Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into updateOverview

Author: rboucher

articles/active-directory/reports-monitoring/overview-recommendations.md

@@ -9,7 +9,7 @@ ms.topic: overview
 ms.tgt_pltfrm: na
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 05/29/2023
+ms.date: 07/11/2023
 ms.author: sarahlipsey
 ms.reviewer: hafowler  
 ms.collection: M365-identity-device-management
@@ -52,16 +52,14 @@ The recommendations listed in the following table are currently available in pub
 |---- |---- |---- |---- |
 | [Convert per-user MFA to Conditional Access MFA](recommendation-turn-off-per-user-mfa.md) | Users | All licenses | Generally available |
 | [Migrate applications from AD FS to Azure AD](recommendation-migrate-apps-from-adfs-to-azure-ad.md) | Applications | All licenses | Generally available |
-| [Migrate from ADAL to MSAL](recommendation-migrate-from-adal-to-msal.md) | Applications | All licenses | Generally available* |
+| [Migrate from ADAL to MSAL](recommendation-migrate-from-adal-to-msal.md) | Applications | All licenses | Generally available |
 | [Migrate to Microsoft Authenticator](recommendation-migrate-to-authenticator.md) | Users | All licenses | Preview |
 | [Minimize MFA prompts from known devices](recommendation-mfa-from-known-devices.md)  | Users | All licenses | Generally available |
 | [Remove unused applications](recommendation-remove-unused-apps.md) | Applications | Azure AD Premium P2 | Preview |
 | [Remove unused credentials from applications](recommendation-remove-unused-credential-from-apps.md) | Applications | Azure AD Premium P2 | Preview |
 | [Renew expiring application credentials](recommendation-renew-expiring-application-credential.md) | Applications | Azure AD Premium P2 | Preview |
 | [Renew expiring service principal credentials](recommendation-renew-expiring-service-principal-credential.md) | Applications | Azure AD Premium P2 | Preview |
 
-*The Migrate from ADAL to MSAL recommendation is generally available, but rolling out in phases. If you don't see this recommendation in your tenant, check back later.
-
 Azure AD only displays the recommendations that apply to your tenant, so you may not see all supported recommendations listed.
 
 ## Next steps

articles/azure-monitor/agents/azure-monitor-agent-extension-versions.md

@@ -20,8 +20,8 @@ We strongly recommended to always update to the latest version, or opt in to the
 ## Version details
 | Release Date | Release notes | Windows | Linux |
 |:---|:---|:---|:---|
-| June 2023| **Windows** <ul><li>Add new file path column to custom logs table</li><li>Config setting to disable custom IMDS endpoint in Tenant.json file</li><li>Support DCR settings for DiskQuotaInMB</li><li>FluentBit binaries signed with Microsoft customer Code Sign cert</li><li>Minimize number of retries on calls to refresh tokens</li><li>Don't overwrite resource ID with empty string</li><li>AzSecPack updated to version 4.27</li><li>AzureProfiler and AzurePerfCollector updated to version 1.0.0.990</li><li>MetricsExtension updated to version 2.2023.513.10</li><li>Troubleshooter updated to version 1.5.0</li></ul>**Linux** <ul><li>Add the forwarder/collector's identifier (hostname)</li><li>Link OpenSSL dynamically</li><li>Support Arc-Enabled Servers proxy configuration file</li><li>**Fixes**<ul><li>Allow uploads soon after AMA start up</li><li>Run LocalSink GC on a dedicated thread to avoid thread pool scheduling issues</li><li>Fix upgrade restart of disabled services</li><li>Handle Linux Hardening where sudo on root is blocked</li><li>CEF processing fixes for noncomliant RFC 5424 logs</li><li>ASA tenant can fail to start up due to config-cache directory permissions</li><li>Fix auth proxy in AMA</li></ul></li></ul>|1.17.0  |1.27.2|
-| May 2023 | **Windows** <ul><li>Enable Large Event support for all regions.</li><li>Update to TroubleShooter 1.4.0.</li><li>Fixed issue when Event Log subscription become invalid an would not resubscribe.</li><li>AMA: Fixed issue with Large Event sending too large data. Also affecting Custom Log.</li></ul> **Linux** <ul><li>Support for CIS and SELinux [hardening](./agents-overview.md)</li><li>Include Ubuntu 22.04 (Jammy) in azure-mdsd package publishing</li><li>Move storage SDK patch to build container</li><li>Add system Telegraf counters to AMA</li><li>Drop msgpack and syslog data if not configured in active configuration</li><li>Limit the events sent to Public ingestion pipeline</li><li>**Fixes** <ul><li>Fix mdsd crash in init when in persistent mode </li><li>Remove FdClosers from ProtocolListeners to avoid a race condition</li><li>Fix sed regex special character escaping issue in rpm macro for Centos 7.3.Maipo</li><li>Fix latency and future timestamp issue</li><li>Install AMA syslog configs only if customer is opted in for syslog in DCR</li><li>Fix heartbeat time check</li><li>Skip unnecessary cleanup in fatal signal handler</li><li>Fix case where fast-forwarding may cause intervals to be skipped</li><li>Fix comma separated custom log paths with fluent</li></ul></li><ul> | 1.16.0.0 | 1.26.2 |
+| June 2023| **Windows** <ul><li>Add new file path column to custom logs table</li><li>Config setting to disable custom IMDS endpoint in Tenant.json file</li><li>FluentBit binaries signed with Microsoft customer Code Sign cert</li><li>Minimize number of retries on calls to refresh tokens</li><li>Don't overwrite resource ID with empty string</li><li>AzSecPack updated to version 4.27</li><li>AzureProfiler and AzurePerfCollector updated to version 1.0.0.990</li><li>MetricsExtension updated to version 2.2023.513.10</li><li>Troubleshooter updated to version 1.5.0</li></ul>**Linux** <ul><li>Add new column CollectorHostName to syslog table to identify forwarder/collector machine</li><li>Link OpenSSL dynamically</li><li>Support Arc-Enabled Servers proxy configuration file</li><li>**Fixes**<ul><li>Allow uploads soon after AMA start up</li><li>Run LocalSink GC on a dedicated thread to avoid thread pool scheduling issues</li><li>Fix upgrade restart of disabled services</li><li>Handle Linux Hardening where sudo on root is blocked</li><li>CEF processing fixes for noncomliant RFC 5424 logs</li><li>ASA tenant can fail to start up due to config-cache directory permissions</li><li>Fix auth proxy in AMA</li><li>Fix to remove null characters in agentlauncher.log after log rotation</li></ul></li></ul>|1.17.0  |1.27.2|
+| May 2023 | **Windows** <ul><li>Enable Large Event support for all regions.</li><li>Update to TroubleShooter 1.4.0.</li><li>Fixed issue when Event Log subscription become invalid an would not resubscribe.</li><li>AMA: Fixed issue with Large Event sending too large data. Also affecting Custom Log.</li></ul> **Linux** <ul><li>Support for CIS and SELinux [hardening](./agents-overview.md)</li><li>Include Ubuntu 22.04 (Jammy) in azure-mdsd package publishing</li><li>Move storage SDK patch to build container</li><li>Add system Telegraf counters to AMA</li><li>Drop msgpack and syslog data if not configured in active configuration</li><li>Limit the events sent to Public ingestion pipeline</li><li>**Fixes** <ul><li>Fix mdsd crash in init when in persistent mode </li><li>Remove FdClosers from ProtocolListeners to avoid a race condition</li><li>Fix sed regex special character escaping issue in rpm macro for Centos 7.3.Maipo</li><li>Fix latency and future timestamp issue</li><li>Install AMA syslog configs only if customer is opted in for syslog in DCR</li><li>Fix heartbeat time check</li><li>Skip unnecessary cleanup in fatal signal handler</li><li>Fix case where fast-forwarding may cause intervals to be skipped</li><li>Fix comma separated custom log paths with fluent</li><li>Fix to prevent events folder growing too large and filling the disk</li></ul></li><ul> | 1.16.0.0 | 1.26.2 |
 | Apr 2023 | **Windows** <ul><li>AMA: Enable Large Event support based on Region.</li><li>AMA: Upgrade to FluentBit version 2.0.9</li><li>Update Troubleshooter to 1.3.1</li><li>Update ME version to 2.2023.331.1521</li><li>Updating package version for AzSecPack 4.26 release</li></ul>|1.15.0| Coming soon|
 | Mar 2023 | **Windows** <ul><li>Text file collection improvements to handle high rate logging and continuous tailing of longer lines</li><li>VM Insights fixes for collecting metrics from non-English OS</li></ul> | 1.14.0.0 | Coming soon |
 | Feb 2023 | <ul><li>**Linux (hotfix)** Resolved potential data loss due to "Bad file descriptor" errors seen in the mdsd error log with previous version. Upgrade to hotfix version</li><li>**Windows** Reliability improvements in Fluentbit buffering to handle larger text files</li></ul> | 1.13.1 | 1.25.2<sup>Hotfix</sup> |

articles/azure-monitor/essentials/data-collection-transformations.md

@@ -74,9 +74,18 @@ There are multiple methods to create transformations depending on the data colle
 While transformations themselves don't incur direct costs, the following scenarios can result in additional charges:
 
 - If a transformation increases the size of the incoming data, such as by adding a calculated column, you'll be charged the standard ingestion rate for the extra data.
-- If a transformation reduces the incoming data by more than 50%, you'll be charged for the amount of filtered data above 50%.
+- If a transformation reduces the ingested data by more than 50%, you'll be charged for the amount of filtered data above 50%.
 
-To calculate the data processing charge resulting from transformations, use the following formula: [GB filtered out by transformations] - ([Total GB ingested] / 2). For example, if you ingest 100 GB of data and your transformations remove 70 GB, you'll be charged for 70 GB - (100 GB / 2), which is 20 GB. This calculation is done per data collection rule and per day basis. To avoid this charge, it's recommended to filter incoming data using alternative methods before applying transformations. By doing so, you can reduce the amount of data processed by transformations and, therefore, minimize any additional costs.
+To calculate the data processing charge resulting from transformations, use the following formula:<br>[GB filtered out by transformations] - ([GB data ingested by pipeline] / 2). The following table shows examples.
+
+| Data ingested by pipeline | Data dropped by transformation | Data ingested by Log Analytics workspace | Data processing charge | Ingestion charge |
+|:---|:-:|:-:|:-:|:-:|
+| 20 GB | 12 GB | 8 GB | 2 GB <sup>1</sup> | 8 GB |
+| 20 GB | 8 GB | 12 GB | 0 GB | 12 GB |
+
+<sup>1</sup> This charge excludes the charge for data ingested by Log Analytics workspace.
+
+To avoid this charge, you should filter ingested data using alternative methods before applying transformations. By doing so, you can reduce the amount of data processed by transformations and, therefore, minimize any additional costs.
 
 See [Azure Monitor pricing](https://azure.microsoft.com/pricing/details/monitor) for current charges for ingestion and retention of log data in Azure Monitor.
 

articles/azure-monitor/index.yml

@@ -54,16 +54,12 @@ landingContent:
     linkLists: 
       - linkListType: learn
         links:
-          - text: Azure Monitor learning path 
+          - text: Azure Monitor fundamentals 
             url: /training/paths/monitor-usage-performance-availability-resources-azure-monitor/
-          - text: Configure Azure Monitor
-            url: /training/modules/configure-azure-monitor/
-          - text: Analyze logs in Azure Monitor with KQL
-            url: /training/modules/analyze-logs-with-kql/
-          - text: Monitor performance of virtual machines using Azure Monitor VM Insights
-            url: /training/modules/monitor-performance-using-azure-monitor-for-vms/
-          - text: Visualize data combined from multiple data sources using Azure Workbooks
-            url: /training/modules/visualize-data-workbooks/
+          - text: Analyze monitoring data with Kusto Query Language
+            url: /training/paths/analyze-monitoring-data-with-kql/
+          - text: Monitor hybrid virtual machines, containers, and network resources
+            url: /training/paths/monitor-hybrid-virtual-machines-containers-network/
 
 # Card 
   - title: Get started with Azure Monitor

articles/cloud-services/cloud-services-guestos-msrc-releases.md

@@ -11,14 +11,70 @@ ms.service: cloud-services
 ms.topic: article
 ms.tgt_pltfrm: na
 ms.workload: tbd
-ms.date: 7/8/2023
+ms.date: 7/11/2023
 ms.author: gunnarc
 ms.custom: compute-evergreen
 ---
 
 # Azure Guest OS
 The following tables show the Microsoft Security Response Center (MSRC) updates applied to the Azure Guest OS. Search this article to determine if a particular update applies to the Guest OS you are using. Updates always carry forward for the particular [family][family-explain] they were introduced in.
 
+## July 2023 Guest OS
+
+>[!NOTE] 
+
+>The July Guest OS is currently being rolled out to Cloud Service VMs that are configured for automatic updates. When the rollout is complete, this version will be made available for manual updates through the Azure portal and configuration files. The following patches are included in the July Guest OS. This list is subject to change. 
+
+| Product Category | Parent KB Article | Vulnerability Description | Guest OS | Date First Introduced |
+| --- | --- | --- | --- | --- |
+|  Rel 23-07 |  [5028168]  |  Latest Cumulative Update(LCU) | 6.60 | Jul 11, 2023 |
+|  Rel 23-07 |  [5028171]  |  Latest Cumulative Update(LCU) | 7.28 | Jul 11, 2023 |
+|  Rel 23-07 |  [5028169]  |  Latest Cumulative Update(LCU) | 5.84 | Jun 11, 2023 |
+|  Rel 23-07 |  [5028871]  |  .NET Framework 3.5 Security and Quality Rollup | 2.140 | Jul 11, 2023 |
+|  Rel 23-07 |  [5028865]  |  .NET Framework 4.7.2 Security and Quality Rollup | 2.140 | Jul 11, 2023 |
+|  Rel 23-07 |  [5028872]  |  .NET Framework 3.5 Security and Quality Rollup LKG | 4.120 | Jul 11, 2023 |
+|  Rel 23-07 |  [5028864]  |  .NET Framework 4.7.2 Cumulative Update LKG  | 4.120 | Ju1 11, 2023 |
+|  Rel 23-07 |  [5028869]  |  .NET Framework 3.5 Security and Quality Rollup LKG | 3.128 | Jul 11, 2023 |
+|  Rel 23-07 |  [5028863]  |  .NET Framework 4.7.2 Cumulative Update LKG | 3.128 | Jul 11, 2023 |
+|  Rel 23-07 |  [5028862]  |  .NET Framework DotNet | 6.60 | Jul 11, 2023 |
+|  Rel 23-07 |  [5028858]  |  .NET Framework 4.8 Security and Quality Rollup LKG | 7.28 | Ju1 11, 2023 |
+|  Rel 23-07 |  [5028240]  |  Monthly Rollup | 2.140 | Jul 11, 2023 |
+|  Rel 23-07 |  [5028232]  |  Monthly Rollup | 3.128 | Jul 11, 2023 |
+|  Rel 23-07 |  [5028228]  |  Monthly Rollup | 4.120 | Jul 11, 2023 |
+|  Rel 23-07 |  [5027575]  |  Servicing Stack Update | 3.128 | Jun 13, 2023 |
+|  Rel 23-07 |  [5027574]  |  Servicing Stack Update LKG | 4.120 | Jun 13, 2023 |
+|  Rel 23-07 |  [4578013]  |  OOB Standalone Security Update | 4.120 | Aug 19, 2023 |
+|  Rel 23-07 |  [5023788]  |  Servicing Stack Update LKG | 5.84 | Mar 14, 2023 |
+|  Rel 23-07 |  [5028264]  |  Servicing Stack Update LKG | 2.140 | Jul 11, 2023 |
+|  Rel 23-07 |  [4494175]  |  Microcode | 5.84 | Sep 1, 2020 |
+|  Rel 23-07 |  [4494174]  |  Microcode | 6.60 | Sep 1, 2020 |
+|  Rel 23-07 |  5028317  |  Servicing Stack Update | 7.28 |  |
+|  Rel 23-07 |  5028316  |  Servicing Stack Update | 6.60 |  |
+
+[5028168]: https://support.microsoft.com/kb/5028168
+[5028171]: https://support.microsoft.com/kb/5028171
+[5028169]: https://support.microsoft.com/kb/5028169
+[5028871]: https://support.microsoft.com/kb/5028871
+[5028865]: https://support.microsoft.com/kb/5028865
+[5028872]: https://support.microsoft.com/kb/5028872
+[5028864]: https://support.microsoft.com/kb/5028864
+[5028869]: https://support.microsoft.com/kb/5028869
+[5028863]: https://support.microsoft.com/kb/5028863
+[5028862]: https://support.microsoft.com/kb/5028862
+[5028858]: https://support.microsoft.com/kb/5028858
+[5028240]: https://support.microsoft.com/kb/5028240
+[5028232]: https://support.microsoft.com/kb/5028232
+[5028228]: https://support.microsoft.com/kb/5028228
+[5027575]: https://support.microsoft.com/kb/5027575
+[5027574]: https://support.microsoft.com/kb/5027574
+[4578013]: https://support.microsoft.com/kb/4578013
+[5023788]: https://support.microsoft.com/kb/5023788
+[5028264]: https://support.microsoft.com/kb/5028264
+[4494175]: https://support.microsoft.com/kb/4494175
+[4494174]: https://support.microsoft.com/kb/4494174
+[5028317]: https://support.microsoft.com/kb/5028317
+[5028316]: https://support.microsoft.com/kb/5028316
+
 ## June 2023 Guest OS
 
 

articles/cognitive-services/content-safety/faq.yml

@@ -0,0 +1,49 @@
+### YamlMime:FAQ
+metadata:
+  title: "Frequently asked questions - Azure AI Content Safety"
+  titleSuffix: Azure Cognitive Services
+  description: Get answers to frequently asked questions about AI Content Safety in Azure Cognitive Services.
+  services: cognitive-services
+  author: PatrickFarley
+  manager: nitinme
+
+  ms.service: cognitive-services
+  ms.subservice: content-safety
+  ms.topic: faq
+  ms.date: 07/03/2023
+  ms.author: pafarley
+  ms.custom:
+title: AI Content Safety API Frequently Asked Questions
+summary: |
+  > [!TIP]
+  > If you can't find answers to your questions in this FAQ, ask the Cognitive Services API community on [StackOverflow](https://stackoverflow.com/questions/tagged/project-oxford+or+microsoft-cognitive) or contact Help and Support on [UserVoice](https://feedback.azure.com/d365community/forum/09041fae-0b25-ec11-b6e6-000d3a4f0858)
+
+
+sections:
+  - name: AI Content Safety API frequently asked questions
+    questions:
+      - question: |
+          What is the difference between the Azure Content Moderator and Azure AI Content Safety services?
+        answer: |
+          The main differences between the two services are:
+
+          - Azure Content Moderator uses binary classification for each content type (such as `profanity` or `adult`), while Azure AI Content Safety uses multiple classes (such as `sexual`, `violent`, `hate`, and `self-harm`) with different severity levels.
+          - Azure Content Safety supports multilingual content moderation in English, German, Japanese, Spanish, French, Italian, Portuguese, and Chinese, while Azure Content Moderator's AI classifiers only support English.
+          - Azure Content Moderator has a built-in term list and a custom term list feature, while Azure AI Content Safety does not have a built-in term list but relies on advanced language and vision models to detect harmful content. It also provides a custom term list feature for incident response and customization.
+          - Azure AI Content Safety has an interactive studio for exploring and testing the service capabilities, while Azure Content Moderator does not.
+      - question: |
+          Why should I migrate from Azure Content Moderator to Azure AI Content Safety?
+        answer: |
+          Microsoft recommends that customers who are using Azure Content Moderator migrate to Azure AI Content Safety because:
+
+          - Azure AI Content Safety offers more accurate and granular detection of harmful content in text and images using state-of-the-art AI models.
+          - Azure AI Content Safety supports multilingual content moderation in English, Japanese, German, Spanish, French, Portuguese, Italian, and Chinese.
+          - Azure AI Content Safety enables responsible AI practices by monitoring both user-generated and AI-generated content.
+      - question: |
+          How does billing work for the Azure AI Content Safety service?
+        answer: |
+          In the S tier, there are two types of APIs. For the Text API, the service is billed for the amount of text records submitted to the service. For the Image API, the service is billed for the number of images submitted to the service.
+      - question: |
+          What happens if I exceed the transaction limit on my free tier for Azure AI Content Safety?
+        answer: |
+          Usage is throttled if the transaction limit is reached on the Free tier. Customers cannot accrue overages on the free tier.