Merge pull request #205894 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: huypub

articles/active-directory-b2c/self-asserted-technical-profile.md

@@ -192,6 +192,9 @@ The validation technical profile can be any technical profile in the policy, suc
 
 You can also call a REST API technical profile with your business logic, overwrite input claims, or enrich user data by further integrating with corporate line-of-business application. For more information, see [Validation technical profile](validation-technical-profile.md)
 
+> [!NOTE]
+> A validation technical profile is only triggered when there's an input from the user. You can't create an _empty_ self-asserted technical profile to call a validation technical profile just to take advantage of the **ContinueOnError** attribute of a **ValidationTechnicalProfile** element. You can only call a validation technical profile from a self-asserted technical profile that requests an input from the user, or from an orchestration step in a user journey. 
+
 ## Metadata
 
 | Attribute | Required | Description |

articles/active-directory/governance/entitlement-management-access-package-first.md

@@ -265,7 +265,7 @@ In this step, you remove the changes you made and delete the **Marketing Campaig
 1. Delete the **Marketing resources** group.
 
 ## Set up group writeback in entitlement management
-To set up group writeback for Micosoft 356 groups in access packages, you must complete the following prerequisites:
+To set up group writeback for Micosoft 365 groups in access packages, you must complete the following prerequisites:
 - Set up group writeback in the Azure Active Directory admin center. 
 - The Organizational Unit (OU) that will be used to set up group writeback in Azure AD Connect Configuration.
 - Complete the [group writeback enablement steps](../hybrid/how-to-connect-group-writeback-v2.md#enable-group-writeback-using-azure-ad-connect) for Azure AD Connect. 

articles/app-service/manage-backup.md

@@ -43,7 +43,7 @@ There are two types of backups in App Service. Automatic backups made for your a
 
     :::image type="content" source="./media/manage-backup/open-backups-page.png" alt-text="Screenshot that shows how to open the backups page.":::
 
-1. Select the backup to restore by clicking it's **Restore** link.
+1. Select the backup to restore by clicking its **Restore** link.
 
     :::image type="content" source="./media/manage-backup/click-restore-link.png" alt-text="Screenshot that shows how to select the restore link.":::
 

articles/azure-monitor/logs/data-retention-archive.md

@@ -39,7 +39,7 @@ To set the default workspace retention policy:
 
 By default, all tables in your workspace inherit the workspace's interactive retention setting and have no archive policy. You can modify the retention and archive policies of individual tables, except for workspaces in the legacy Free Trial pricing tier.
 
-You can keep data in interactive retention between 4 and 730 days. You can set the archive period for a total retention time of up to 2,555 days (seven years). 
+You can keep data in interactive retention between 4 and 730 days. You can set the archive period for a total retention time of up to 2,556 days (seven years). 
 
 # [Portal](#tab/portal-1)
 
@@ -80,8 +80,8 @@ The request body includes the values in the following table.
 
 |Name | Type | Description |
 | --- | --- | --- |
-|properties.retentionInDays | integer  | The table's data retention in days. This value can be between 4 and 730; or 1095, 1460, 1826, 2191, or 2556. <br/>Setting this property to null will default to the workspace retention. For a Basic Logs table, the value is always 8. | 
-|properties.totalRetentionInDays | integer  | The table's total data retention including archive period. Set this property to null if you don't want to archive data.  | 
+|properties.retentionInDays | integer  | The table's data retention in days. This value can be between 4 and 730. <br/>Setting this property to null will default to the workspace retention. For a Basic Logs table, the value is always 8. | 
+|properties.totalRetentionInDays | integer  | The table's total data retention including archive period. This value can be between 4 and 730; or 1095, 1460, 1826, 2191, or 2556. Set this property to null if you don't want to archive data.  | 
 
 **Example**
 
@@ -226,4 +226,4 @@ The retention can also be [set programatically using PowerShell](../app/powershe
 ## Next steps
 - [Learn more about Log Analytics workspaces and data retention and archive.](log-analytics-workspace-overview.md)
 - [Create a search job to retrieve archive data matching particular criteria.](search-jobs.md)
-- [Restore archive data within a particular time range.](restore.md)
+- [Restore archive data within a particular time range.](restore.md)

articles/cognitive-services/autoscale.md

@@ -67,6 +67,7 @@ Autoscale feature is available for the following services:
 
 * [Computer Vision](computer-vision/index.yml)
 * [Language](language-service/overview.md) (only available for sentiment analysis, key phrase extraction, named entity recognition, and text analytics for health)
+* [Form Recognizer](/azure/applied-ai-services/form-recognizer/overview?tabs=v3-0)
 
 ### Can I test this feature using a free subscription?
 
@@ -77,4 +78,4 @@ No, the autoscale feature is not available to free tier subscriptions.
 - [Plan and Manage costs for Azure Cognitive Services](./plan-manage-costs.md).
 - [Optimize your cloud investment with Azure Cost Management](../cost-management-billing/costs/cost-mgt-best-practices.md?WT.mc_id=costmanagementcontent_docsacmhorizontal_-inproduct-learn).
 - Learn about how to [prevent unexpected costs](../cost-management-billing/cost-management-billing-overview.md?WT.mc_id=costmanagementcontent_docsacmhorizontal_-inproduct-learn).
-- Take the [Cost Management](/learn/paths/control-spending-manage-bills?WT.mc_id=costmanagementcontent_docsacmhorizontal_-inproduct-learn) guided learning course.
+- Take the [Cost Management](/learn/paths/control-spending-manage-bills?WT.mc_id=costmanagementcontent_docsacmhorizontal_-inproduct-learn) guided learning course.

articles/cosmos-db/sql/troubleshoot-dot-net-sdk-slow-request.md

@@ -100,7 +100,7 @@ The timeouts include diagnostics, which contain the following, for example:
 
 },
 {
-"dateUtc": "2021-11-17T23:38:28.3115496Z",
+"dateUtc": "2021-11-17T23:38:38.3115496Z",
 "cpu": 16.731,
 "memory": 9024120.000,
 "threadInfo": {

articles/defender-for-cloud/includes/defender-for-containers-remove-extension.md

@@ -52,7 +52,7 @@ You can remove the extension using Azure portal, Azure CLI, or REST API as expla
     There should be no delay in the extension resource getting deleted from Azure Resource Manager. After that, validate that there are no pods called "azuredefender-XXXXX" on the cluster by running the following command with the `kubeconfig` file pointed to your cluster: 
 
     ```console
-    kubectl get pods -n azuredefender
+    kubectl get pods -A --selector app=defender
     ```
 
     It might take a few minutes for the pods to be deleted.

articles/service-bus-messaging/monitor-service-bus-reference.md

@@ -144,6 +144,37 @@ The following management operations are captured in operational logs:
 > [!NOTE]
 > Currently, *Read* operations aren't tracked in the operational logs.
 
+### Virtual network and IP filtering logs
+Service Bus virtual network (VNet) connection event JSON includes elements listed in the following table:
+
+| Name | Description |
+| ---  | ----------- | 
+| SubscriptionId | Azure subscription ID |
+| NamespaceName | Namespace name |
+| IPAddress | IP address of a client connecting to the Service Bus service |
+| Action | Action done by the Service Bus service when evaluating connection requests. Supported actions are **Accept Connection** and **Deny Connection**. |
+| Reason | Provides a reason why the action was done |
+| Count | Number of occurrences for the given action |
+| ResourceId | Azure Resource Manager resource ID. |
+| Category | ServiceBusVNetConnectionEvent |
+
+> [!NOTE] 
+> Virtual network logs are generated only if the namespace allows access from selected networks or from specific IP addresses (IP filter rules).
+
+Here's an example of a virtual network log JSON string:
+
+```json
+{
+    "SubscriptionId": "0000000-0000-0000-0000-000000000000",
+    "NamespaceName": "namespace-name",
+    "IPAddress": "1.2.3.4",
+    "Action": "Accept Connection",
+    "Reason": "IP is accepted by IPAddress filter.",
+    "Count": 1,
+    "ResourceId": "/SUBSCRIPTIONS/<AZURE SUBSCRPTION ID>/RESOURCEGROUPS/<RESOURCE GROUP NAME>/PROVIDERS/MICROSOFT.SERVICEBUS/NAMESPACES/<SERVICE BUS NAMESPACE NAME>",
+    "Category": "ServiceBusVNetConnectionEvent"
+}
+```
 
 ## Runtime audit logs
 Runtime audit logs capture aggregated diagnostic information for various data plane access operations (such as send or receive messages) in Service Bus.  

articles/service-fabric/service-fabric-cluster-capacity.md

@@ -117,6 +117,7 @@ Follow these recommendations for managing node types with Silver or Gold durabil
 Within certain constraints, node type durability level can be adjusted:
 
 * Node types with durability levels of Silver or Gold can't be downgraded to Bronze.
+* Downgrading node types with durability level of Gold to Silver is not supported.
 * Upgrading from Bronze to Silver or Gold can take a few hours.
 * When changing durability level, be sure to update it in both the Service Fabric extension configuration in your virtual machine scale set resource and in the node type definition in your Service Fabric cluster resource. These values must match.
 
@@ -202,4 +203,4 @@ For more on cluster planning, see:
 * [Disaster recovery planning](service-fabric-disaster-recovery.md)
 
 <!--Image references-->
-[SystemServices]: ./media/service-fabric-cluster-capacity/SystemServices.png
+[SystemServices]: ./media/service-fabric-cluster-capacity/SystemServices.png

includes/mdfc/mdfc-recs-aws-data.md

@@ -44,7 +44,7 @@ There are **61** AWS recommendations in this category.
 |[DynamoDB tables should have point-in-time recovery enabled](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/cc873508-40c1-41b6-8507-8a431d74f831) |This control checks whether point-in-time recovery (PITR) is enabled for an Amazon DynamoDB table. <br> Backups help you to recover more quickly from a security incident. They also strengthen the resilience of your systems. DynamoDB point-in-time recovery automates backups for DynamoDB tables. It reduces the time to recover from accidental delete or write operations. <br> DynamoDB tables that have PITR enabled can be restored to any point in time in the last 35 days. |Medium |
 |[EBS default encryption should be enabled](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/56406d4c-87b4-4aeb-b1cc-7f6312d78e0a) |This control checks whether account-level encryption is enabled by default for Amazon Elastic Block Store(Amazon EBS).<br> The control fails if the account level encryption is not enabled.<br>When encryption is enabled for your account, Amazon EBS volumes and snapshot copies are encrypted at rest. This adds an additional layer of protection for your data.<br>For more information, see <a href='https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#encryption-by-default'>Encryption by default</a> in the Amazon EC2 User Guide for Linux Instances.<br>Note that following instance types do not support encryption: R1, C1, and M1. |Medium |
 |[Elastic Beanstalk environments should have enhanced health reporting enabled](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/4170067b-345d-47ed-ab4a-c6b6046881f1) |This control checks whether enhanced health reporting is enabled for your AWS Elastic Beanstalk environments.<br>Elastic Beanstalk enhanced health reporting enables a more rapid response to changes in the health of the underlying infrastructure. These changes could result in a lack of availability of the application.<br>Elastic Beanstalk enhanced health reporting provides a status descriptor to gauge the severity of the identified issues and identify possible causes to investigate. The Elastic Beanstalk health agent, included in supported Amazon Machine Images (AMIs), evaluates logs and metrics of environment EC2 instances. |Low |
-|[Elastic Beanstalk managed platform updates should be enabled](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/820f6c6e-f73f-432c-8c60-cae1794ea150) |his control checks whether managed platform updates are enabled for the Elastic Beanstalk environment.<br>Enabling managed platform updates ensures that the latest available platform fixes, updates, and features for the environment are installed. Keeping up to date with patch installation is an important step in securing systems. |High |
+|[Elastic Beanstalk managed platform updates should be enabled](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/820f6c6e-f73f-432c-8c60-cae1794ea150) |This control checks whether managed platform updates are enabled for the Elastic Beanstalk environment.<br>Enabling managed platform updates ensures that the latest available platform fixes, updates, and features for the environment are installed. Keeping up to date with patch installation is an important step in securing systems. |High |
 |[Elasticsearch domain error logging to CloudWatch Logs should be enabled](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/f48af569-2e67-464b-9a62-b8df0f85bc5e) |This control checks whether Elasticsearch domains are configured to send error logs to CloudWatch Logs.<br>You should enable error logs for Elasticsearch domains and send those logs to CloudWatch Logs for retention and response. Domain error logs can assist with security and access audits, and can help to diagnose availability issues. |Medium |
 |[Elasticsearch domains should be configured with at least three dedicated master nodes](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/b4b9a67c-c315-4f9b-b06b-04867a453aab) |This control checks whether Elasticsearch domains are configured with at least three dedicated master nodes. This control fails if the domain does not use dedicated master nodes. This control passes if Elasticsearch domains have five dedicated master nodes. However, using more than three master nodes might be unnecessary to mitigate the availability risk, and will result in additional cost.<br>An Elasticsearch domain requires at least three dedicated master nodes for high availability and fault-tolerance. Dedicated master node resources can be strained during data node blue/green deployments because there are additional nodes to manage. Deploying an Elasticsearch domain with at least three dedicated master nodes ensures sufficient master node resource capacity and cluster operations if a node fails. |Medium |
 |[Elasticsearch domains should have at least three data nodes](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/994cbcb3-43d4-419d-b5c4-9adc558f3ca2) |This control checks whether Elasticsearch domains are configured with at least three data nodes and zoneAwarenessEnabled is true.<br>An Elasticsearch domain requires at least three data nodes for high availability and fault-tolerance. Deploying an Elasticsearch domain with at least three data nodes ensures cluster operations if a node fails. |Medium |