Merge pull request #231127 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: huypub

articles/active-directory/devices/concept-primary-refresh-token.md

@@ -36,7 +36,7 @@ The following Windows components play a key role in requesting and using a PRT:
 A PRT contains claims found in most Azure AD refresh tokens. In addition, there are some device-specific claims included in the PRT. They are as follows:
 
 * **Device ID**: A PRT is issued to a user on a specific device. The device ID claim `deviceID` determines the device the PRT was issued to the user on. This claim is later issued to tokens obtained via the PRT. The device ID claim is used to determine authorization for Conditional Access based on device state or compliance.
-* **Session key**: The session key is an encrypted symmetric key, generated by the Azure AD authentication service, issued as part of the PRT. The session key acts as the proof of possession when a PRT is used to obtain tokens for other applications.
+* **Session key**: The session key is an encrypted symmetric key, generated by the Azure AD authentication service, issued as part of the PRT. The session key acts as the proof of possession when a PRT is used to obtain tokens for other applications. Session key is rolled on  Windows 10 or newer Azure AD joined or Hybrid Azure AD joined devices if it's older than 30 days.
 
 ### Can I see what’s in a PRT?
 
@@ -133,6 +133,9 @@ A PRT can get a multifactor authentication (MFA) claim in specific scenarios. Wh
 
 Windows 10 or newer maintain a partitioned list of PRTs for each credential. So, there’s a PRT for each of Windows Hello for Business, password, or smartcard. This partitioning ensures that MFA claims are isolated based on the credential used, and not mixed up during token requests.
 
+> [!NOTE]
+> When using password to sign into Windows 10 or newer Azure AD joined or Hybrid Azure AD joined device, MFA during WAM interactive sign in may be required after session key associated with PRT is rolled.
+
 ## How is a PRT invalidated?
 
 A PRT is invalidated in the following scenarios:

articles/azure-functions/functions-scale.md

@@ -70,7 +70,7 @@ Maximum instances are given on a per-function app (Consumption) or per-plan (Pre
 | --- | --- | --- |
 | **[Consumption plan]** | [Event driven](event-driven-scaling.md). Scale out automatically, even during periods of high load. Azure Functions infrastructure scales CPU and memory resources by adding additional instances of the Functions host, based on the number of incoming trigger events. | **Windows:** 200<br/>**Linux:** 100<sup>1</sup>  | 
 | **[Premium plan]** | [Event driven](event-driven-scaling.md). Scale out automatically, even during periods of high load. Azure Functions infrastructure scales CPU and memory resources by adding additional instances of the Functions host, based on the number of events that its functions are triggered on. | **Windows:** 100<br/>**Linux:** 20-100<sup>2</sup>| 
-| **[Dedicated plan]**<sup>3</sup> | Manual/autoscale |10-20| 
+| **[Dedicated plan]**<sup>3</sup> | Manual/autoscale |10-30| 
 | **[ASE][Dedicated plan]**<sup>3</sup> | Manual/autoscale |100 | 
 | **[Kubernetes]**  | Event-driven autoscale for Kubernetes clusters using [KEDA](https://keda.sh). | Varies&nbsp;by&nbsp;cluster&nbsp;&nbsp;| 
 

articles/azure-resource-manager/bicep/bicep-config.md

@@ -38,7 +38,7 @@ You can enable preview features by adding:
 ```json
 {
   "experimentalFeaturesEnabled": {
-    "userDefineTypes": true,
+    "userDefinedTypes": true,
     "extensibility": true
   }
 }

articles/azure-resource-manager/bicep/parameters.md

@@ -123,6 +123,8 @@ You can define allowed values for a parameter. You provide the allowed values in
 param demoEnum string
 ```
 
+If you define allowed values for an array parameter, the actual value can be any subset of the allowed values.
+
 ### Length constraints
 
 You can specify minimum and maximum lengths for string and array parameters. You can set one or both constraints. For strings, the length indicates the number of characters. For arrays, the length indicates the number of items in the array.

articles/bastion/bastion-faq.md

@@ -215,7 +215,7 @@ Make sure the user has **read** access to both the VM, and the peered VNet. Addi
 |Microsoft.Network/virtualNetworks/subnets/virtualMachines/read|Gets references to all the virtual machines in a virtual network subnet|Action|
 |Microsoft.Network/virtualNetworks/virtualMachines/read|Gets references to all the virtual machines in a virtual network|Action|
 
-### My privatelink.azure.com cannot resolve to management.privatelinke.azure.com
+### My privatelink.azure.com cannot resolve to management.privatelink.azure.com
 
 This may be due to the Private DNS zone for privatelink.azure.com linked to the Bastion virtual network causing management.azure.com CNAMEs to resolve to management.privatelink.azure.com behind the scenes. Create a CNAME record in their privatelink.azure.com zone for management.privatelink.azure.com to arm-frontdoor-prod.trafficmanager.net to enable successful DNS resolution.
 

articles/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering.md

@@ -51,7 +51,7 @@ However, if you load balance traffic across geo-redundant parallel paths, regard
 When using different metros for redundancy, you should select the secondary location in the same [geo-political region](expressroute-locations-providers.md#locations). To choose a location outside of the geo-political region, you'll need to use Premium SKU for both circuits in the parallel paths. The advantage of this configuration is the chances of a natural disaster causing an outage to both links are much lower but at the cost of increased latency end-to-end.
 
 >[!NOTE]
->Enabling BFD on the ExpressRoute circuits will help with faster link failure detection between Microsoft Enterprise Edge (MSEE) devices and the Customer/Partner Edge routers. However, the overall failover and convergence to redundant site may take up to 180 seconds under some failure conditions and you may experience increased laterncy or performance degradation during this time.  
+>Enabling BFD on the ExpressRoute circuits will help with faster link failure detection between Microsoft Enterprise Edge (MSEE) devices and the Customer/Partner Edge routers. However, the overall failover and convergence to redundant site may take up to 180 seconds under some failure conditions and you may experience increased latency or performance degradation during this time.  
 
 In this article, let's discuss how to address challenges you may face when configuring geo-redundant paths.
 

articles/mysql/single-server/how-to-data-in-replication.md

@@ -234,7 +234,7 @@ The following steps prepare and configure the MySQL server hosted on-premises, i
 
    All Data-in Replication functions are done by stored procedures. You can find all procedures at [Data-in Replication Stored Procedures](./reference-stored-procedures.md). The stored procedures can be run in the MySQL shell or MySQL Workbench.
 
-   To link two servers and start replication, login to the target replica server in the Azure DB for MySQL service and set the external instance as the source server. This is done by using the `mysql.az_replication_change_master` stored procedure on the Azure DB for MySQL server.
+   To link two servers and start replication, login to the target replica server in the Azure Database for MySQL service and set the external instance as the source server. This is done by using the `mysql.az_replication_change_master` stored procedure on the Azure Database for MySQL server.
 
    ```sql
    CALL mysql.az_replication_change_master('<master_host>', '<master_user>', '<master_password>', <master_port>, '<master_log_file>', <master_log_pos>, '<master_ssl_ca>');