Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into v-ssaunders-YinglueZhang-MS

Author: SteveSaunders1952

.openpublishing.redirection.json

@@ -1,5 +1,25 @@
 {
     "redirections": [
+        {
+            "source_path_from_root": "/articles/storage/blobs/storage-quickstart-blobs-dotnet-legacy.md",
+            "redirect_url": "/azure/storage/blobs/storage-quickstart-blobs-dotnet",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/storage/blobs/storage-quickstart-blobs-java-legacy.md",
+            "redirect_url": "/azure/storage/blobs/storage-quickstart-blobs-java",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/storage/blobs/storage-quickstart-blobs-python-legacy.md",
+            "redirect_url": "/azure/storage/blobs/storage-quickstart-blobs-python",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/storage/blobs/storage-quickstart-blobs-xamarin.md",
+            "redirect_url": "/azure/storage/blobs/storage-quickstart-blobs-dotnet",
+            "redirect_document_id": false
+        },
         {
             "source_path":  "articles/site-recovery/deploy-vmware-azure-replication-appliance-preview.md",
             "redirect_url":  "/azure/site-recovery/deploy-vmware-azure-replication-appliance-modernized",

articles/active-directory/authentication/concept-sspr-policy.md

@@ -87,9 +87,9 @@ The two-gate policy requires two pieces of authentication data, such as an email
   * Power BI service administrator
   * Privileged Authentication administrator
   * Privileged role administrator
-  * SharePoint administrator
   * Security administrator
   * Service support administrator
+  * SharePoint administrator
   * Skype for Business administrator
   * User administrator
 

articles/active-directory/authentication/howto-password-smart-lockout.md

@@ -28,7 +28,7 @@ Smart lockout tracks the last three bad password hashes to avoid incrementing th
 > [!NOTE]
 > Hash tracking functionality isn't available for customers with pass-through authentication enabled as authentication happens on-premises not in the cloud.
 
-Federated deployments that use AD FS 2016 and AF FS 2019 can enable similar benefits using [AD FS Extranet Lockout and Extranet Smart Lockout](/windows-server/identity/ad-fs/operations/configure-ad-fs-extranet-smart-lockout-protection).
+Federated deployments that use AD FS 2016 and AD FS 2019 can enable similar benefits using [AD FS Extranet Lockout and Extranet Smart Lockout](/windows-server/identity/ad-fs/operations/configure-ad-fs-extranet-smart-lockout-protection).
 
 Smart lockout is always on, for all Azure AD customers, with these default settings that offer the right mix of security and usability. Customization of the smart lockout settings, with values specific to your organization, requires Azure AD Premium P1 or higher licenses for your users.
 

articles/active-directory/authentication/tutorial-enable-sspr-writeback.md

@@ -83,6 +83,12 @@ To set up the appropriate permissions for password writeback to occur, complete
 
     [ ![Set the appropriate permissions in Active Users and Computers for the account that is used by Azure AD Connect](media/tutorial-enable-sspr-writeback/set-ad-ds-permissions-cropped.png) ](media/tutorial-enable-sspr-writeback/set-ad-ds-permissions.png#lightbox)
 
+1. When ready, select **Apply / OK** to apply the changes.
+1. From the **Permissions** tab, select **Add**.
+1. For **Principal**, select the account that permissions should be applied to (the account used by Azure AD Connect).
+1. In the **Applies to** drop-down list, select **This object and all descendant objects**
+1. Under *Permissions*, select the box for the following option:
+   * **Unexpire Password**
 1. When ready, select **Apply / OK** to apply the changes and exit any open dialog boxes.
 
 When you update permissions, it might take up to an hour or more for these permissions to replicate to all the objects in your directory.

articles/active-directory/authentication/tutorial-enable-sspr.md

@@ -40,7 +40,7 @@ To finish this tutorial, you need the following resources and privileges:
 * A working Azure AD tenant with at least an Azure AD free or trial license enabled. In the Free tier, SSPR only works for cloud users in Azure AD. Password change is supported in the Free tier, but password reset is not. 
     * For later tutorials in this series, you'll need an Azure AD Premium P1 or trial license for on-premises password writeback.
     * If needed, [create an Azure account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
-* An account with *Global Administrator* privileges.
+* An account with *Global Administrator* or *Authentication Policy Administrator* privileges.
 * A non-administrator user with a password you know, like *testuser*. You'll test the end-user SSPR experience using this account in this tutorial.
     * If you need to create a user, see [Quickstart: Add new users to Azure Active Directory](../fundamentals/add-users-azure-active-directory.md).
 * A group that the non-administrator user is a member of, likes *SSPR-Test-Group*. You'll enable SSPR for this group in this tutorial.
@@ -55,7 +55,7 @@ Azure AD lets you enable SSPR for *None*, *Selected*, or *All* users. This granu
 
 In this tutorial, set up SSPR for a set of users in a test group. Use the *SSPR-Test-Group* and provide your own Azure AD group as needed:
 
-1. Sign in to the [Azure portal](https://portal.azure.com) using an account with *global administrator* permissions.
+1. Sign in to the [Azure portal](https://portal.azure.com) using an account with *global administrator* or *authentication policy administrator* permissions.
 1. Search for and select **Azure Active Directory**, then select **Password reset** from the menu on the left side.
 1. From the **Properties** page, under the option *Self service password reset enabled*, choose **Selected**.
 1. If your group isn't visible, choose **No groups selected**, browse for and select your Azure AD group, like *SSPR-Test-Group*, and then choose *Select*.

articles/api-management/api-management-subscriptions.md

@@ -7,7 +7,7 @@ author: dlepow
 
 ms.service: api-management
 ms.topic: conceptual
-ms.date: 01/05/2022
+ms.date: 09/27/2022
 ms.author: danlep
 ---
 # Subscriptions in Azure API Management
@@ -20,14 +20,11 @@ By publishing APIs through API Management, you can easily secure API access usin
 * Rejected immediately by the API Management gateway. 
 * Not forwarded to the back-end services.
 
-To access APIs, you'll need a subscription and a subscription key. A *subscription* is a named container for a pair of subscription keys. 
-
-> [!NOTE]
-> Regularly regenerating keys is a common security precaution. Like most Azure services requiring a subscription key, API Management  generates keys in pairs. Each application using the service can switch from *key A* to *key B* and regenerate key A with minimal disruption, and vice versa. 
+To access APIs, developers need a subscription and a subscription key. A *subscription* is a named container for a pair of subscription keys. 
 
 In addition,
 
-* Developers can get subscriptions without approval from API publishers. 
+* Developers can get subscriptions without needing approval from API publishers. 
 * API publishers can create subscriptions directly for API consumers.
 
 > [!TIP]
@@ -36,6 +33,13 @@ In addition,
 > - [Client certificates](api-management-howto-mutual-certificates-for-clients.md)
 > - [Restrict caller IPs](./api-management-access-restriction-policies.md#RestrictCallerIPs)
 
+## Manage subscription keys
+
+Regularly regenerating keys is a common security precaution. Like most Azure services requiring a subscription key, API Management generates keys in pairs. Each application using the service can switch from *key A* to *key B* and regenerate key A with minimal disruption, and vice versa.
+> [!NOTE]
+> * API Management doesn't provide built-in features to manage the lifecycle of subscription keys, such as setting expiration dates or automatically rotating keys. You can develop workflows to automate these processes using tools such as Azure PowerShell or the Azure SDKs. 
+> * To enforce time-limited access to APIs, API publishers may be able to use policies with subscription keys, or use a mechanism that provides built-in expiration such as token-based authentication.
+
 ## Scope of subscriptions
 
 Subscriptions can be associated with various scopes: [product](api-management-howto-add-products.md), all APIs, or an individual API.

articles/automation/disable-local-authentication.md

@@ -10,6 +10,10 @@ ms.topic: how-to
 
 # Disable local authentication in Automation
 
+> [!IMPORTANT]
+> - Update Management patching will not work when local authentication is disabled. 
+> - When you disable local authentication, it impacts the starting a runbook using a webhook, Automation Desired State Configuration and agent-based Hybrid Runbook Workers. For more information, see the [available alternatives](#compatibility).
+
 Azure Automation provides Microsoft Azure Active Directory (Azure AD) authentication support for all Automation service public endpoints. This critical security enhancement removes certificate dependencies and gives organizations control to disable local authentication methods. This feature provides you with seamless integration when centralized control and management of identities and resource credentials through Azure AD is required.
 
 Azure Automation provides an optional feature to "Disable local authentication" at the Automation account level using the Azure policy [Configure Azure Automation account to disable local authentication](../automation/policy-reference.md#azure-automation). By default, this flag is set to false at the account, so you can use both local authentication and Azure AD authentication. If you choose to disable local authentication, then the Automation service only accepts Azure AD based authentication.
@@ -19,7 +23,7 @@ In the Azure portal, you may receive a warning message on the landing page for t
 Disabling local authentication doesn't take effect immediately. Allow a few minutes for the service to block future authentication requests.
 
 >[!NOTE]
-> Currently, PowerShell support for the new API version (2021-06-22) or the flag – `DisableLocalAuth` is not available. However, you can use the Rest-API with this API version to update the flag.
+> - Currently, PowerShell support for the new API version (2021-06-22) or the flag – `DisableLocalAuth` is not available. However, you can use the Rest-API with this API version to update the flag.
 
 ## Re-enable local authentication
 
@@ -35,10 +39,6 @@ The following table describes the behaviors or features that are prevented from
 |Using Automation Desired State Configuration.| Use [Azure Policy Guest configuration](../governance/machine-configuration/overview.md).  |
 |Using agent-based Hybrid Runbook Workers.| Use [extension-based Hybrid Runbook Workers (Preview)](./extension-based-hybrid-runbook-worker-install.md).|
 
-## Limitations
-
-Update Management patching will not work when local authentication is disabled.
-
 
 ## Next steps
 - [Azure Automation account authentication overview](./automation-security-overview.md)

articles/azure-cache-for-redis/cache-how-to-upgrade.md

@@ -6,7 +6,7 @@ author: flang-msft
 ms.author: franlanglois
 ms.service: cache
 ms.topic: how-to
-ms.date: 09/08/2022
+ms.date: 09/29/2022
 ms.custom: template-how-to 
 ---
 
@@ -15,7 +15,13 @@ ms.custom: template-how-to
 
 Azure Cache for Redis supports upgrading the version of your Azure Cache for Redis from Redis 4 to Redis 6. Upgrading is permanent, and it might cause a brief connection issue similar to regular monthly maintenance. As a precautionary step, we recommend exporting the data from your existing Redis 4 cache and testing your client application with a Redis 6 cache in a lower environment before upgrading.
 
-For more information, see [here](cache-how-to-import-export-data.md) for details on how to export.
+For more details on how to export, see [Import and Export data in Azure Cache for Redis](cache-how-to-import-export-data.md).
+
+> [!IMPORTANT]
+> As announced in [What's new](cache-whats-new.md#upgrade-your-azure-cache-for-redis-instances-to-use-redis-version-6-by-june-30-2023), we'll retire version 4 for Azure Cache for Redis instances on June 30, 2023. Before that date, you need to upgrade any of your cache instances to version 6.
+>
+> For more information on the retirement of Redis 4, see [Retirements](cache-retired-features.md).
+>
 
 ## Prerequisites
 

articles/azure-netapp-files/TOC.yml

@@ -249,6 +249,8 @@
           href: application-volume-group-manage-volumes.md
         - name: Delete an application volume group
           href: application-volume-group-delete.md
+        - name: Configure application volume groups for REST API
+          href: configure-application-volume-group-sap-hana-api.md
   - name: Manage data protection  
     items:
     - name: Manage volume snapshots