) in the Microsoft identity platform.
-* [Access tokens](access-tokens.md) in the Microsoft identity platform.
+- [ID tokens](id-tokens.md) in the Microsoft identity platform.
+- [Access tokens](access-tokens.md) in the Microsoft identity platform.
 
 ## Refresh token lifetime
 
-Refresh tokens have a longer lifetime than access tokens. The default lifetime for the refresh tokens is 24 hours for [single page apps](reference-third-party-cookies-spas.md) and 90 days for all other scenarios. Refresh tokens replace themselves with a fresh token upon every use. The Microsoft identity platform doesn't revoke old refresh tokens when used to fetch new access tokens. Securely delete the old refresh token after acquiring a new one. Refresh tokens need to be stored safely like access tokens or application credentials. 
+Refresh tokens have a longer lifetime than access tokens. The default lifetime for the refresh tokens is 24 hours for [single page apps](reference-third-party-cookies-spas.md) and 90 days for all other scenarios. Refresh tokens replace themselves with a fresh token upon every use. The Microsoft identity platform doesn't revoke old refresh tokens when used to fetch new access tokens. Securely delete the old refresh token after acquiring a new one. Refresh tokens need to be stored safely like access tokens or application credentials.
 
->[!IMPORTANT]
-> Refresh tokens sent to a redirect URI registered as `spa` expire after 24 hours. Additional refresh tokens acquired using the initial refresh token carry over that expiration time, so apps must be prepared to rerun the authorization code flow using an interactive authentication to get a new refresh token every 24 hours. Users do not have to enter their credentials and usually don't even see any related user experience, just a reload of your application. The browser must visit the log-in page in a top-level frame to show the login session. This is due to [privacy features in browsers that block third party cookies](reference-third-party-cookies-spas.md).
+> [!IMPORTANT]
+> Refresh tokens sent to a redirect URI registered as `spa` expire after 24 hours. Additional refresh tokens acquired using the initial refresh token carry over that expiration time, so apps must be prepared to rerun the authorization code flow using an interactive authentication to get a new refresh token every 24 hours. Users don't have to enter their credentials and usually don't even see any related user experience, just a reload of your application. The browser must visit the log-in page in a top-level frame to show the login session. This is due to [privacy features in browsers that block third party cookies](reference-third-party-cookies-spas.md).
 
 ## Refresh token expiration
 
-Refresh tokens can be revoked at any time, because of timeouts and revocations. Your app must handle rejections by the sign-in service gracefully when this occurs. This is done by sending the user to an interactive sign-in prompt to sign in again. 
+Refresh tokens can be revoked at any time, because of timeouts and revocations. Your app must handle rejections by the sign-in service gracefully when this occurs. This is done by sending the user to an interactive sign-in prompt to sign in again.
 
 ### Token timeouts
 
 You can't configure the lifetime of a refresh token. You can't reduce or lengthen their lifetime. Configure sign-in frequency in Conditional Access to define the time periods before a user is required to sign in again. Learn more about [Configuring authentication session management with Conditional Access](../conditional-access/howto-conditional-access-session-lifetime.md).
 
-Not all refresh tokens follow the rules set in the token lifetime policy. Specifically, refresh tokens used in [single page apps](reference-third-party-cookies-spas.md) are always fixed to 24 hours of activity, as if they have a `MaxAgeSessionSingleFactor` policy of 24 hours applied to them. 
+Not all refresh tokens follow the rules set in the token lifetime policy. Specifically, refresh tokens used in [single page apps](reference-third-party-cookies-spas.md) are always fixed to 24 hours of activity, as if they have a `MaxAgeSessionSingleFactor` policy of 24 hours applied to them.
 
 ### Revocation
 
-Refresh tokens can be revoked by the server because of a change in credentials, user action, or admin action.  Refresh tokens fall into two classes: tokens issued to confidential clients (the rightmost column) and tokens issued to public clients (all other columns).
+Refresh tokens can be revoked by the server because of a change in credentials, user action, or admin action. Refresh tokens fall into two classes: tokens issued to confidential clients (the rightmost column) and tokens issued to public clients (all other columns).
 
-| Change | Password-based cookie | Password-based token | Non-password-based cookie | Non-password-based token | Confidential client token |
-|---|-----------------------|----------------------|---------------------------|--------------------------|---------------------------|
-| Password expires | Stays alive | Stays alive | Stays alive | Stays alive | Stays alive |
-| Password changed by user | Revoked | Revoked | Stays alive | Stays alive | Stays alive |
-| User does SSPR | Revoked | Revoked | Stays alive | Stays alive | Stays alive |
-| Admin resets password | Revoked | Revoked | Stays alive | Stays alive | Stays alive |
-| User revokes their refresh tokens [via PowerShell](/powershell/module/azuread/revoke-azureadsignedinuserallrefreshtoken) | Revoked | Revoked | Revoked | Revoked | Revoked |
-| Admin revokes all refresh tokens for a user [via PowerShell](/powershell/module/azuread/revoke-azureaduserallrefreshtoken) | Revoked | Revoked |Revoked | Revoked | Revoked |
-| Single sign-out [on web](v2-protocols-oidc.md#single-sign-out) | Revoked | Stays alive | Revoked | Stays alive | Stays alive |
+| Change                                                                                                                     | Password-based cookie | Password-based token | Non-password-based cookie | Non-password-based token | Confidential client token |
+| -------------------------------------------------------------------------------------------------------------------------- | --------------------- | -------------------- | ------------------------- | ------------------------ | ------------------------- |
+| Password expires                                                                                                           | Stays alive           | Stays alive          | Stays alive               | Stays alive              | Stays alive               |
+| Password changed by user                                                                                                   | Revoked               | Revoked              | Stays alive               | Stays alive              | Stays alive               |
+| User does SSPR                                                                                                             | Revoked               | Revoked              | Stays alive               | Stays alive              | Stays alive               |
+| Admin resets password                                                                                                      | Revoked               | Revoked              | Stays alive               | Stays alive              | Stays alive               |
+| User revokes their refresh tokens [via PowerShell](/powershell/module/azuread/revoke-azureadsignedinuserallrefreshtoken)   | Revoked               | Revoked              | Revoked                   | Revoked                  | Revoked                   |
+| Admin revokes all refresh tokens for a user [via PowerShell](/powershell/module/azuread/revoke-azureaduserallrefreshtoken) | Revoked               | Revoked              | Revoked                   | Revoked                  | Revoked                   |
+| Single sign-out [on web](v2-protocols-oidc.md#single-sign-out)                                                             | Revoked               | Stays alive          | Revoked                   | Stays alive              | Stays alive               |
 
 ## Next steps
 
-* Learn about [configurable token lifetimes](active-directory-configurable-token-lifetimes.md)
-* Check out [Primary Refresh Tokens](../devices/concept-primary-refresh-token.md) for more details on primary refresh tokens.
+- Learn about [configurable token lifetimes](active-directory-configurable-token-lifetimes.md)
+- Check out [Primary Refresh Tokens](../devices/concept-primary-refresh-token.md) for more details on primary refresh tokens.

articles/active-directory/managed-identities-azure-resources/overview.md

@@ -23,7 +23,7 @@ ms.collection: M365-identity-device-management
 
 A common challenge for developers is the management of secrets, credentials, certificates, keys etc used to secure communication between services. Managed identities eliminate the need for developers to manage these credentials. 
 
-While developers can securely store the secrets in [Azure Key Vault](../../key-vault/general/overview.md), services need a way to access Azure Key Vault. Managed identities provide an automatically managed identity in Azure Active Directory for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication. Applications can use managed identities to obtain Azure AD tokens without having manage any credentials.
+While developers can securely store the secrets in [Azure Key Vault](../../key-vault/general/overview.md), services need a way to access Azure Key Vault. Managed identities provide an automatically managed identity in Azure Active Directory for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication. Applications can use managed identities to obtain Azure AD tokens without having to manage any credentials.
 
 The following video shows how you can use managed identities:</br>
 
@@ -68,7 +68,7 @@ For using Managed identities, you have should do the following:
 1. Create a managed identity in Azure. You can choose between system-assigned managed identity or user-assigned managed identity. 
 2. In case of user-assigned managed identity, assign the managed identity to the "source" Azure Resource, such as an Azure Logic App or an Azure Web App.
 3. Authorize the managed identity to have accees to the "target" service.
-4. Use the managed identity to perform access. For this, you can use the Azure SDK with the Azure.Identity library. Some "source" resources offer connectors that know how to use Managed identities for the connections. In that case you simply use the ideantity as a feature of that "source" resource.
+4. Use the managed identity to perform access. For this, you can use the Azure SDK with the Azure.Identity library. Some "source" resources offer connectors that know how to use Managed identities for the connections. In that case you simply use the identity as a feature of that "source" resource.
 
 
 ## What Azure services support the feature?<a name="which-azure-services-support-managed-identity"></a>

articles/azure-monitor/app/sampling.md

@@ -70,6 +70,8 @@ Metric counts such as request rate and exception rate are adjusted to compensate
 > [!NOTE]
 > This section applies to ASP.NET applications, not to ASP.NET Core applications. [Learn about configuring adaptive sampling for ASP.NET Core applications later in this document.](#configuring-adaptive-sampling-for-aspnet-core-applications)
 
+> With ASP.NET Core and with Microsoft.ApplicationInsights.AspNetCore >= 2.15.0 you can configure AppInsights options via appsettings.json
+
 In [`ApplicationInsights.config`](./configuration-with-applicationinsights-config.md), you can adjust several parameters in the `AdaptiveSamplingTelemetryProcessor` node. The figures shown are the default values:
 
 * `<MaxTelemetryItemsPerSecond>5</MaxTelemetryItemsPerSecond>`

articles/azure-monitor/app/statsbeat.md

@@ -65,11 +65,11 @@ N/A
 |Metric Name|Unit|Supported dimensions|
 |-----|-----|-----|
 |Request Success Count|Count| `Resource Provider`, `Attach Type`, `Instrumentation Key`, `Runtime Version`, `Operating System`, `Language`, `Version`, `Endpoint`, `Host`|
-|Requests Failure Count|Count| `Resource Provider`, `Attach Type`, `Instrumentation Key`, `Runtime Version`, `Operating System`, `Language`, `Version`, `Endpoint`, `Host`|
+|Requests Failure Count|Count| `Resource Provider`, `Attach Type`, `Instrumentation Key`, `Runtime Version`, `Operating System`, `Language`, `Version`, `Endpoint`, `Host`, `Status Code`|
 |Request Duration|Count| `Resource Provider`, `Attach Type`, `Instrumentation Key`, `Runtime Version`, `Operating System`, `Language`, `Version`, `Endpoint`, `Host`|
-|Retry Count|Count| `Resource Provider`, `Attach Type`, `Instrumentation Key`, `Runtime Version`, `Operating System`, `Language`, `Version`, `Endpoint`, `Host`|
-|Throttle Count|Count| `Resource Provider`, `Attach Type`, `Instrumentation Key`, `Runtime Version`, `Operating System`, `Language`, `Version`, `Endpoint`, `Host`|
-|Exception Count|Count| `Resource Provider`, `Attach Type`, `Instrumentation Key`, `Runtime Version`, `Operating System`, `Language`, `Version`, `Endpoint`, `Host`|
+|Retry Count|Count| `Resource Provider`, `Attach Type`, `Instrumentation Key`, `Runtime Version`, `Operating System`, `Language`, `Version`, `Endpoint`, `Host`, , `Status Code`|
+|Throttle Count|Count| `Resource Provider`, `Attach Type`, `Instrumentation Key`, `Runtime Version`, `Operating System`, `Language`, `Version`, `Endpoint`, `Host`, `Status Code`|
+|Exception Count|Count| `Resource Provider`, `Attach Type`, `Instrumentation Key`, `Runtime Version`, `Operating System`, `Language`, `Version`, `Endpoint`, `Host`, `Exception Type`|
 
 [!INCLUDE [azure-monitor-log-analytics-rebrand](../../../includes/azure-monitor-instrumentation-key-deprecation.md)]
 #### Attach Statsbeat
@@ -113,10 +113,10 @@ You can also disable this feature by setting the environment variable `APPLICATI
 
 #### [Node](#tab/node)
 
-N/A
+Not supported yet.
 
 #### [Python](#tab/python)
 
-N/A
+Not supported yet.
 
 ---

articles/azure-netapp-files/azure-netapp-files-solution-architectures.md

@@ -20,7 +20,7 @@ This article provides references to best practices that can help you understand
 
 The following diagram summarizes the categories of solution architectures that Azure NetApp Files offers:
 
-![Solution architecture categories](../media/azure-netapp-files/solution-architecture-categories.png)
+:::image type="content" source="../media/azure-netapp-files/solution-architecture-categories.png" alt-text="Solution architecture categories." lightbox="../media/azure-netapp-files/solution-architecture-categories.png":::
 
 ## Linux OSS Apps and Database solutions
 

articles/azure-resource-manager/management/move-support-resources.md

@@ -600,7 +600,7 @@ Jump to a resource provider namespace:
 > [!div class="mx-tableFixed"]
 > | Resource type | Resource group | Subscription | Region move |
 > | ------------- | ----------- | ---------- | ----------- |
-> | communicationservices | Yes | Yes | No |
+> | communicationservices | Yes | Yes <br/><br/> Note that resources with attached phone numbers cannot be moved to subscriptions in different data locations, nor subscriptions that do not support having phone numbers. | No |
 
 ## Microsoft.Compute
 

articles/azure-video-indexer/deploy-with-arm-template.md

@@ -1,6 +1,6 @@
 ---
 title:  Deploy Azure Video Indexer with ARM template
-description: In this tutorial you will create an Azure Video Indexer account by using Azure Resource Manager (ARM) template.
+description: Learn how to create an Azure Video Indexer account by using Azure Resource Manager (ARM) template.
 ms.topic: tutorial
 ms.date: 05/23/2022
 ms.author: juliako
@@ -10,13 +10,13 @@ ms.author: juliako
 
 ## Overview
 
-In this tutorial you will create an Azure Video Indexer account by using Azure Resource Manager (ARM) template (preview).
+In this tutorial, you will create an Azure Video Indexer account by using Azure Resource Manager (ARM) template (preview).
 The resource will be deployed to your subscription and will create the Azure Video Indexer resource based on parameters defined in the avam.template file.
 
 > [!NOTE]
 > This sample is *not* for connecting an existing Azure Video Indexer classic account to an ARM-based Azure Video Indexer account.
 > For full documentation on Azure Video Indexer API, visit the [Developer portal](https://aka.ms/avam-dev-portal) page.
-> The current API Version is "2021-10-27-preview". Check this Repo from time to time to get updates on new API Versions.
+> For the latest API version for Microsoft.VideoIndexer, see the [template reference](/azure/templates/microsoft.videoindexer/accounts?tabs=bicep).
 
 ## Prerequisites
 
@@ -40,7 +40,6 @@ The resource will be deployed to your subscription and will create the Azure Vid
 
     * Create a new Resource group on the same location as your Azure Video Indexer account, using the [New-AzResourceGroup](/powershell/module/az.resources/new-azresourcegroup) cmdlet.
 
-
     ```powershell
     New-AzResourceGroup -Name myResourceGroup -Location eastus
     ```
@@ -52,7 +51,7 @@ The resource will be deployed to your subscription and will create the Azure Vid
     ```
 
 > [!NOTE]
-> If you would like to work with bicep format, inspect the [bicep file](https://github.com/Azure-Samples/media-services-video-indexer/blob/master/ARM-Quick-Start/avam.template.bicep) on this repo.
+> If you would like to work with bicep format, see [Deploy by using Bicep](./deploy-with-bicep.md).
 
 ## Parameters