Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into rolyon-rbac-provider-operationalinsights

rolyon · rolyon · commit 8c18903d8430 · 2024-04-25T11:51:12.000-07:00
diff --git a/articles/azure-monitor/containers/prometheus-metrics-scrape-default.md b/articles/azure-monitor/containers/prometheus-metrics-scrape-default.md
@@ -188,7 +188,7 @@ Two default jobs can be run for Windows that scrape metrics required for the das
 - `kube-proxy-windows` (`job=kube-proxy-windows`)
 
 > [!NOTE]
-> This requires applying or updating the `ama-metrics-settings-configmap` configmap and installing `windows-exporter` on all Windows nodes. For more information, see the [enablement document](kubernetes-monitoring-enable.md#enable-prometheus-and-grafana).
+> This requires applying or updating the `ama-metrics-settings-configmap` configmap and installing `windows-exporter` on all Windows nodes. For more information, see the [enablement document](kubernetes-monitoring-enable.md#enable-windows-metrics-collection-preview).
 
 ## Metrics scraped for Windows
 
@@ -254,7 +254,7 @@ The following default dashboards are automatically provisioned and configured by
 
 ## Recording rules
 
-The following default recording rules are automatically configured by Azure Monitor managed service for Prometheus when you [link your Azure Monitor workspace to an Azure Managed Grafana instance](../essentials/azure-monitor-workspace-manage.md#link-a-grafana-workspace). Source code for these recording rules can be found in [this GitHub repository](https://aka.ms/azureprometheus-mixins). These are the standard open source recording rules used in the dashboards above.
+The following default recording rules are automatically configured by Azure Monitor managed service for Prometheus when you [configure Prometheus metrics to be scraped from an Azure Kubernetes Service (AKS) cluster](kubernetes-monitoring-enable.md#enable-prometheus-and-grafana). Source code for these recording rules can be found in [this GitHub repository](https://aka.ms/azureprometheus-mixins). These are the standard open source recording rules used in the dashboards above.
 
 - `cluster:node_cpu:ratio_rate5m`
 - `namespace_cpu:kube_pod_container_resource_requests:sum`
diff --git a/articles/cosmos-db/how-to-restore-in-account-continuous-backup.md b/articles/cosmos-db/how-to-restore-in-account-continuous-backup.md
diff --git a/articles/key-vault/managed-hsm/built-in-roles.md b/articles/key-vault/managed-hsm/built-in-roles.md
@@ -17,6 +17,9 @@ Azure Key Vault Managed HSM local role-based access control (RBAC) has several b
 
 To allow a principal to perform an operation, you must assign them a role that grants them permissions to perform that operations. All these roles and operations allow you to manage permissions only for *data plane* operations. For *management plane* operations, see [Azure built-in roles](../../role-based-access-control/built-in-roles.md) and [Secure access to your managed HSMs](secure-your-managed-hsm.md).
 
+> [!NOTE]  
+> Service principal group access is not supported for performing data plane operations. Only user group access is supported for data plane operations. Service principals must be added to the role directly.
+
 To manage control plane permissions for the Managed HSM resource, you must use [Azure role-based access control (Azure RBAC)](../../role-based-access-control/overview.md). Some examples of control plane operations are to create a new managed HSM, or to update, move, or delete a managed HSM.
 
 ## Built-in roles
diff --git a/articles/logic-apps/connectors/sap.md b/articles/logic-apps/connectors/sap.md
@@ -1207,7 +1207,7 @@ You can control this tracing capability at the application level by adding the f
 
 1. On the **Kudu** toolbar, select **Debug Console** > **CMD**.
 
-1. Browse to the folder for the parameter named **$ccl/trace/directory** from **CCLPROFILE.txt**. 
+1. Browse to the folder for the **$ccl/trace/directory** parameter, which is from the **CCLPROFILE.txt** file.
 
     Usually, the trace files are named **sec-Microsoft.Azure.Work-$processId.trc** and **sec-sapgenpse.exe-$processId.trc**.
 
diff --git a/articles/modeling-simulation-workbench/modeling-simulation-workbench-overview.md b/articles/modeling-simulation-workbench/modeling-simulation-workbench-overview.md
@@ -41,6 +41,7 @@ Storage (both private within chamber, and shared) is persistent with high availa
 To use the Modeling and Simulation Workbench APIs, you must create your Azure Modeling and Simulation Workbench resources in the supported regions. Currently, it's available in the following Azure regions:
 
 - East US
+- Sweden Central
 - West US 3
 - USGov Virginia
 
diff --git a/articles/networking/index.yml b/articles/networking/index.yml
@@ -32,12 +32,12 @@ highlightedContent:
     - title: Azure Networking blogs
       itemType: concept
       url: https://azure.microsoft.com/blog/topics/networking/
-    - title: Define an Azure network topology
+    - title: Design a hybrid network architecture on Azure
+      itemType: learn
+      url: /training/modules/design-a-hybrid-network-architecture/
+    - title: Network Architecture Design
       itemType: architecture
-      url: /azure/cloud-adoption-framework/ready/azure-best-practices/define-an-azure-network-topology
-    - title: Azure Network Watcher
-      itemType: overview
-      url: ../network-watcher/network-watcher-overview.md
+      url: /azure/architecture/networking
     - title: Apply Zero Trust principles to encrypting Azure-based network communications
       itemType: architecture
       url: /security/zero-trust/azure-networking-encryption
diff --git a/articles/operator-nexus/concepts-security.md b/articles/operator-nexus/concepts-security.md
@@ -1,8 +1,8 @@
 ---
 title: "Azure Operator Nexus: Security concepts"
 description: Security overview for Azure Operator Nexus 
-author: rgendreau
-ms.author: rgendreau
+author: scottsteinbrueck 
+ms.author: ssteinbrueck
 ms.service: azure-operator-nexus
 ms.topic: conceptual
 ms.date: 08/14/2023
diff --git a/articles/operator-nexus/howto-set-up-defender-for-cloud-security.md b/articles/operator-nexus/howto-set-up-defender-for-cloud-security.md
@@ -1,8 +1,8 @@
 ---
 title: "Azure Operator Nexus: How to set up the Defender for Cloud security environment"
 description: Learn how to enable and configure Defender for Cloud security plan features on your Operator Nexus subscription. 
-author: rgendreau
-ms.author: rgendreau
+author: scottsteinbrueck 
+ms.author: ssteinbrueck
 ms.service: azure-operator-nexus
 ms.topic: how-to
 ms.date: 08/18/2023
diff --git a/articles/site-recovery/azure-to-azure-common-questions.md b/articles/site-recovery/azure-to-azure-common-questions.md
@@ -380,7 +380,7 @@ Azure Site Recovery creates [replica](./azure-to-azure-architecture.md#target-re
     1. Go to the **Networking** tab under the **Settings** options of the disk. By default, the disk is created with *Enable public access from all networks* setting enabled. 
     1. Change the network access to either **Disable public access and enable private access** or **Disable public and private access** per your requirement, after cancel export is successful.
     
-        If you want to change disk network access to **Disable public access and enable private access**, the disk access resource to be used should already be present in the target region within the target subscription. Find the steps to [create a disk access resource here](../virtual-machines/disks-enable-private-links-for-import-export-portal.yml#create-a-disk-access-resource).
+        If you want to change disk network access to **Disable public access and enable private access**, the disk access resource to be used should already be present in the target region within the target subscription. Find the steps to [create a disk access resource here](../virtual-machines/disks-enable-private-links-for-import-export-portal.yml).
         
         :::image type="content" source="media/azure-to-azure-common-questions/disk-networking.png" alt-text="Screenshot of Disk networking."lightbox="media/azure-to-azure-common-questions/disk-networking.png":::
 
diff --git a/articles/storage/files/storage-files-migration-overview.md b/articles/storage/files/storage-files-migration-overview.md
@@ -4,7 +4,7 @@ description: Learn how to migrate to SMB Azure file shares and find your migrati
 author: khdownie
 ms.service: azure-file-storage
 ms.topic: conceptual
-ms.date: 01/24/2024
+ms.date: 04/25/2024
 ms.author: kendownie
 ---
 
@@ -61,7 +61,7 @@ Learn more about [on-premises Active Directory authentication](storage-files-ide
 The following table lists supported metadata for Azure Files.
 
 > [!IMPORTANT]
-> The *LastAccessTime* timestamp isn't currently supported for files or directories on the target share.
+> The *LastAccessTime* timestamp isn't currently supported for files or directories on the target share. However, Azure Files will return the *LastAccessTime* value for a file when requested. Because the *LastAccessTime* timestamp isn't updated on read operations, it will always be equal to the *LastModifiedTime*.
 
 | **Source** | **Target** |
 |------------|------------|
diff --git a/articles/virtual-machines/capacity-reservation-overview.md b/articles/virtual-machines/capacity-reservation-overview.md
@@ -77,14 +77,14 @@ From this example accumulation of Minutes Not Available, here's the calculation
     - ECesv5 and ECedsv5 series
     - F series, all versions
     - Fasv6 and Falsv6 series
-    - Fx series 
+    - Fx series
+    - NC-series,v3
+    - NV-series,v3 and newer
     - Lsv3 (Intel) and Lasv3 (AMD)
     - At VM deployment, Fault Domain (FD) count of up to 3 may be set as desired using Virtual Machine Scale Sets. A deployment with more than 3 FDs will fail to deploy against a Capacity Reservation.
 - Support for below VM Series for Capacity Reservation is in Public Preview: 
     - M-series, v3
     - Lsv2
-    - NC-series,v3
-    - NV-series,v3 and newer
     - For above mentioned N series, at VM deployment, Fault Domain (FD) count of 1 can be set using Virtual Machine Scale Sets. A deployment with more than 1 FD will fail to deploy against a Capacity Reservation.
 - Support for other VM Series isn't currently available:  
     - M series, v1 and v2 
diff --git a/articles/virtual-machines/capture-image-portal.md b/articles/virtual-machines/capture-image-portal.md
@@ -26,36 +26,41 @@ For images stored in an Azure Compute Gallery (formerly known as Shared Image Ga
 1. Go to the [Azure portal](https://portal.azure.com), then search for and select **Virtual machines**.
 
 2. Select your VM from the list.
+   - If you want a generalized image, see [Generalize OS disk for Linux/Windows](/azure/virtual-machines/generalize).
+
+
+
+   - If you want a specialized image, no additional action is required.
 
 3. On the page for the VM, on the upper menu, select **Capture**.
 
    The **Create an image** page appears.
 
-5. For **Resource group**, either select **Create new** and enter a name, or select a resource group to use from the drop-down list. If you want to use an existing gallery, select the resource group for the gallery you want to use.
+4. For **Resource group**, either select **Create new** and enter a name, or select a resource group to use from the drop-down list. If you want to use an existing gallery, select the resource group for the gallery you want to use.
 
-1. To create the image in a gallery, select **Yes, share it to a gallery as an image version**.
+5. To create the image in a gallery, select **Yes, share it to a gallery as an image version**.
     
    To only create a managed image, select **No, capture only a managed image**. The VM must have been generalized to create a managed image. The only other required information is a name for the image.
 
 6. If you want to delete the source VM after the image has been created, select **Automatically delete this virtual machine after creating the image**. This is not recommended.
 
-1. For **Gallery details**, select the gallery or create a new gallery by selecting **Create new**.
+7. For **Gallery details**, select the gallery or create a new gallery by selecting **Create new**.
 
-1. In **Operating system state** select generalized or specialized. For more information, see [Generalized and specialized images](shared-image-galleries.md#generalized-and-specialized-images). 
+8. In **Operating system state** select generalized or specialized. For more information, see [Generalized and specialized images](shared-image-galleries.md#generalized-and-specialized-images). 
  
-1. Select an image definition or select **create new** and provide a name and information for a new [Image definition](shared-image-galleries.md#image-definitions).
+9. Select an image definition or select **create new** and provide a name and information for a new [Image definition](shared-image-galleries.md#image-definitions).
 
-1. Enter an [image version](shared-image-galleries.md#image-versions) number. If this is the first version of this image, type *1.0.0*.
+10. Enter an [image version](shared-image-galleries.md#image-versions) number. If this is the first version of this image, type *1.0.0*.
 
-1. If you want this version to be included when you specify *latest* for the image version, then leave **Exclude from latest** unchecked.
+11. If you want this version to be included when you specify *latest* for the image version, then leave **Exclude from latest** unchecked.
 
-1. Select an **End of life** date. This date can be used to track when older images need to be retired.
+12. Select an **End of life** date. This date can be used to track when older images need to be retired.
 
-1. Under [Replication](azure-compute-gallery.md#replication), select a default replica count and then select any additional regions where you would like your image replicated.
+13. Under [Replication](azure-compute-gallery.md#replication), select a default replica count and then select any additional regions where you would like your image replicated.
 
-8. When you are done, select **Review + create**.
+14. When you are done, select **Review + create**.
 
-1. After validation passes, select **Create** to create the image.
+15. After validation passes, select **Create** to create the image.
 
 
 
