Merge pull request #213414 from MicrosoftDocs/release-ignite-cosmos-db

[Ignite 2022 ship room] | Rename Azure Cosmos DB Services | Cosmos DB | #696896

Author: SyntaxC4

articles/active-directory/app-proxy/what-is-application-proxy.md

@@ -134,7 +134,7 @@ The following diagram illustrates in general how Azure AD authentication service
 
 |**Component**|**Description**|
 |:-|:-|
-|Endpoint|The endpoint is a URL or an [user portal](../manage-apps/end-user-experiences.md). Users can reach applications while outside of your network by accessing an external URL. Users within your network can access the application through a URL or an user portal. When users go to one of these endpoints, they authenticate in Azure AD and then are routed through the connector to the on-premises application.|
+|Endpoint|The endpoint is a URL or an [user portal](../manage-apps/end-user-experiences.md). Users can reach applications while outside of your network by accessing an external URL. Users within your network can access the application through a URL or a user portal. When users go to one of these endpoints, they authenticate in Azure AD and then are routed through the connector to the on-premises application.|
 |Azure AD|Azure AD performs the authentication using the tenant directory stored in the cloud.|
 |Application Proxy service|This Application Proxy service runs in the cloud as part of Azure AD. It passes the sign-on token from the user to the Application Proxy Connector. Application Proxy forwards any accessible headers on the request and sets the headers as per its protocol, to the client IP address. If the incoming request to the proxy already has that header, the client IP address is added to the end of the comma-separated list that is the value of the header.|
 |Application Proxy connector|The connector is a lightweight agent that runs on a Windows Server inside your network. The connector manages communication between the Application Proxy service in the cloud and the on-premises application. The connector only uses outbound connections, so you don't have to open any inbound ports or put anything in the DMZ. The connectors are stateless and pull information from the cloud as necessary. For more information about connectors, like how they load-balance and authenticate, see [Understand Azure AD Application Proxy connectors](./application-proxy-connectors.md).|

articles/active-directory/authentication/how-to-mfa-registration-campaign.md

@@ -277,7 +277,7 @@ The feature aims to empower admins to get users set up with MFA using the Authen
 
 If this user doesn’t have the Authenticator app set up for push notifications and is enabled for it by policy, yes, the user will see the nudge. 
 
-**Will a user who has a the Authenticator app setup only for TOTP codes see the nudge?** 
+**Will a user who has the Authenticator app setup only for TOTP codes see the nudge?** 
 
 Yes. If the Authenticator app is not set up for push notifications and the user is enabled for it by policy, yes, the user will see the nudge.
 
@@ -308,4 +308,4 @@ It's the same as snoozing.
 
 ## Next steps
 
-[Enable passwordless sign-in with Microsoft Authenticator](howto-authentication-passwordless-phone.md)
+[Enable passwordless sign-in with Microsoft Authenticator](howto-authentication-passwordless-phone.md)

articles/active-directory/azuread-dev/videos.md

@@ -21,7 +21,7 @@ Learn about the new Microsoft identity platform and how to migrate to it from th
 
 ## Migrate from v1.0 to v2.0
 
-**Learn about migrating to the the latest version of the Microsoft identity platform**
+**Learn about migrating to the latest version of the Microsoft identity platform**
 
 :::row:::
     :::column:::

articles/active-directory/cloud-sync/concept-how-it-works.md

@@ -26,7 +26,7 @@ Cloud sync is built on top of the Azure AD services and has 2 key components:
 
 
 ## Initial setup
-During initial setup, the a few things are done that makes cloud sync happen.  These are: 
+During initial setup, a few things are done that makes cloud sync happen. These are: 
 
 - **During agent installation**: You configure the agent for the AD domains you want to provision from.  This configuration registers the domains in the hybrid identity service and establishes an outbound connection to the service bus listening for requests.
 - **When you enable provisioning**: You select the AD domain and enable provisioning which runs every 2 mins. Optionally you may deselect password hash sync and define notification email. You can also manage attribute transformation using Microsoft Graph APIs.

articles/active-directory/develop/active-directory-claims-mapping.md

@@ -218,7 +218,7 @@ To run this script you need:
     - password for the private key (pfx file)
 
 > [!IMPORTANT]
-> The private key must be in PKCS#12 format since Azure AD does not support other format types. Using the wrong format can result in the the error "Invalid certificate: Key value is invalid certificate" when using Microsoft Graph to PATCH the service principal with a `keyCredentials` containing the certificate info.
+> The private key must be in PKCS#12 format since Azure AD does not support other format types. Using the wrong format can result in the error "Invalid certificate: Key value is invalid certificate" when using Microsoft Graph to PATCH the service principal with a `keyCredentials` containing the certificate info.
 
 ```powershell
 

articles/active-directory/develop/custom-rbac-for-developers.md

@@ -56,7 +56,7 @@ Developers can also use [Azure AD groups](../fundamentals/active-directory-manag
 
 ### Custom data store
 
-App roles and groups both store information about user assignments in the Azure AD directory. Another option for managing user role information that is available to developers is to maintain the information outside of the directory in a custom data store. For example, in a SQL Database, Azure Table storage or Azure Cosmos DB Table API.
+App roles and groups both store information about user assignments in the Azure AD directory. Another option for managing user role information that is available to developers is to maintain the information outside of the directory in a custom data store. For example, in a SQL database, Azure Table storage, or Azure Cosmos DB for Table.
 
 Using custom storage allows developers extra customization and control over how to assign roles to users and how to represent them. However, the extra flexibility also introduces more responsibility. For example, there's no mechanism currently available to include this information in tokens returned from Azure AD. If developers maintain role information in a custom data store, they'll need to have the applications retrieve the roles. Retrieving the roles is typically done using extensibility points defined in the middleware available to the platform that's being used to develop the application. Developers are responsible for properly securing the custom data store.
 

articles/active-directory/fundamentals/secure-with-azure-ad-single-tenant.md

@@ -82,7 +82,7 @@ Azure RBAC allows you to design an administration model with granular scopes and
 
 * **Resource group** - You can assign roles to specific resource groups so that they don't impact any other resource groups. In the example above, the Benefits engineering team can assign the Contributor role to the test lead so they can manage the test DB and the test web app, or to add more resources.
 
-* **Individual resources** - You can assign roles to specific resources so that they don't impact any other resources. In the example above, the Benefits engineering team can assign a data analyst the Cosmos DB Account Reader role just for the test instance of the Cosmos DB, without interfering with the test web app, or any production resource.
+* **Individual resources** - You can assign roles to specific resources so that they don't impact any other resources. In the example above, the Benefits engineering team can assign a data analyst the Cosmos DB Account Reader role just for the test instance of the Azure Cosmos DB database, without interfering with the test web app or any production resource.
 
 For more information, see [Azure built-in roles](../../role-based-access-control/built-in-roles.md) and [What is Azure role-based access control (Azure RBAC)?](../../role-based-access-control/overview.md).
 

articles/active-directory/fundamentals/service-accounts-managed-identities.md

@@ -41,7 +41,7 @@ With managed identities the source system can obtain a token from Azure AD witho
 
 The target system needs to authenticate (identify) and authorize the source system before allowing access. When the target service supports Azure AD-based authentication it accepts an access token issued by Azure AD. 
 
-Azure has a control plane and a data plane. In the control plane, you create resources, and in the data plane you access them. For example, you create a Cosmos database in the control plane, but query it in the data plane.
+Azure has a control plane and a data plane. In the control plane, you create resources, and in the data plane you access them. For example, you create an Azure Cosmos DB database in the control plane, but query it in the data plane.
 
 Once the target system accepts the token for authentication, it can support different mechanisms for authorization for its control plane and data plane.
 
@@ -91,7 +91,7 @@ There are several ways in which you can find managed identities:
 
 You can get a list of all managed identities in your tenant with the following GET request to Microsoft Graph:
 
-`https://graph.microsoft.com/v1.0/servicePrincipals?$filter=(servicePrincipalType eq 'ManagedIdentity') `
+`https://graph.microsoft.com/v1.0/servicePrincipals?$filter=(servicePrincipalType eq 'ManagedIdentity')`
 
 You can filter these requests. For more information, see the Graph documentation for [GET servicePrincipal](/graph/api/serviceprincipal-get).
 
@@ -101,11 +101,10 @@ You can assess the security of managed identities in the following ways:
 
 * Examine privileges and ensure that the least privileged model is selected. Use the following PowerShell cmdlet to get the permissions assigned to your managed identities.
 
-   ` Get-AzureADServicePrincipal | % { Get-AzureADServiceAppRoleAssignment -ObjectId $_ }`
+   `Get-AzureADServicePrincipal | % { Get-AzureADServiceAppRoleAssignment -ObjectId $_ }`
 
 
-* Ensure the managed identity is not part of any privileged groups, such as an administrators group.  
-‎You can do this by enumerating the members of your highly privileged groups with PowerShell.
+* Ensure the managed identity is not part of any privileged groups, such as an administrators group. You can do this by enumerating the members of your highly privileged groups with PowerShell.
 
    `Get-AzureADGroupMember -ObjectId <String> [-All <Boolean>] [-Top <Int32>] [<CommonParameters>]`
 
@@ -134,8 +133,3 @@ If you are using a  service principal or an Azure AD user account, evaluate if y
 [Governing Azure service accounts](service-accounts-governing-azure.md)
 
 [Introduction to on-premises service accounts](service-accounts-on-premises.md)
-
- 
-
- 
-

articles/active-directory/managed-identities-azure-resources/tutorial-linux-vm-access-cosmos-db.md

@@ -25,12 +25,12 @@ ms.collection: M365-identity-device-management
 This tutorial shows you how to use a system-assigned managed identity for a Linux virtual machine (VM) to access Azure Cosmos DB. You learn how to:
 
 > [!div class="checklist"]
-> * Create a Cosmos DB account
-> * Create a collection in the Cosmos DB account
+> * Create an Azure Cosmos DB account
+> * Create a collection in the Azure Cosmos DB account
 > * Grant the system-assigned managed identity access to an Azure Cosmos DB instance
 > * Retrieve the `principalID` of the of the Linux VM's system-assigned managed identity
 > * Get an access token and use it to call Azure Resource Manager
-> * Get access keys from Azure Resource Manager to make Cosmos DB calls
+> * Get access keys from Azure Resource Manager to make Azure Cosmos DB calls
 
 ## Prerequisites
 
@@ -41,28 +41,28 @@ This tutorial shows you how to use a system-assigned managed identity for a Linu
     - Use the [Azure Cloud Shell](../../cloud-shell/overview.md), which you can open using the **Try It** button on the top right corner of code blocks.
     - Run scripts locally by installing the latest version of the [Azure CLI](/cli/azure/install-azure-cli), then sign in to Azure using [az login](/cli/azure/reference-index#az-login). Use an account associated with the Azure subscription in which you'd like to create resources.
 
-## Create a Cosmos DB account 
+## Create an Azure Cosmos DB account
 
-If you don't already have one, create a Cosmos DB account. You can skip this step and use an existing Cosmos DB account. 
+If you don't already have one, create an Azure Cosmos DB account. You can skip this step and use an existing Azure Cosmos DB account. 
 
 1. Click the **+ Create a resource** button found on the upper left-hand corner of the Azure portal.
 2. Click **Databases**, then **Azure Cosmos DB**, and a new "New account" panel  displays.
-3. Enter an **ID** for the Cosmos DB account, which you use later.  
+3. Enter an **ID** for the Azure Cosmos DB account, which you use later.
 4. **API** should be set to "SQL." The approach described in this tutorial can be used with the other available API types, but the steps in this tutorial are for the SQL API.
-5. Ensure the **Subscription** and **Resource Group** match the ones you specified when you created your VM in the previous step.  Select a **Location** where Cosmos DB is available.
+5. Ensure the **Subscription** and **Resource Group** match the ones you specified when you created your VM in the previous step.  Select a **Location** where Azure Cosmos DB is available.
 6. Click **Create**.
 
-### Create a collection in the Cosmos DB account
+### Create a collection in the Azure Cosmos DB account
 
-Next, add a data collection in the Cosmos DB account that you can query in later steps.
+Next, add a data collection in the Azure Cosmos DB account that you can query in later steps.
 
-1. Navigate to your newly created Cosmos DB account.
+1. Navigate to your newly created Azure Cosmos DB account.
 2. On the **Overview** tab click the **+/Add Collection** button, and an "Add Collection" panel slides out.
 3. Give the collection a database ID, collection ID, select a storage capacity, enter a partition key, enter a throughput value, then click **OK**.  For this tutorial, it is sufficient to use "Test" as the database ID and collection ID, select a fixed storage capacity and lowest throughput (400 RU/s).  
 
 ## Grant access
 
-To gain access to the Cosmos DB account access keys from the Resource Manager in the following section, you need to retrieve the `principalID` of the Linux VM's system-assigned managed identity.  Be sure to replace the `<SUBSCRIPTION ID>`, `<RESOURCE GROUP>` (resource group in which your VM resides), and `<VM NAME>` parameter values with your own values.
+To gain access to the Azure Cosmos DB account access keys from the Resource Manager in the following section, you need to retrieve the `principalID` of the Linux VM's system-assigned managed identity.  Be sure to replace the `<SUBSCRIPTION ID>`, `<RESOURCE GROUP>` (resource group in which your VM resides), and `<VM NAME>` parameter values with your own values.
 
 ```azurecli-interactive
 az resource show --id /subscriptions/<SUBSCRIPTION ID>/resourceGroups/<RESOURCE GROUP>/providers/Microsoft.Compute/virtualMachines/<VM NAMe> --api-version 2017-12-01
@@ -79,11 +79,11 @@ The response includes the details of the system-assigned managed identity (note
  }
 ```
 
-### Grant your Linux VM's system-assigned identity access to the Cosmos DB account access keys
+### Grant your Linux VM's system-assigned identity access to the Azure Cosmos DB account access keys
 
-Cosmos DB does not natively support Azure AD authentication. However, you can use a managed identity to retrieve a Cosmos DB access key from the Resource Manager, then use the key to access Cosmos DB. In this step, you grant your system-assigned managed identity access to the keys to the Cosmos DB account.
+Azure Cosmos DB does not natively support Azure AD authentication. However, you can use a managed identity to retrieve an Azure Cosmos DB access key from the Resource Manager, then use the key to access Azure Cosmos DB. In this step, you grant your system-assigned managed identity access to the keys to the Azure Cosmos DB account.
 
-To grant the system-assigned managed identity access to the Cosmos DB account in Azure Resource Manager using the Azure CLI, update the values for `<SUBSCRIPTION ID>`, `<RESOURCE GROUP>`, and `<COSMOS DB ACCOUNT NAME>` for your environment. Replace `<MI PRINCIPALID>` with the `principalId` property returned by the `az resource show` command in Retrieve the principalID of the Linux VM's MI.  Cosmos DB supports two levels of granularity when using access keys:  read/write access to the account, and read-only access to the account.  Assign the `DocumentDB Account Contributor` role if you want to get read/write keys for the account, or assign the `Cosmos DB Account Reader Role` role if you want to get read-only keys for the account:
+To grant the system-assigned managed identity access to the Azure Cosmos DB account in Azure Resource Manager using the Azure CLI, update the values for `<SUBSCRIPTION ID>`, `<RESOURCE GROUP>`, and `<COSMOS DB ACCOUNT NAME>` for your environment. Replace `<MI PRINCIPALID>` with the `principalId` property returned by the `az resource show` command in Retrieve the principalID of the Linux VM's MI.  Azure Cosmos DB supports two levels of granularity when using access keys:  read/write access to the account, and read-only access to the account.  Assign the `DocumentDB Account Contributor` role if you want to get read/write keys for the account, or assign the `Cosmos DB Account Reader Role` role if you want to get read-only keys for the account:
 
 ```azurecli-interactive
 az role assignment create --assignee <MI PRINCIPALID> --role '<ROLE NAME>' --scope "/subscriptions/<SUBSCRIPTION ID>/resourceGroups/<RESOURCE GROUP>/providers/Microsoft.DocumentDB/databaseAccounts/<COSMODS DB ACCOUNT NAME>"
@@ -134,9 +134,9 @@ To complete these steps, you need an SSH client. If you are using Windows, you c
      "client_id":"1ef89848-e14b-465f-8780-bf541d325cd5"}
      ```
 
-### Get access keys from Azure Resource Manager to make Cosmos DB calls  
+### Get access keys from Azure Resource Manager to make Azure Cosmos DB calls
 
-Now use CURL to call Resource Manager using the access token retrieved in the previous section to retrieve the Cosmos DB account access key. Once we have the access key, we can query Cosmos DB. Be sure to replace the `<SUBSCRIPTION ID>`, `<RESOURCE GROUP>`, and `<COSMOS DB ACCOUNT NAME>` parameter values with your own values. Replace the `<ACCESS TOKEN>` value with the access token you retrieved earlier.  If you want to retrieve read/write keys, use key operation type `listKeys`.  If you want to retrieve read-only keys, use the key operation type `readonlykeys`:
+Now use CURL to call Resource Manager using the access token retrieved in the previous section to retrieve the Azure Cosmos DB account access key. Once we have the access key, we can query Azure Cosmos DB. Be sure to replace the `<SUBSCRIPTION ID>`, `<RESOURCE GROUP>`, and `<COSMOS DB ACCOUNT NAME>` parameter values with your own values. Replace the `<ACCESS TOKEN>` value with the access token you retrieved earlier.  If you want to retrieve read/write keys, use key operation type `listKeys`.  If you want to retrieve read-only keys, use the key operation type `readonlykeys`:
 
 ```bash 
 curl 'https://management.azure.com/subscriptions/<SUBSCRIPTION ID>/resourceGroups/<RESOURCE GROUP>/providers/Microsoft.DocumentDB/databaseAccounts/<COSMOS DB ACCOUNT NAME>/<KEY OPERATION TYPE>?api-version=2016-03-31' -X POST -d "" -H "Authorization: Bearer <ACCESS TOKEN>" 
@@ -152,11 +152,11 @@ The CURL response gives you the list of Keys.  For example, if you get the read-
 "secondaryReadonlyMasterKey":"38v5ns...7bA=="}
 ```
 
-Now that you have the access key for the Cosmos DB account you can pass it to a Cosmos DB SDK and make calls to access the account.
+Now that you have the access key for the Azure Cosmos DB account, you can pass it to an Azure Cosmos DB SDK and make calls to access the account.
 
 ## Next steps
 
-In this tutorial, you learned how to use a system-assigned managed identity on a Linux virtual machine to access Cosmos DB.  To learn more about Cosmos DB see:
+In this tutorial, you learned how to use a system-assigned managed identity on a Linux virtual machine to access Azure Cosmos DB.  To learn more about Azure Cosmos DB, see:
 
 > [!div class="nextstepaction"]
 >[Azure Cosmos DB overview](../../cosmos-db/introduction.md)