Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into 20230213-azure-rbac-available

Author: Mike Ray (Microsoft)

.openpublishing.redirection.azure-monitor.json

@@ -5,6 +5,16 @@
             "redirect_url": "/azure/azure-monitor/getting-started",
             "redirect_document_id": false
          },
+         {
+            "source_path_from_root": "/articles/azure-monitor/monitor-reference.md",
+            "redirect_url": "/azure/azure-monitor/data-sources",
+            "redirect_document_id": false
+         },
+         {
+            "source_path_from_root": "/articles/azure-monitor/observability-data.md",
+            "redirect_url": "/azure/azure-monitor/overview",
+            "redirect_document_id": false
+         },
          {
             "source_path_from_root": "/articles/azure-monitor/change/change-analysis-query.md",
             "redirect_url": "/azure/azure-monitor/change/change-analysis-visualizations",

articles/active-directory/authentication/concept-authentication-oath-tokens.md

@@ -63,7 +63,7 @@ Users may have a combination of up to five OATH hardware tokens or authenticator
 
 .[!IMPORTANT]
 >Make sure to only assign each token to a single user.
-In the future, support for the assignment of a single token to multiple users will stop to prevent a security risk.
+>In the future, support for the assignment of a single token to multiple users will stop to prevent a security risk.
 
 
 ## Determine OATH token registration type in mysecurityinfo 

articles/active-directory/authentication/howto-authentication-temporary-access-pass.md

@@ -206,7 +206,7 @@ Keep these limitations in mind:
 - Users in scope for Self Service Password Reset (SSPR) registration policy *or* [Identity Protection Multi-factor authentication registration policy](../identity-protection/howto-identity-protection-configure-mfa-policy.md) will be required to register authentication methods after they've signed in with a Temporary Access Pass. 
 Users in scope for these policies will get redirected to the [Interrupt mode of the combined registration](concept-registration-mfa-sspr-combined.md#combined-registration-modes). This experience doesn't currently support FIDO2 and Phone Sign-in registration. 
 - A Temporary Access Pass can't be used with the Network Policy Server (NPS) extension and Active Directory Federation Services (AD FS) adapter.
-- After a Temporary Access Pass is added to an account or expires, it can take a few minutes for the changes to replicate. Users may still see a prompt for Temporary Access Pass during this time. 
+- It can take a few minutes for changes to replicate. Because of this, after a Temporary Access Pass is added to an account it can take a while for the prompt to appear. For the same reason, after a Temporary Access Pass expires, users may still see a prompt for Temporary Access Pass. 
 
 ## Troubleshooting    
 

articles/active-directory/cloud-infrastructure-entitlement-management/onboard-enable-controller-after-onboarding.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
-ms.date: 02/23/2022
+ms.date: 02/13/2023
 ms.author: jfields
 ---
 
@@ -49,8 +49,11 @@ This article also describes how to enable the controller in Amazon Web Services
 
 ## Enable or disable the controller in Azure
 
+You can enable or disable the controller in Azure at the Subscription level of you Management Group(s).  
 
-1. In Azure, open the **Access control (IAM)** page.
+1. From the Azure **Home** page, select **Management groups**.
+1. Locate the group for which you want to enable or disable the controller, then select the arrow to expand the group menu and view your subscriptions. Alternatively, you can select the **Total Subscriptions** number listed for your group.
+1. Select the subscription for which you want to enable or disable the controller, then click **Access control (IAM)** in the navigation menu.
 1. In the **Check access** section, in the **Find** box, enter **Cloud Infrastructure Entitlement Management**.
 
     The **Cloud Infrastructure Entitlement Management assignments** page appears, displaying the roles assigned to you.

articles/active-directory/multi-tenant-organizations/cross-tenant-synchronization-overview.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.subservice: multi-tenant-organizations
 ms.topic: overview
-ms.date: 02/02/2023
+ms.date: 02/13/2023
 ms.author: rolyon
 ms.custom: it-pro
 
@@ -237,6 +237,11 @@ Does cross-tenant synchronization enhance any cross-tenant Microsoft 365 app acc
 - Cross-tenant synchronization utilizes a feature that improves the user experience by suppressing the first-time B2B consent prompt and redemption process in each tenant.
 - Synchronized users will have the same cross-tenant Microsoft 365 experiences available to any other B2B collaboration user.
 
+Can cross-tenant synchronization enable people search scenarios where synchronized users appear in the global address list of the target tenant?
+
+- Yes, but you must set the value for the **showInAddressList** attribute of synchronized users to **True**, which is not set by default. If you want to create a unified address list, you'll need to set up a [mesh peer-to-peer topology](./cross-tenant-synchronization-topology.md#mesh-peer-to-peer). For more information, see [Step 9: Review attribute mappings](./cross-tenant-synchronization-configure.md#step-9-review-attribute-mappings).
+- Cross-tenant synchronization creates B2B collaboration users and doesn't create contacts.
+
 #### Teams
 
 Does cross-tenant synchronization enhance any current Teams experiences?

articles/aks/internal-lb.md

@@ -16,7 +16,7 @@ ms.date: 03/04/2019
 # Use an internal load balancer with Azure Kubernetes Service (AKS)
 
 You can create and use an internal load balancer to restrict access to your applications in Azure Kubernetes Service (AKS).
-An internal load balancer makes a Kubernetes service accessible only to applications running in the same virtual network as the Kubernetes cluster. This article shows you how to create and use an internal load balancer with AKS.
+An internal load balancer does not have a public IP and makes a Kubernetes service accessible only to applications that can reach the private IP. These applications can be within the same VNET or in another VNET through VNET peering. This article shows you how to create and use an internal load balancer with AKS.
 
 > [!NOTE]
 > Azure Load Balancer is available in two SKUs: *Basic* and *Standard*. The *Standard* SKU is used by default when you create an AKS cluster. When you create a *LoadBalancer* service type, you'll get the same load balancer type as when you provisioned the cluster. For more information, see [Azure Load Balancer SKU comparison][azure-lb-comparison].

articles/app-service/monitor-app-service.md

@@ -93,7 +93,7 @@ See [Azure Monitor queries for App Service](https://github.com/microsoft/AzureMo
 
 Azure Monitor alerts proactively notify you when important conditions are found in your monitoring data. They allow you to identify and address issues in your system before your customers notice them. You can set alerts on [metrics](../azure-monitor/alerts/alerts-metric-overview.md), [logs](../azure-monitor/alerts/alerts-unified-log.md), and the [activity log](../azure-monitor/alerts/activity-log-alerts.md).
 
-If you're running an application on App Service [Azure Monitor Application Insights](../azure-monitor/overview.md#application-insights) offers more types of alerts.
+If you're running an application on App Service [Azure Monitor Application Insights](../azure-monitor/app/app-insights-overview.md) offers more types of alerts.
 
 The following table lists common and recommended alert rules for App Service.
 

articles/application-gateway/monitor-application-gateway.md

@@ -171,7 +171,7 @@ Azure Monitor alerts proactively notify you when important conditions are found
 
 <!-- only include next line if applications run on your service and work with App Insights. --> 
 
-If you're creating or running an application which use Application Gateway [Azure Monitor Application Insights](../azure-monitor/overview.md#application-insights) may offer additional types of alerts.
+If you're creating or running an application which use Application Gateway [Azure Monitor Application Insights](../azure-monitor/app/app-insights-overview.md) may offer additional types of alerts.
 <!-- end -->
 
 The following tables list common and recommended alert rules for Application Gateway.

articles/azure-arc/data/managed-instance-features.md

@@ -110,7 +110,7 @@ Azure Arc-enabled SQL Managed Instance share a common code base with the latest
 | Feature | Azure Arc-enabled SQL Managed Instance |
 |--|--|
 | JSON | Yes |
-| Query Store | Yes | 
+| Query Store | No | 
 | Temporal | Yes | 
 | Native XML support | Yes | 
 | XML indexing | Yes |