MicrosoftDocs
diff --git a/‎articles/aks/cluster-configuration.md
Lines changed: 2 additions & 2 deletions b/‎articles/aks/cluster-configuration.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/azure-arc/kubernetes/tutorial-akv-secrets-provider.md
Lines changed: 1 addition & 0 deletions b/‎articles/azure-arc/kubernetes/tutorial-akv-secrets-provider.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎articles/azure-arc/servers/scenario-onboard-azure-sentinel.md
Lines changed: 1 addition & 1 deletion b/‎articles/azure-arc/servers/scenario-onboard-azure-sentinel.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/azure-monitor/essentials/activity-log.md
Lines changed: 23 additions & 22 deletions b/‎articles/azure-monitor/essentials/activity-log.md
Lines changed: 23 additions & 22 deletions
diff --git a/‎articles/data-factory/managed-virtual-network-private-endpoint.md
Lines changed: 0 additions & 1 deletion b/‎articles/data-factory/managed-virtual-network-private-endpoint.md
Lines changed: 0 additions & 1 deletion
diff --git a/‎articles/defender-for-iot/device-builders/release-notes.md
Lines changed: 17 additions & 3 deletions b/‎articles/defender-for-iot/device-builders/release-notes.md
Lines changed: 17 additions & 3 deletions
@@ -173,9 +173,9 @@ az group create --name myResourceGroup --location eastus
 az aks create -n aks -g myResourceGroup --enable-oidc-issuer
 ```
 
-### Upgrade an AKS cluster with OIDC Issuer
+### Update an AKS cluster with OIDC Issuer
 
-To upgrade a cluster to use OIDC Issuer.
+To update a cluster to use OIDC Issuer.
 
 ```azurecli-interactive
 az aks update -n aks -g myResourceGroup --enable-oidc-issuer
 
@@ -20,6 +20,7 @@ The Azure Key Vault Provider for Secrets Store CSI Driver allows for the integra
 ### Support limitations for Azure Key Vault (AKV) secrets provider extension
 - Following Kubernetes distributions are currently supported
     - Cluster API Azure
+    - Azure Kubernetes Service on Azure Stack HCI (AKS-HCI)
     - Google Kubernetes Engine
     - OpenShift Kubernetes Distribution
     - Canonical Kubernetes Distribution
 
@@ -17,7 +17,7 @@ Before you start, make sure that you've met the following requirements:
 
 - Microsoft Sentinel [enabled in your subscription](../../sentinel/quickstart-onboard.md).
 
-- You're machine or server is connected to Azure Arc-enabled servers.
+- Your machine or server is connected to Azure Arc-enabled servers.
 
 ## Onboard Azure Arc-enabled servers to Microsoft Sentinel
 
 
@@ -43,7 +43,7 @@ For some events, you can view the Change history, which shows what changes happe
 
 ![Change history list for an event](media/activity-log/change-history-event.png)
 
-If there are any associated changes with the event, you'll see a list of changes that you can select. This opens up the **Change history (Preview)** page. On this page you see the changes to the resource. In the following example, you can see not only that the VM changed sizes, but what the previous VM size was before the change and what it was changed to. To learn more about change history, see [Get resource changes](../../governance/resource-graph/how-to/get-resource-changes.md).
+If there are any associated changes with the event, you'll see a list of changes that you can select. This opens up the **Change history (Preview)** page. On this page, you see the changes to the resource. In the following example, you can see not only that the VM changed sizes, but what the previous VM size was before the change and what it was changed to. To learn more about change history, see [Get resource changes](../../governance/resource-graph/how-to/get-resource-changes.md).
 
 ![Change history page showing differences](media/activity-log/change-history-event-details.png)
 
@@ -65,7 +65,8 @@ You can also access Activity log events using the following methods.
 - Use log alerts with Activity entries allowing for more complex alerting logic.
 - Store Activity log entries for longer than the Activity Log retention period.
 - No data ingestion charges for Activity log data stored in a Log Analytics workspace.
-- No data retention charges until after the Activity Log retention period expires for given entires.
+- No data retention charges for the first 90 days for Activity log data stored in a Log Analytics workspace.
+
 
 [Create a diagnostic setting](./diagnostic-settings.md) to send the Activity log to a Log Analytics workspace. You can send the Activity log from any single subscription to up to five  workspaces. 
 
@@ -87,7 +88,7 @@ AzureActivity
 
 
 ## Send to Azure Event Hubs
-Send the Activity Log to Azure Event Hubs to send entries outside of Azure, for example to a third-party SIEM or other log analytics solutions. Activity log events from event hubs are consumed in JSON format with a `records` element containing the records in each payload. The schema depends on the category and is described in [Schema from storage account and event hubs](activity-log-schema.md).
+Send the Activity Log to Azure Event Hubs to send entries outside of Azure, for example to a third-party SIEM or other log analytics solutions. Activity log events from Event Hubs are consumed in JSON format with a `records` element containing the records in each payload. The schema depends on the category and is described in [Schema from Storage Account and Event Hubs](activity-log-schema.md).
 
 Following is sample output data from Event Hubs for an Activity log:
 
@@ -147,11 +148,10 @@ Following is sample output data from Event Hubs for an Activity log:
 }
 ```
 
-
 ## Send to Azure storage
-Send the Activity Log to an Azure Storage account for audit, static analysis, or backup if you want to retain your log data longer than the Activity Log retention period. There is no need to set up Azure storage unless you need to retain the entries for one of these reasons.  
+Send the Activity Log to an Azure Storage Account if you want to retain your log data longer than 90 days for audit, static analysis, or backup. If you only need to retain your events for 90 days or less you do not need to set up archival to a Storage Account, since Activity Log events are retained in the Azure platform for 90 days.
 
-When you send the Activity log to Azure, a storage container is created in the storage account as soon as an event occurs. The blobs in the container use the following naming convention:
+When you send the Activity log to Azure, a storage container is created in the Storage Account as soon as an event occurs. The blobs in the container use the following naming convention:
 
 ```
 insights-activity-logs/resourceId=/SUBSCRIPTIONS/{subscription ID}/y={four-digit numeric year}/m={two-digit numeric month}/d={two-digit numeric day}/h={two-digit 24-hour clock hour}/m=00/PT1H.json
@@ -165,18 +165,18 @@ insights-logs-networksecuritygrouprulecounter/resourceId=/SUBSCRIPTIONS/00000000
 
 Each PT1H.json blob contains a JSON blob of events that occurred within the hour specified in the blob URL (for example, h=12). During the present hour, events are appended to the PT1H.json file as they occur. The minute value (m=00) is always 00, since resource log events are broken into individual blobs per hour.
 
-Each event is stored in the PT1H.json file with the following format that uses a common top level schema but is otherwise unique for each category as described in  [Activity log schema](activity-log-schema.md).
+Each event is stored in the PT1H.json file with the following format that uses a common top-level schema but is otherwise unique for each category as described in  [Activity log schema](activity-log-schema.md).
 
 ``` JSON
 { "time": "2020-06-12T13:07:46.766Z", "resourceId": "/SUBSCRIPTIONS/00000000-0000-0000-0000-000000000000/RESOURCEGROUPS/MY-RESOURCE-GROUP/PROVIDERS/MICROSOFT.COMPUTE/VIRTUALMACHINES/MV-VM-01", "correlationId": "0f0cb6b4-804b-4129-b893-70aeeb63997e", "operationName": "Microsoft.Resourcehealth/healthevent/Updated/action", "level": "Information", "resultType": "Updated", "category": "ResourceHealth", "properties": {"eventCategory":"ResourceHealth","eventProperties":{"title":"This virtual machine is starting as requested by an authorized user or process. It will be online shortly.","details":"VirtualMachineStartInitiatedByControlPlane","currentHealthStatus":"Unknown","previousHealthStatus":"Unknown","type":"Downtime","cause":"UserInitiated"}}}
 ```
 
 
 ## Legacy collection methods
-This section describes legacy methods for collecting the Activity log that were used prior to diagnostic settings. If you're using these methods, you should consider transitioning to diagnostic settings which provide better functionality and consistency with resource logs.
+This section describes legacy methods for collecting the Activity log that were used prior to diagnostic settings. If you're using these methods, you should consider transitioning to diagnostic settings that provide better functionality and consistency with resource logs.
 
 ### Log profiles
-Log profiles are the legacy method for sending the Activity log to Azure storage or event hubs. Use the following procedure to continue working with a log profile or to disable it in preparation for migrating to a diagnostic setting.
+Log profiles are the legacy method for sending the Activity log to Azure storage or Event Hubs. Use the following procedure to continue working with a log profile or to disable it in preparation for migrating to a diagnostic setting.
 
 1. From the **Azure Monitor** menu in the Azure portal, select **Activity log**.
 3. Click **Diagnostic settings**.
@@ -188,7 +188,6 @@ Log profiles are the legacy method for sending the Activity log to Azure storage
     ![Legacy experience](media/activity-log/legacy-experience.png)
 
 
-
 ### Configure log profile using PowerShell
 
 If a log profile already exists, you first need to remove the existing log profile and then create a new one.
@@ -212,27 +211,27 @@ If a log profile already exists, you first need to remove the existing log profi
     | --- | --- | --- |
     | Name |Yes |Name of your log profile. |
     | StorageAccountId |No |Resource ID of the Storage Account where the Activity Log should be saved. |
-    | serviceBusRuleId |No |Service Bus Rule ID for the Service Bus namespace you would like to have event hubs created in. This is a string with the format: `{service bus resource ID}/authorizationrules/{key name}`. |
+    | serviceBusRuleId |No |Service Bus Rule ID for the Service Bus namespace you would like to have Event Hubs created in. This is a string with the format: `{service bus resource ID}/authorizationrules/{key name}`. |
     | Location |Yes |Comma-separated list of regions for which you would like to collect Activity Log events. |
-    | RetentionInDays |Yes |Number of days for which events should be retained in the storage account, between 1 and 365. A value of zero stores the logs indefinitely. |
+    | RetentionInDays |Yes |Number of days for which events should be retained in the Storage Account, between 1 and 365. A value of zero stores the logs indefinitely. |
     | Category |No |Comma-separated list of event categories that should be collected. Possible values are _Write_, _Delete_, and _Action_. |
 
 ### Example script
-Following is a sample PowerShell script to create a log profile that writes the Activity Log to both a storage account and event hub.
+Following is a sample PowerShell script to create a log profile that writes the Activity Log to both a Storage Account and Event Hub.
 
    ```powershell
    # Settings needed for the new log profile
    $logProfileName = "default"
    $locations = (Get-AzLocation).Location
    $locations += "global"
    $subscriptionId = "<your Azure subscription Id>"
-   $resourceGroupName = "<resource group name your event hub belongs to>"
-   $eventHubNamespace = "<event hub namespace>"
+   $resourceGroupName = "<resource group name your Event Hub belongs to>"
+   $eventHubNamespace = "<Event Hub namespace>"
 
    # Build the service bus rule Id from the settings above
    $serviceBusRuleId = "/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.EventHub/namespaces/$eventHubNamespace/authorizationrules/RootManageSharedAccessKey"
 
-   # Build the storage account Id from the settings above
+   # Build the Storage Account Id from the settings above
    $storageAccountId = "/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Storage/storageAccounts/$storageAccountName"
 
    Add-AzLogProfile -Name $logProfileName -Location $locations -StorageAccountId  $storageAccountId -ServiceBusRuleId $serviceBusRuleId
@@ -248,7 +247,7 @@ If a log profile already exists, you first need to remove the existing log profi
 3. Use `az monitor log-profiles create` to create a new log profile:
 
    ```azurecli-interactive
-   az monitor log-profiles create --name "default" --location null --locations "global" "eastus" "westus" --categories "Delete" "Write" "Action"  --enabled false --days 0 --service-bus-rule-id "/subscriptions/<YOUR SUBSCRIPTION ID>/resourceGroups/<RESOURCE GROUP NAME>/providers/Microsoft.EventHub/namespaces/<EVENT HUB NAME SPACE>/authorizationrules/RootManageSharedAccessKey"
+   az monitor log-profiles create --name "default" --location null --locations "global" "eastus" "westus" --categories "Delete" "Write" "Action"  --enabled false --days 0 --service-bus-rule-id "/subscriptions/<YOUR SUBSCRIPTION ID>/resourceGroups/<RESOURCE GROUP NAME>/providers/Microsoft.EventHub/namespaces/<Event Hub NAME SPACE>/authorizationrules/RootManageSharedAccessKey"
    ```
     | Property | Required | Description |
     | --- | --- | --- |
@@ -279,7 +278,7 @@ To disable the setting, perform the same procedure and click **Disconnect** to r
 ### Data structure changes
 Diagnostic settings send the same data as the legacy method used to send the Activity log with some changes to the structure of the *AzureActivity* table.
 
-The columns in the following table have been deprecated in the updated schema. They still exist in *AzureActivity* but they will have no data. The replacement for these columns are not new, but they contain the same data as the deprecated column. They are in a different format, so you may need to modify log queries that use them. 
+The columns in the following table have been deprecated in the updated schema. They still exist in *AzureActivity* but they will have no data. The replacements for these columns are not new, but they contain the same data as the deprecated column. They are in a different format, so you may need to modify log queries that use them. 
 
 |Activity Log JSON | 	Log Analytics column name<br/>*(older deprecated)*	| New Log Analytics column name |	Notes |
 |:---------|:---------|:---------|:---------|
@@ -289,7 +288,7 @@ The columns in the following table have been deprecated in the updated schema. T
 |operationName	| OperationName | 	OperationNameValue |REST API localizes operation name value. Log Analytics UI always shows English.  |
 |resourceProviderName	| ResourceProvider 	| ResourceProviderValue	||
 
-> [!IMPORTANT]
+> [!Important]
 > In some cases, the values in these columns may be in all uppercase. If you have a query that includes these columns, you should use the [=~ operator](/azure/kusto/query/datatypes-string-operators) to do a case insensitive comparison.
 
 The following column have been added to *AzureActivity* in the updated schema:
@@ -299,7 +298,8 @@ The following column have been added to *AzureActivity* in the updated schema:
 - Properties_d
 
 ## Activity Log Analytics monitoring solution
-The Azure Log Analytics monitoring solution will be deprecated soon and replaced by a workbook using the updated schema in the Log Analytics workspace. You can still use the solution if you already have it enabled, but it can only be used if you're collecting the Activity log using legacy settings. 
+> [!Note]
+> The Azure Log Analytics monitoring solution will be deprecated soon and replaced by a workbook using the updated schema in the Log Analytics workspace. You can still use the solution if you already have it enabled, but it can only be used if you're collecting the Activity log using legacy settings. 
 
 
 
@@ -309,13 +309,14 @@ Monitoring solutions are accessed from the **Monitor** menu in the Azure portal.
 ![Azure Activity Logs tile](media/activity-log/azure-activity-logs-tile.png)
 
 
-Click the **Azure Activity Logs** tile to open the **Azure Activity Logs** view. The view includes the visualization parts in the following table. Each part lists up to 10 items matching that parts's criteria for the specified time range. You can run a log query that returns all  matching records by clicking **See all** at the bottom of the part.
+Click the **Azure Activity Logs** tile to open the **Azure Activity Logs** view. The view includes the visualization parts in the following table. Each part lists up to 10 items matching that part's criteria for the specified time range. You can run a log query that returns all  matching records by clicking **See all** at the bottom of the part.
 
 ![Azure Activity Logs dashboard](media/activity-log/activity-log-dash.png)
 
 
 ### Enable the solution for new subscriptions
-You will soon no longer be able to add the Activity Logs Analytics solution to your subscription using the Azure portal. You can add it using the following procedure with a Resource Manager template. 
+> [!NOTE]
+>You will soon no longer be able to add the Activity Logs Analytics solution to your subscription using the Azure portal. You can add it using the following procedure with a Resource Manager template. 
 
 1. Copy the following json into a file called *ActivityLogTemplate*.json.
 
 
@@ -163,7 +163,6 @@ Generally, managed Virtual network is available to all Azure Data Factory region
 
 ### Outbound communications through public endpoint from ADF Managed Virtual Network
 - All ports are opened for outbound communications.
-- Azure Storage and Azure Data Lake Gen2 are not supported to be connected through public endpoint from ADF Managed Virtual Network.
 
 ### Linked Service creation of Azure Key Vault 
 - When you create a Linked Service for Azure Key Vault, there is no Azure Integration Runtime reference. So you can't create Private Endpoint during Linked Service creation of Azure Key Vault. But when you create Linked Service for data stores which references Azure Key Vault Linked Service and this Linked Service references Azure Integration Runtime with Managed Virtual Network enabled, then you are able to create a Private Endpoint for the Azure Key Vault Linked Service during the creation. 
 
@@ -2,7 +2,7 @@
 title: What's new in Microsoft Defender for IoT for device builders
 description: Learn about the latest updates for Defender for IoT device builders.
 ms.topic: conceptual
-ms.date: 12/28/2021
+ms.date: 01/10/2022
 ---
 
 # What's new  
@@ -13,12 +13,26 @@ This article lists new features and feature enhancements in Microsoft Defender f
 
 Noted features are in PREVIEW. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include other legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
 
-If you would like to be added to the Microsoft Defender for IoT device builders email distribution list, to get updates on new features, and release notes, send an email to: [[email protected]](mailto:[email protected])
-
 ## Versioning and support
 
 Listed below are the support, breaking change policies for Defender for IoT, and the versions of Defender for IoT that are currently available.
 
+## November 2021
+
+**Version 3.13.1**:
+
+- DNS network activity on managed devices is now supported. Microsoft threat intelligence security graph can now detect suspicious activity based on DNS traffic.
+
+- [Leaf device proxying](../../iot-edge/how-to-connect-downstream-iot-edge-device.md#integrate-microsoft-defender-for-iot-with-iot-edge-gateway): There is now an enhanced integration with IoT Edge. This integration enhances the connectivity between the agent, and the cloud using leaf device proxying.
+
+## October 2021
+
+**Version 3.12.2**:
+
+- More CIS benchmark checks are now supported for Debian 9: These extra checks allow you to make sure your network is compliant with the CIS best practices used to protect against pervasive cyber threats.
+
+- **[Twin configuration](concept-micro-agent-configuration.md)**: The micro agent’s behavior is configured by a set of module twin properties. You can configure the micro agent to best suit your needs.
+
 ## September 2021
 
 **Version 3.11**: