Merge branch 'main' into redirects

Author: JasonWHowell

.openpublishing.publish.config.json

@@ -1217,6 +1217,7 @@
   ".openpublishing.redirection.baremetal-infrastructure.json",
   ".openpublishing.redirection.blockchain.json",
   ".openpublishing.redirection.container-service.json",
+  ".openpublishing.redirection.data-lake-analytics.json",
   ".openpublishing.redirection.defender-for-cloud.json",
   ".openpublishing.redirection.defender-for-iot.json",
   ".openpublishing.redirection.dev-spaces.json",
@@ -1273,7 +1274,6 @@
   "articles/cost-management-billing/.openpublishing.redirection.cost-management-billing.json",
   "articles/data-catalog/.openpublishing.redirection.data-catalog.json",
   "articles/data-factory/.openpublishing.redirection.data-factory.json",
-  "articles/data-lake-analytics/.openpublishing.redirection.data-lake-analytics.json",
   "articles/databox-online/.openpublishing.redirection.databox-online.json",
   "articles/deployment-environments/.openpublishing.redirection.deployment-environments.json",
   "articles/dev-box/.openpublishing.redirection.dev-box.json",

.openpublishing.redirection.data-lake-analytics.json

@@ -72,23 +72,32 @@ When you scale up/down in instance size, the amount of IP addresses used by the
 
 Because subnet size can't be changed after assignment, use a subnet that's large enough to accommodate whatever scale your app might reach. You should also reserve IP addresses for platform upgrades. To avoid any issues with subnet capacity, use a `/26` with 64 addresses. When you're creating subnets in Azure portal as part of integrating with the virtual network, a minimum size of /27 is required. If the subnet already exists before integrating through the portal, you can use a /28 subnet.
 
->[!NOTE]
-> Windows Containers uses an additional IP address per app for each App Service plan instance, and you need to size the subnet accordingly. If you have for example 10 Windows Container App Service plan instances with 4 apps running, you will need 50 IP addresses and additional addresses to support horizontal (in/out) scale.
->
-> Sample calculation:
->
-> For each App Service plan instance, you need:  
-> 4 Windows Container apps = 4 IP addresses  
-> 1 IP address per App Service plan instance  
-> 4 + 1 = 5 IP addresses
->
-> For 10 instances:  
-> 5 x 10 = 50 IP addresses per App Service plan
->
-> Since you have 1 App Service plan, 1 x 50 = 50 IP addresses.
-
 When you want your apps in your plan to reach a virtual network that apps in another plan already connect to, select a different subnet than the one being used by the pre-existing virtual network integration.
 
+### Windows Containers specific limits
+
+Windows Containers uses an additional IP address per app for each App Service plan instance, and you need to size the subnet accordingly. If you have for example 10 Windows Container App Service plan instances with 4 apps running, you will need 50 IP addresses and additional addresses to support horizontal (in/out) scale.
+
+Sample calculation:
+
+For each App Service plan instance, you need:
+4 Windows Container apps = 4 IP addresses
+1 IP address per App Service plan instance
+4 + 1 = 5 IP addresses
+
+For 10 instances:
+5 x 10 = 50 IP addresses per App Service plan
+
+Since you have 1 App Service plan, 1 x 50 = 50 IP addresses.
+
+You are in addition limited by the number of cores available in the worker SKU used. Each core adds three "networking units". The worker itself uses one unit and each virtual network connection uses one unit. The remaining units can be used for apps.
+
+Sample calculation:
+
+App Service plan instance with 4 apps running and using virtual network integration. The Apps are connected to two different subnets (virtual network connections). This will require 7 networking units (1 worker + 2 connections + 4 apps). The minimum size for running this configuration would be I2v2 (4 cores x 3 units = 12 units).
+
+With I1v2 you can run a maximum of 4 apps using the same (1) connection or 3 apps using 2 connections.
+
 ## Permissions
 
 You must have at least the following Role-based access control permissions on the subnet or at a higher level to configure virtual network integration through Azure portal, CLI or when setting the `virtualNetworkSubnetId` site property directly:

articles/app-service/overview-vnet-integration.md

@@ -3,7 +3,7 @@ title: Azure Automation runbook types
 description: This article describes the types of runbooks that you can use in Azure Automation and considerations for determining which type to use.
 services: automation
 ms.subservice: process-automation
-ms.date: 02/29/2024
+ms.date: 03/23/2024
 ms.topic: conceptual
 ms.custom: references_regions, devx-track-python, devx-track-azurepowershell
 ---
@@ -262,6 +262,9 @@ PowerShell Workflow runbooks are text runbooks based on [Windows PowerShell Work
 
 ### Limitations
 
+* PowerShell workflow isn't supported in PowerShell 7+ versions. Hence, the outdated runbooks can't be upgraded.
+* Inefficient handling of parallel execution compared to newer PowerShell 7+ versions.
+* PowerShell Workflow internally works using multiple processes. Hence, modules available in one process may not be available in another and cause exceptions like *command not found*.
 * You must be familiar with PowerShell Workflow.
 * Runbooks must deal with the additional complexity of PowerShell Workflow, such as [deserialized objects](automation-powershell-workflow.md#deserialized-objects).
 * Runbooks take longer to start than PowerShell runbooks since they must be compiled before running.

articles/automation/automation-runbook-types.md

@@ -3,7 +3,7 @@ title: Runtime environment in Azure Automation
 description: This article provides an overview on Runtime environment in Azure Automation.
 services: automation
 ms.subservice: process-automation
-ms.date: 02/16/2024
+ms.date: 03/23/2024
 ms.topic: conceptual
 ms.custom: references_regions, devx-track-azurecli
 ---
@@ -76,7 +76,6 @@ You can't edit these Runtime environments. However, any changes that are made in
 ## Limitations
 
 - Runtime environment is currently supported in all Public regions except Central India, Germany North, Italy North, Israel Central, Poland Central, UAE Central, and Government clouds.
-- Currently only cloud jobs are supported for newly created runbooks linked to user-created Runtime environments. However, you can link the newly created runbook to system generated Automation Runtime Environment to execute it as a hybrid job.
 - Existing runbooks that are automatically moved from old experience to Runtime environment experience would be able to execute as both cloud and hybrid job. 
 - When the runbook is [updated](manage-runtime-environment.md) and linked to a different Runtime environment, it can be executed as cloud job only.
 - PowerShell Workflow, Graphical PowerShell, and Graphical PowerShell Workflow runbooks only work with System-generated PowerShell-5.1 Runtime environment.

articles/automation/runtime-environment-overview.md

@@ -61,7 +61,7 @@ The following prerequisites must be met prior to installing Azure Monitor Agent.
   -	`<virtual-machine-region-name>`.handler.control.monitor.azure.com (example: westus.handler.control.monitor.azure.com)
   -	`<log-analytics-workspace-id>`.ods.opinsights.azure.com (example: 12345a01-b1cd-1234-e1f2-1234567g8h99.ods.opinsights.azure.com)  
     (If you use private links on the agent, you must also add the [dce endpoints](../essentials/data-collection-endpoint-overview.md#components-of-a-data-collection-endpoint)).
-- **Disk Space**: Required disk space can vary greatly depending upon how an agent is utilized or if the agent is unable to communicate with the destinations where it is instructed to send monitoring data. By default the agent requires 10Gb of disk space to run. The following provides guidance for capacity planning:
+- **Disk Space**: Required disk space can vary greatly depending upon how an agent is utilized or if the agent is unable to communicate with the destinations where it is instructed to send monitoring data. By default the agent requires 10Gb of disk space to run and requires 500MB for agent installation. The following provides guidance for capacity planning:
 
 | Purpose | Environment | Path | Suggested Space |
 |:---|:---|:---|:---|

articles/azure-monitor/agents/azure-monitor-agent-manage.md

@@ -32,5 +32,4 @@ ms.date: 08/24/2023
 | Configure log query auditing to track which users are running queries. | [Log query auditing](../logs/query-audit.md) records the details for each query that's run in a workspace. Treat this audit data as security data and secure the [LAQueryLogs](/azure/azure-monitor/reference/tables/laquerylogs) table appropriately. Configure the audit logs for each workspace to be sent to the local workspace, or consolidate in a dedicated security workspace if you separate your operational and security data. Use [Log Analytics workspace insights](../logs/log-analytics-workspace-insights-overview.md) to periodically review this data and consider creating log search alert rules to proactively notify you if unauthorized users are attempting to run queries. |
 | Determine a strategy to filter or obfuscate sensitive data in your workspace. | You might be collecting data that includes [sensitive information](../logs/personal-data-mgmt.md). Filter records that shouldn't be collected using the configuration for the particular data source. Use a [transformation](../essentials/data-collection-transformations.md) if only particular columns in the data should be removed or obfuscated.<br><br>If you have standards that require the original data to be unmodified, then you can use the ['h' literal](/azure/data-explorer/kusto/query/scalar-data-types/string#obfuscated-string-literals) in KQL queries to obfuscate query results displayed in workbooks. |
 | Purge sensitive data that was accidentally collected. | Check periodically for private data that might have been accidentally collected in your workspace and use [data purge](../logs/personal-data-mgmt.md#exporting-and-deleting-personal-data) to remove it. |
-|Enable Customer Lockbox for Microsoft Azure to approve or reject Microsoft data access requests.|[Customer Lockbox for Microsoft Azure](../../security/fundamentals/customer-lockbox-overview.md) provides you with an interface to review and approve or reject customer data access requests. It's used in cases where a Microsoft engineer needs to access customer data, whether in response to a customer-initiated support ticket or a problem identified by Microsoft.|
-
+|Enable Customer Lockbox for Microsoft Azure to approve or reject Microsoft data access requests.|[Customer Lockbox for Microsoft Azure](../../security/fundamentals/customer-lockbox-overview.md) provides you with an interface to review and approve or reject customer data access requests. It's used in cases where a Microsoft engineer needs to access customer data, whether in response to a customer-initiated support ticket or a problem identified by Microsoft. To enable Customer Lockbox, you need a [dedicated cluster](../logs/logs-dedicated-clusters.md).|

articles/azure-monitor/includes/waf-logs-security.md

@@ -184,7 +184,7 @@ Azure Monitor Logs relies on Azure Storage in specific scenarios. Use [private/c
 
 ## Customer Lockbox for Microsoft Azure
 
-[Customer Lockbox for Microsoft Azure](../../security/fundamentals/customer-lockbox-overview.md) provides an interface for customers to review and approve or reject customer data access requests. It's used in cases where a Microsoft engineer needs to access customer data during a support request.
+[Customer Lockbox for Microsoft Azure](../../security/fundamentals/customer-lockbox-overview.md) provides you with an interface to review and approve or reject customer data access requests. It's used when a Microsoft engineer needs to access customer data, whether in response to a customer-initiated support ticket or a problem identified by Microsoft. To enable Customer Lockbox, you need a [dedicated cluster](../logs/logs-dedicated-clusters.md).
 
 ## Tamper-proofing and immutability 
 

articles/azure-monitor/logs/data-security.md

@@ -652,9 +652,10 @@ If the data export rule includes an unsupported table, the configuration will su
 
 > [!NOTE]
 > We are in a process of adding support for more tables. Please check this article regularly. 
+> Data must be in one of these tables for it to appear in a Data Export Rule.
 
 | Table | Limitations |
-|:---|:---|
+|---|---|
 | AACAudit |  |
 | AACHttpRequest |  |
 | AADB2CRequestLogs |  |

articles/azure-monitor/logs/logs-data-export.md

@@ -208,6 +208,7 @@ Dynamic disk with spanned or striped volumes | Supported, unless you enable the
 VMs with encryption at host | Supported
 Disks with enabled Data Access with Microsoft Entra authentication for disk upload/download | Not Supported
 Storage Replicas | Not supported
+[Performance-plus disks](../virtual-machines/disks-enable-performance.md) | Recovering from snapshot tier (instant restore) will recover disks as performance-plus disks. Recovering from vault does not respect the performance-plus flag and will restore disks as normal disks.
 
 ## VM network support