Merge pull request #200558 from MicrosoftDocs/main

Merge main to live, 4 AM

Author: ttorble

articles/active-directory/saas-apps/blinq-provisioning-tutorial.md

@@ -42,11 +42,15 @@ The scenario outlined in this tutorial assumes that you already have the followi
 
 1. Navigate to [Blinq Admin Console](https://dash.blinq.me) in a separate browser tab.
 1. If you aren't logged in to Blinq you will need to do so.
-1. Click on your workspace in the top left corner of the screen.
-1. In the dropdown click **Settings**.
+1. Click on your workspace in the top left hand corner of the screen and select **Settings** in the dropdown menu.
+
+   	[![Screenshot of the Blinq settings option.](media/blinq-provisioning-tutorial/blinq-settings.png)](media/blinq-provisioning-tutorial/blinq-settings.png#lightbox)
+
 1. Under the **Integrations** page you should see **Team Card Provisioning** which contains a URL and Token. You will need to generate the token by clicking **Generate**.
 Copy the **URL** and **Token**. The URL and the Token are to be inserted into the **Tenant URL*** and **Secret Token** field in the Azure portal respectively.
 
+   	[![Screenshot of the Blinq integration page.](media/blinq-provisioning-tutorial/blinq-integrations-page.png)](media/blinq-provisioning-tutorial/blinq-integrations-page.png#lightbox)
+
 ## Step 3. Add Blinq from the Azure AD application gallery
 
 Add Blinq from the Azure AD application gallery to start managing provisioning to Blinq. If you have previously setup Blinq for SSO, you can use the same application. However it's recommended you create a separate app when testing out the integration initially. Learn more about adding an application from the gallery [here](../manage-apps/add-application-portal.md). 

articles/active-directory/saas-apps/media/blinq-provisioning-tutorial/blinq-integrations-page.png

@@ -103,7 +103,7 @@ You must ensure that:
 * The secret is created in the `kube-system` namespace.
 
 ```yaml
-apiVerison: v1
+apiVersion: v1
 kind: Secret
 metadata: 
     name: custom-ca-trust-secret
@@ -136,4 +136,4 @@ For more information on AKS security best practices, see [Best practices for clu
 [az-extension-update]: /cli/azure/extension#az-extension-update
 [az-feature-list]: /cli/azure/feature#az-feature-list
 [az-feature-register]: /cli/azure/feature#az-feature-register
-[az-provider-register]: /cli/azure/provider#az-provider-register
+[az-provider-register]: /cli/azure/provider#az-provider-register

articles/active-directory/saas-apps/media/blinq-provisioning-tutorial/blinq-settings.png

@@ -104,7 +104,7 @@ Follow the next steps to use a managed identity for Azure resources on a Hybrid
     Get-AzVM -DefaultProfile $AzureContext | Select Name
     ```
 
-    If you want the runbook to execute with the system-assigned managed identity, leave the code as-is. If you prefer to use a user-assigned managed identity, then:
+    If you want the runbook to execute with the system-assigned managed identity, leave the code as-is. If you run the runbook in an Azure sandbox instead of Hybrid Runbook Worker and you want to use a user-assigned managed identity, then:
     1. From line 5, remove `$AzureContext = (Connect-AzAccount -Identity).context`,
     1. Replace it with `$AzureContext = (Connect-AzAccount -Identity -AccountId <ClientId>).context`, and
     1. Enter the Client ID.

articles/aks/custom-certificate-authority.md

@@ -97,6 +97,6 @@ The Automation geo-replication service isn't accessible directly to external cus
 
 ## Next steps
 
+* To learn about security guidelines, see [Security best practices in Azure Automation](automation-security-guidelines.md).
 * To learn more about secure assets in Azure Automation, see [Encryption of secure assets in Azure Automation](automation-secure-asset-encryption.md).
-
 * To find out more about geo-replication, see [Creating and using active geo-replication](/azure/azure-sql/database/active-geo-replication-overview).

articles/automation/automation-hrw-run-runbooks.md

@@ -1,6 +1,6 @@
 ---
 title: Manage role permissions and security in Azure Automation
-description: This article describes how to use Azure role-based access control (Azure RBAC), which enables access management for Azure resources.
+description: This article describes how to use Azure role-based access control (Azure RBAC), which enables access management and role permissions for Azure resources.
 services: automation
 ms.subservice: shared-capabilities
 ms.date: 09/10/2021
@@ -9,7 +9,7 @@ ms.custom: devx-track-azurepowershell, subject-rbac-steps
 #Customer intent: As an administrator, I want to understand permissions so that I use the least necessary set of permissions.
 ---
 
-# Manage role permissions and security in Automation
+# Manage role permissions and security in Azure Automation
 
 Azure role-based access control (Azure RBAC) enables access management for Azure resources. Using [Azure RBAC](../role-based-access-control/overview.md), you can segregate duties within your team and grant only the amount of access to users, groups, and applications that they need to perform their jobs. You can grant role-based access to users using the Azure portal, Azure Command-Line tools, or Azure Management APIs.
 
@@ -469,6 +469,7 @@ When a user assigned to the Automation Operator role on the Runbook scope views
 
 ## Next steps
 
+* To learn about security guidelines, see [Security best practices in Azure Automation](automation-security-guidelines.md).
 * To find out more about Azure RBAC using PowerShell, see [Add or remove Azure role assignments using Azure PowerShell](../role-based-access-control/role-assignments-powershell.md).
 * For details of the types of runbooks, see [Azure Automation runbook types](automation-runbook-types.md).
 * To start a runbook, see [Start a runbook in Azure Automation](start-runbooks.md).

articles/automation/automation-managing-data.md

@@ -281,6 +281,7 @@ To revoke access to customer-managed keys, use PowerShell or the Azure CLI. For
 
 ## Next steps
 
+- To learn about security guidelines, see [Security best practices in Azure Automation](automation-security-guidelines.md).
 - To understand Azure Key Vault, see [What is Azure Key Vault?](../key-vault/general/overview.md).
 - To work with certificates, see [Manage certificates in Azure Automation](shared-resources/certificates.md).
 - To handle credentials, see [Manage credentials in Azure Automation](shared-resources/credentials.md).

articles/automation/automation-role-based-access-control.md

@@ -1,13 +1,13 @@
 ---
-title: Azure Automation security guidelines, security best practices Automation.
+title: Azure Automation security guidelines, security best practices Automation jobs.
 description: This article helps you with the guidelines that Azure Automation offers to ensure a secured configuration of Automation account, Hybrid Runbook worker role, authentication certificate and identities, network isolation and policies.
 services: automation
 ms.subservice: shared-capabilities
 ms.date: 02/16/2022
 ms.topic: conceptual 
 ---
 
-# Best practices for security in Azure Automation
+# Security best practices in Azure Automation
 
 This article details the best practices to securely execute the automation jobs.
 [Azure Automation](./overview.md) provides you the platform to orchestrate frequent, time consuming, error-prone infrastructure management and operational tasks, as well as mission-critical operations. This service allows you to execute scripts, known as automation runbooks seamlessly across cloud and hybrid environments. 

articles/automation/automation-secure-asset-encryption.md

@@ -1,6 +1,6 @@
 ---
 title: Automation services in Azure - overview
-description: This article tells what are the Automation services in Azure and how to use it to automate the lifecycle of infrastructure and applications.
+description: This article tells what are the Automation services in Azure and how to compare and use it to automate the lifecycle of infrastructure and applications.
 services: automation
 keywords: azure automation services, automanage, Bicep, Blueprints, Guest Config, Policy, Functions
 ms.date: 03/04/2022