Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into rolyon-rbac-custom-roles-rest-api

Author: rolyon

articles/active-directory/develop/mark-app-as-publisher-verified.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: how-to
 ms.workload: identity
-ms.date: 11/12/2022
+ms.date: 03/16/2023
 ms.author: ryanwi
 ms.custom: aaddev
 ms.reviewer: xurobert, brianokoyo, ardhanap
@@ -23,7 +23,7 @@ If you are already enrolled in the Microsoft Partner Network (MPN) and have met
 
 1. Sign into the [App Registration portal](https://aka.ms/PublisherVerificationPreview) using [multi-factor authentication](../fundamentals/concept-fundamentals-mfa-get-started.md)
 
-1. Choose an app and click **Branding**. 
+1. Choose an app and click **Branding & properties**. 
 
 1. Click **Add MPN ID to verify publisher** and review the listed requirements.
 
@@ -32,25 +32,25 @@ If you are already enrolled in the Microsoft Partner Network (MPN) and have met
 For more details on specific benefits, requirements, and frequently asked questions see the [overview](publisher-verification-overview.md).
 
 ## Mark your app as publisher verified
-Make sure you have met the [pre-requisites](publisher-verification-overview.md#requirements), then follow these steps to mark your app(s) as Publisher Verified.  
+Make sure you meet the [pre-requisites](publisher-verification-overview.md#requirements), then follow these steps to mark your app(s) as Publisher Verified.  
 
-1. Ensure you are signed in using [multi-factor authentication](../fundamentals/concept-fundamentals-mfa-get-started.md) to an organizational (Azure AD) account that is authorized to make changes to the app(s) you want to mark as Publisher Verified and on the MPN Account in Partner Center.
+1. Sign in using [multi-factor authentication](../fundamentals/concept-fundamentals-mfa-get-started.md) to an organizational (Azure AD) account authorized to make changes to the app you want to mark as Publisher Verified and on the MPN Account in Partner Center.
 
-    - In Azure AD this user must be a member of one of the following [roles](../roles/permissions-reference.md): Application Admin, Cloud Application Admin, or Global Administrator. 
+    - The Azure AD user must have one of the following [roles](../roles/permissions-reference.md): Application Admin, Cloud Application Admin, or Global Administrator. 
 
-    - In Partner Center this user must have of the following [roles](/partner-center/permissions-overview): MPN Admin, Accounts Admin, or a Global Administrator (this is a shared role mastered in Azure AD). 
+    - The user in Partner Center must have the following [roles](/partner-center/permissions-overview): MPN Admin, Accounts Admin, or a Global Administrator (a shared role mastered in Azure AD). 
 
 1. Navigate to the **App registrations** blade:  
 
-1. Click on an app you would like to mark as Publisher Verified and open the **Branding** blade. 
+1. Click on an app you would like to mark as Publisher Verified and open the **Branding & properties** blade. 
 
 1. Ensure the app’s [publisher domain](howto-configure-publisher-domain.md) is set. 
 
 1. Ensure that either the publisher domain or a DNS-verified [custom domain](../fundamentals/add-custom-domain.md) on the tenant matches the domain of the email address used during the verification process for your MPN account.
 
 1. Click **Add MPN ID to verify publisher** near the bottom of the page. 
 
-1. Enter your **MPN ID**. This MPN ID must be for: 
+1. Enter the **MPN ID** for: 
 
     - A valid Microsoft Partner Network account that has completed the verification process.  
 
@@ -60,13 +60,13 @@ Make sure you have met the [pre-requisites](publisher-verification-overview.md#r
 
 1. Wait for the request to process, this may take a few minutes. 
 
-1. If the verification was successful, the publisher verification window will close, returning you to the Branding blade. You will see a blue verified badge next to your verified **Publisher display name**. 
+1. If the verification was successful, the publisher verification window closes, returning you to the **Branding & properties** blade. You see a blue verified badge next to your verified **Publisher display name**. 
 
-1. Users who get prompted to consent to your app will start seeing the badge soon after you have gone through the process successfully, although it may take some time for this to replicate throughout the system. 
+1. Users who get prompted to consent to your app start seeing the badge soon after you've gone through the process successfully, although it may take some time for updates to replicate throughout the system. 
 
-1. Test this functionality by signing into your application and ensuring the verified badge shows up on the consent screen. If you are signed in as a user who has already granted consent to the app, you can use the *prompt=consent* query parameter to force a consent prompt. This parameter should be used for testing only, and never hard-coded into your app's requests.
+1. Test this functionality by signing into your application and ensuring the verified badge shows up on the consent screen. If you're signed in as a user who has already granted consent to the app, you can use the *prompt=consent* query parameter to force a consent prompt. This parameter should be used for testing only, and never hard-coded into your app's requests.
 
-1. Repeat this process as needed for any additional apps you would like the badge to be displayed for. You can use Microsoft Graph to do this more quickly in bulk, and PowerShell cmdlets will be available soon. See [Making Microsoft API Graph calls](troubleshoot-publisher-verification.md#making-microsoft-graph-api-calls) for more info. 
+1. Repeat these steps as needed for any more apps you would like the badge to be displayed for. You can use Microsoft Graph to do this more quickly in bulk, and PowerShell cmdlets will be available soon. See [Making Microsoft API Graph calls](troubleshoot-publisher-verification.md#making-microsoft-graph-api-calls) for more info. 
 
 That’s it! Let us know if you have any feedback about the process, the results, or the feature in general. 
 

articles/active-directory/develop/troubleshoot-publisher-verification.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: troubleshooting
 ms.workload: identity
-ms.date: 10/21/2021
+ms.date: 03/16/2023
 ms.author: ryanwi
 ms.custom: aaddev
 ms.reviewer: ardhanap, jesakowi
@@ -31,7 +31,7 @@ Below are some common issues that may occur during the process.
 - **I don’t know my Microsoft Partner Network ID (MPN ID) or I don’t know who the primary contact for the account is.** 
     1. Navigate to the [MPN enrollment page](https://partner.microsoft.com/dashboard/account/v3/enrollment/joinnow/basicpartnernetwork/new).
     2. Sign in with a user account in the org's primary Azure AD tenant. 
-    3. If an MPN account already exists, this will be recognized and you'll be added to the account. 
+    3. If an MPN account already exists, this is recognized and you are added to the account. 
     4. Navigate to the [partner profile page](https://partner.microsoft.com/pcv/accountsettings/connectedpartnerprofile) where the MPN ID and primary account contact will be listed.
 
 - **I don’t know who my Azure AD Global Administrator (also known as company admin or tenant admin) is, how do I find them? What about the Application Administrator or Cloud Application Administrator?**
@@ -151,7 +151,7 @@ Most commonly caused by the signed-in user not being a member of the proper role
 
     - The MPN ID is correct. 
     - There are no errors or “pending actions” shown, and the verification status under Legal business profile and Partner info both say “authorized” or “success”.
-2. Go to the [MPN tenant management page](https://partner.microsoft.com/dashboard/account/v3/tenantmanagement) and confirm that the tenant the app is registered in and that you're signing with a user account from is on the list of associated tenants. To add another tenant, follow the [multi-tenant-account instructions](/partner-center/multi-tenant-account). Be aware that all Global Admins of any tenant you add will be granted Global Administrator privileges on your Partner Center account.
+2. Go to the [MPN tenant management page](https://partner.microsoft.com/dashboard/account/v3/tenantmanagement) and confirm that the tenant the app is registered in and that you're signing with a user account from is on the list of associated tenants. To add another tenant, follow the [multi-tenant-account instructions](/partner-center/multi-tenant-account). All Global Admins of any tenant you add will be granted Global Administrator privileges on your Partner Center account.
 3. Go to the [MPN User Management page](https://partner.microsoft.com/pcv/users) and confirm the user you're signing in as is either a Global Administrator, MPN Admin, or Accounts Admin. To add a user to a role in Partner Center, follow the instructions for [creating user accounts and setting permissions](/partner-center/create-user-accounts-and-set-permissions).
 
 ### MPNGlobalAccountNotFound

articles/aks/nat-gateway.md

@@ -12,7 +12,7 @@ ms.author: allensu
 
 # Managed NAT Gateway
 
-While you can route egress traffic through an Azure Load Balancer, there are limitations on the amount of outbound flows of traffic you can have. Azure NAT Gateway allows up to 64,512 outbound UDP and TCP traffic flows per IP address with a maximum of 16 IP addresses. 
+While you can route egress traffic through an Azure Load Balancer, there are limitations on the amount of outbound flows of traffic you can have. Azure NAT Gateway allows up to 64,512 outbound UDP and TCP traffic flows per IP address with a maximum of 16 IP addresses.
 
 This article shows you how to create an AKS cluster with a Managed NAT Gateway for egress traffic and how to disable OutboundNAT on Windows.
 
@@ -24,7 +24,9 @@ This article shows you how to create an AKS cluster with a Managed NAT Gateway f
 
 ## Create an AKS cluster with a Managed NAT Gateway
 
-To create an AKS cluster with a new Managed NAT Gateway, use `--outbound-type managedNATGateway`, `--nat-gateway-managed-outbound-ip-count`, and `--nat-gateway-idle-timeout` when running `az aks create`. The following example creates a *myResourceGroup* resource group, then creates a *natCluster* AKS cluster in *myResourceGroup* with a Managed NAT Gateway, two outbound IPs, and an idle timeout of 30 seconds.
+To create an AKS cluster with a new Managed NAT Gateway, use `--outbound-type managedNATGateway`, `--nat-gateway-managed-outbound-ip-count`, and `--nat-gateway-idle-timeout` when running `az aks create`. If you want the NAT gateway to be able to operate out of availability zones, specify the zones using `--zones`.
+
+The following example creates a *myResourceGroup* resource group, then creates a *natCluster* AKS cluster in *myResourceGroup* with a Managed NAT Gateway, two outbound IPs, and an idle timeout of 30 seconds.
 
 ```azurecli-interactive
 az group create --name myResourceGroup --location southcentralus

articles/azure-resource-manager/managed-applications/media/managed-application-elements/microsoft-storage-storageaccountselector-new.png

@@ -2,33 +2,34 @@
 title: StorageAccountSelector UI element
 description: Describes the Microsoft.Storage.StorageAccountSelector UI element for Azure portal.
 author: davidsmatlak
-
-ms.topic: conceptual
-ms.date: 06/28/2018
 ms.author: davidsmatlak
-
+ms.topic: conceptual
+ms.date: 03/17/2023
 ---
+
 # Microsoft.Storage.StorageAccountSelector UI element
 
-A control for selecting a new or existing storage account.
+A control that's used to select a new or existing storage account.
+
+Storage account names must be globally unique across Azure with a length of 3-24 characters, and include only lowercase letters or numbers.
 
 ## UI sample
 
-The control shows the default value.
+The `StorageAccountSelector` control shows the default name for a storage account. The default is set in your code.
 
-![Microsoft.Storage.StorageAccountSelector](./media/managed-application-elements/microsoft-storage-storageaccountselector.png)
+:::image type="content" source="./media/managed-application-elements/microsoft-storage-storageaccountselector.png" alt-text="Screenshot of the storage account selector element that shows the default value for a new storage account.":::
 
-The control enables the user to create a new storage account or select an existing storage account.
+The `StorageAccountSelector` control allows you to create a new storage account or select an existing storage account.
 
-![Microsoft.Storage.StorageAccountSelector new](./media/managed-application-elements/microsoft-storage-storageaccountselector-new.png)
+:::image type="content" source="./media/managed-application-elements/microsoft-storage-storageaccountselector-new.png" alt-text="Screenshot that shows the storage account selector options to create a new storage account.":::
 
 ## Schema
 
 ```json
 {
   "name": "element1",
   "type": "Microsoft.Storage.StorageAccountSelector",
-  "label": "Storage account",
+  "label": "Storage account selector",
   "toolTip": "",
   "defaultValue": {
     "name": "storageaccount01",
@@ -50,19 +51,120 @@ The control enables the user to create a new storage account or select an existi
 ```json
 {
   "name": "storageaccount01",
-  "resourceGroup": "rg01",
-  "type": "Premium_LRS",
-  "newOrExisting": "new"
+  "resourceGroup": "demoRG",
+  "type": "Standard_LRS",
+  "newOrExisting": "new",
+  "kind": "StorageV2"
 }
 ```
 
 ## Remarks
 
-- If specified, `defaultValue.name` is automatically validated for uniqueness. If the storage account name isn't unique, the user must specify a different name or choose an existing storage account.
-- The default value for `defaultValue.type` is **Premium_LRS**.
+- The `defaultValue.name` is required and the value is automatically validated for uniqueness. If the storage account name isn't unique, the user must specify a different name or choose an existing storage account.
+- The default value for `defaultValue.type` is **Premium_LRS**. You can set any storage account type as the default value. For example, _Standard_LRS_ or _Standard_GRS_.
 - Any type not specified in `constraints.allowedTypes` is hidden, and any type not specified in `constraints.excludedTypes` is shown. `constraints.allowedTypes` and `constraints.excludedTypes` are both optional, but can't be used simultaneously.
-- If `options.hideExisting` is **true**, the user can't choose an existing storage account. The default value is **false**.
+- If `options.hideExisting` is **true**, the user can't choose an existing storage account. The default value is **false**. The control only shows storage accounts as _existing_ if they are in same resource group and region as the selections made on the **Basics** tab.
+- The `kind` property displays the value if a new storage account was created, or an existing storage account's value.
+
+## Example
+
+The default values for the storage account name and type are examples. You can set your own default values for your environment.
+
+In the `outputs` section, the `storageSelector` output includes all the values for a storage account. The `storageKind` and `storageName` are examples of how to output specific values.
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
+  "handler": "Microsoft.Azure.CreateUIDef",
+  "version": "0.1.2-preview",
+  "parameters": {
+    "basics": [
+      {}
+    ],
+    "steps": [
+      {
+        "name": "StorageAccountSelector",
+        "label": "Storage account selector",
+        "elements": [
+          {
+            "name": "storageSelectorElement",
+            "type": "Microsoft.Storage.StorageAccountSelector",
+            "label": "Storage account name",
+            "toolTip": "",
+            "defaultValue": {
+              "name": "storageaccount01",
+              "type": "Premium_LRS"
+            },
+            "options": {
+              "hideExisting": false
+            },
+            "visible": true
+          }
+        ]
+      }
+    ],
+    "outputs": {
+      "location": "[location()]",
+      "storageSelector": "[steps('StorageAccountSelector').storageSelectorElement]",
+      "storageKind": "[steps('StorageAccountSelector').storageSelectorElement.kind]",
+      "storageName": "[steps('StorageAccountSelector').storageSelectorElement.name]"
+    }
+  }
+}
+```
+
+## Example output
+
+The output for a _new_ storage account.
+
+```json
+{
+  "location": {
+    "value": "westus3"
+  },
+  "storageSelector": {
+    "value": {
+      "name": "demostorageaccount01",
+      "resourceGroup": "demoRG",
+      "type": "Standard_GRS",
+      "newOrExisting": "new",
+      "kind": "StorageV2"
+    }
+  },
+  "storageKind": {
+    "value": "StorageV2"
+  },
+  "storageName": {
+    "value": "demostorageaccount01"
+  }
+}
+```
+
+The output for an _existing_ storage account.
+
+```json
+{
+  "location": {
+    "value": "westus3"
+  },
+  "storageSelector": {
+    "value": {
+      "name": "demostorage99",
+      "resourceGroup": "demoRG",
+      "type": "Standard_LRS",
+      "newOrExisting": "existing",
+      "kind": "StorageV2"
+    }
+  },
+  "storageKind": {
+    "value": "StorageV2"
+  },
+  "storageName": {
+    "value": "demostorage99"
+  }
+}
+```
 
 ## Next steps
-* For an introduction to creating UI definitions, see [Getting started with CreateUiDefinition](create-uidefinition-overview.md).
-* For a description of common properties in UI elements, see [CreateUiDefinition elements](create-uidefinition-elements.md).
+- For an introduction to creating UI definitions, go to [CreateUiDefinition.json for Azure managed application's create experience](create-uidefinition-overview.md).
+- For a description of common properties in UI elements, go to [CreateUiDefinition elements](create-uidefinition-elements.md).

articles/azure-resource-manager/managed-applications/media/managed-application-elements/microsoft-storage-storageaccountselector.png

@@ -146,6 +146,9 @@ Navigate to your **Azure Key Vault** and provide access to the SDDC on Azure Key
     > [!IMPORTANT]
     > If you want to select a specific key version instead of the automatically selected latest version, you'll need to specify the key URI with key version. This will affect the CMK key version life cycle.
 
+    > [!NOTE]
+    > The Azure key vault Managed HSM option is only supported with the Key URI option.
+
 1. Select **Save** to grant access to the resource.
 
 # [Azure CLI](#tab/azure-cli)

articles/azure-resource-manager/managed-applications/microsoft-storage-storageaccountselector.md

@@ -20,9 +20,6 @@ A glossary is a list of terms with definitions that you create for the Document
 
 ## Create, upload, and use a glossary file
 
-> [!NOTE]
-> The following example uses an enabled [**system-assigned managed identity**](create-use-managed-identities.md#enable-a-system-assigned-managed-identity) and a [**Storage Blob Data Contributor**](create-use-managed-identities.md#grant-access-to-your-storage-account) role assignment for authentication. For more information, *see* [**Managed identities for Document Translation**](./create-use-managed-identities.md).
-
 1. **Create your glossary file.** Create a file in a supported format (preferably tab-separated values) that contains all the terms and phrases you want to use in your translation.
 
    To check if your file format is supported, *see* [Get supported glossary formats](../reference/get-supported-glossary-formats.md).
@@ -47,6 +44,9 @@ A glossary is a list of terms with definitions that you create for the Document
 1. **Specify your glossary in the translation request.** Include the **`glossary URL`**, **`format`**, and **`version`** in your **`POST`** request:
 
       :::code language="json" source="../../../../../cognitive-services-rest-samples/curl/Translator/translate-with-glossary.json" range="1-23" highlight="13-14":::
+      
+   > [!NOTE]
+   > The example used an enabled [**system-assigned managed identity**](create-use-managed-identities.md#enable-a-system-assigned-managed-identity) with a [**Storage Blob Data Contributor**](create-use-managed-identities.md#grant-access-to-your-storage-account) role assignment for authorization. For more information, *see* [**Managed identities for Document Translation**](./create-use-managed-identities.md).
 
 ### Case sensitivity