Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into wi236734-copilot-in-mdc

Author: ElazarK

articles/azure-monitor/app/opentelemetry-enable.md

@@ -46,6 +46,10 @@ Follow the steps in this section to instrument your application with OpenTelemet
 
 - A Java application using Java 8+
 
+### [Java Native](#tab/java-native)
+
+- A Java application using GraalVM 17+
+
 ### [Node.js](#tab/nodejs)
 
 > [!NOTE]
@@ -65,15 +69,15 @@ Follow the steps in this section to instrument your application with OpenTelemet
 
 #### [ASP.NET Core](#tab/aspnetcore)
 
-Install the latest [Azure.Monitor.OpenTelemetry.AspNetCore](https://www.nuget.org/packages/Azure.Monitor.OpenTelemetry.AspNetCore) NuGet package:
+Install the latest `Azure.Monitor.OpenTelemetry.AspNetCore` [NuGet package](https://www.nuget.org/packages/Azure.Monitor.OpenTelemetry.AspNetCore):
 
 ```dotnetcli
 dotnet add package Azure.Monitor.OpenTelemetry.AspNetCore 
 ```
 
 ### [.NET](#tab/net)
 
-Install the latest [Azure.Monitor.OpenTelemetry.Exporter](https://www.nuget.org/packages/Azure.Monitor.OpenTelemetry.Exporter) NuGet package:
+Install the latest `Azure.Monitor.OpenTelemetry.Exporter` [NuGet package](https://www.nuget.org/packages/Azure.Monitor.OpenTelemetry.Exporter):
 
 ```dotnetcli
 dotnet add package Azure.Monitor.OpenTelemetry.Exporter 
@@ -92,6 +96,17 @@ Download the [applicationinsights-agent-3.5.3.jar](https://github.com/microsoft/
 > [3.2.0](https://github.com/microsoft/ApplicationInsights-Java/releases/tag/3.2.0), and
 > [3.1.0](https://github.com/microsoft/ApplicationInsights-Java/releases/tag/3.1.0)
 
+
+#### [Java Native](#tab/java-native)
+
+For Spring Boot native applications:
+* [Import the OpenTelemetry Bills of Materials (BOM)](https://opentelemetry.io/docs/zero-code/java/spring-boot-starter/getting-started/).
+* Add the [Spring Cloud Azure Starter Monitor](https://mvnrepository.com/artifact/com.azure.spring/cloud-starter-azure-monitor) dependency.
+* Follow [these instructions](/azure//developer/java/spring-framework/developer-guide-overview#configuring-spring-boot-3) for the Azure SDK JAR (Java Archive) files.
+
+For Quarkus native applications:
+* Add the [Quarkus OpenTelemetry Exporter for Azure](https://mvnrepository.com/artifact/io.quarkiverse.opentelemetry.exporter/quarkus-opentelemetry-exporter-azure) dependency.
+
 #### [Node.js](#tab/nodejs)
 
 Install these packages:
@@ -202,6 +217,11 @@ Point the Java virtual machine (JVM) to the jar file by adding `-javaagent:"path
 > [!TIP]
 > If you develop a Spring Boot application, you can optionally replace the JVM argument by a programmatic configuration. For more information, see [Using Azure Monitor Application Insights with Spring Boot](./java-spring-boot.md).
 
+
+##### [Java-Native](#tab/java-native)
+
+Several automatic instrumentations are enabled through configuration changes; no code changes are required
+
 ##### [Node.js](#tab/nodejs)
 
 ```typescript
@@ -222,7 +242,7 @@ from azure.monitor.opentelemetry import configure_azure_monitor
 # Import the tracing api from the `opentelemetry` package.
 from opentelemetry import trace
 
-# Configure OpenTelemetry to use Azure Monitor with the 
+# Configure OpenTelemetry to use Azure Monitor with the 
 # APPLICATIONINSIGHTS_CONNECTION_STRING environment variable.
 configure_azure_monitor()
 
@@ -307,6 +327,10 @@ Azure Monitor OpenTelemetry sample applications are available for all supported
 
 - [Java sample apps](https://github.com/Azure-Samples/ApplicationInsights-Java-Samples)
 
+##### [Java Native](#tab/java-native)
+
+- [Java GraalVM native sample apps](https://github.com/Azure-Samples/java-native-telemetry)
+
 ##### [Node.js](#tab/nodejs)
 
 - [Node.js sample app](https://github.com/Azure-Samples/azure-monitor-opentelemetry-node.js)
@@ -341,12 +365,20 @@ Azure Monitor OpenTelemetry sample applications are available for all supported
 
 ### [Java](#tab/java)
 
-- For details on adding and modifying Azure Monitor OpenTelemetry, see [Add and modify Azure Monitor OpenTelemetry](opentelemetry-add-modify.md).
+- See [Add and modify Azure Monitor OpenTelemetry](opentelemetry-add-modify.md) for details on adding and modifying Azure Monitor OpenTelemetry.
 - Review [Java autoinstrumentation configuration options](java-standalone-config.md).
-- To review the source code, see the [Azure Monitor Java autoinstrumentation GitHub repository](https://github.com/Microsoft/ApplicationInsights-Java).
-- To learn more about OpenTelemetry and its community, see the [OpenTelemetry Java GitHub repository](https://github.com/open-telemetry/opentelemetry-java-instrumentation).
-- To enable usage experiences, see [Enable web or browser user monitoring](javascript.md).
-- See the [release notes](https://github.com/microsoft/ApplicationInsights-Java/releases) on GitHub.
+- Review the source code in the [Azure Monitor Java autoinstrumentation GitHub repository](https://github.com/Microsoft/ApplicationInsights-Java).
+- Learn more about OpenTelemetry and its community in the [OpenTelemetry Java GitHub repository](https://github.com/open-telemetry/opentelemetry-java-instrumentation).
+- Enable usage experiences by seeing [Enable web or browser user monitoring](javascript.md).
+- Review the [release notes](https://github.com/microsoft/ApplicationInsights-Java/releases) on GitHub.
+
+### [Java Native](#tab/java-native)
+- See [Add and modify Azure Monitor OpenTelemetry](opentelemetry-add-modify.md) for details on adding and modifying Azure Monitor OpenTelemetry.
+- Review the source code in the [Azure Monitor OpenTelemetry Distro in Spring Boot native image Java application](https://github.com/Azure/azure-sdk-for-java/tree/main/sdk/spring/spring-cloud-azure-starter-monitor) and [Quarkus OpenTelemetry Exporter for Azure](https://github.com/quarkiverse/quarkus-opentelemetry-exporter/tree/main/quarkus-opentelemetry-exporter-azure).
+- Learn more about OpenTelemetry and its community in the [OpenTelemetry Java GitHub repository](https://github.com/open-telemetry/opentelemetry-java-instrumentation).
+- Learn more features for Spring Boot native image applications in [OpenTelemetry SpringBoot starter](https://opentelemetry.io/docs/zero-code/java/spring-boot-starter/.)
+- Learn more features for Quarkus native applications in [Quarkus OpenTelemetry Exporter for Azure](https://quarkus.io/guides/opentelemetry).
+- Review the [release notes](https://github.com/Azure/azure-sdk-for-java/blob/main/sdk/spring/spring-cloud-azure-starter-monitor/CHANGELOG.md) on GitHub.
 
 ### [Node.js](#tab/nodejs)
 
@@ -359,18 +391,18 @@ Azure Monitor OpenTelemetry sample applications are available for all supported
 
 ### [Python](#tab/python)
 
-- For details on adding and modifying Azure Monitor OpenTelemetry, see [Add and modify Azure Monitor OpenTelemetry](opentelemetry-add-modify.md).
-- To review the source code and extra documentation, see the [Azure Monitor Distro GitHub repository](https://github.com/Azure/azure-sdk-for-python/blob/main/sdk/monitor/azure-monitor-opentelemetry/README.md).
-- To see extra samples and use cases, see [Azure Monitor Distro samples](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/monitor/azure-monitor-opentelemetry/samples).
-- See the [changelog](https://github.com/Azure/azure-sdk-for-python/blob/main/sdk/monitor/azure-monitor-opentelemetry/CHANGELOG.md) on GitHub.
-- To install the PyPI package, check for updates, or view release notes, see the [Azure Monitor Distro PyPI Package](https://pypi.org/project/azure-monitor-opentelemetry/) page.
-- To become more familiar with Azure Monitor Application Insights and OpenTelemetry, see the [Azure Monitor Example Application](https://github.com/Azure-Samples/azure-monitor-opentelemetry-python).
-- To learn more about OpenTelemetry and its community, see the [OpenTelemetry Python GitHub repository](https://github.com/open-telemetry/opentelemetry-python).
-- To see available OpenTelemetry instrumentations and components, see the [OpenTelemetry Contributor Python GitHub repository](https://github.com/open-telemetry/opentelemetry-python-contrib).
-- To enable usage experiences, [enable web or browser user monitoring](javascript.md).
+- See [Add and modify Azure Monitor OpenTelemetry](opentelemetry-add-modify.md) for details on adding and modifying Azure Monitor OpenTelemetry.
+- Review the source code and extra documentation in the [Azure Monitor Distro GitHub repository](https://github.com/Azure/azure-sdk-for-python/blob/main/sdk/monitor/azure-monitor-opentelemetry/README.md).
+- See extra samples and use cases in [Azure Monitor Distro samples](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/monitor/azure-monitor-opentelemetry/samples).
+- Review the [changelog](https://github.com/Azure/azure-sdk-for-python/blob/main/sdk/monitor/azure-monitor-opentelemetry/CHANGELOG.md) on GitHub.
+- Install the PyPI package, check for updates, or view release notes on the [Azure Monitor Distro PyPI Package](https://pypi.org/project/azure-monitor-opentelemetry/) page.
+- Become more familiar with Azure Monitor Application Insights and OpenTelemetry in the [Azure Monitor Example Application](https://github.com/Azure-Samples/azure-monitor-opentelemetry-python).
+- Learn more about OpenTelemetry and its community in the [OpenTelemetry Python GitHub repository](https://github.com/open-telemetry/opentelemetry-python).
+- See available OpenTelemetry instrumentations and components in the [OpenTelemetry Contributor Python GitHub repository](https://github.com/open-telemetry/opentelemetry-python-contrib).
+- Enable usage experiences by [enabling web or browser user monitoring](javascript.md).
 
 ---
 
 [!INCLUDE [azure-monitor-app-insights-opentelemetry-faqs](../includes/azure-monitor-app-insights-opentelemetry-faqs.md)]
 
-[!INCLUDE [azure-monitor-app-insights-opentelemetry-support](../includes/azure-monitor-app-insights-opentelemetry-support.md)]
+[!INCLUDE [azure-monitor-app-insights-opentelemetry-support](../includes/azure-monitor-app-insights-opentelemetry-support.md)]

articles/azure-monitor/essentials/diagnostics-settings-policies-deployifnotexists.md

@@ -357,8 +357,9 @@ The following table describes the common parameters for each set of policies.
 |Parameter| Description| Valid Values|Default|
 |---|---|---|---|
 |effect| Enable or disable the execution of the policy|DeployIfNotExists,<br>AuditIfNotExists,<br>Disabled|DeployIfNotExists|
-|diagnosticSettingName|Diagnostic Setting Name||setByPolicy-LogAnalytics|
+|diagnosticSettingName|Diagnostic Setting Name||setByPolicy-{LogAnalytics\|EventHubs\|Storage}|
 |categoryGroup|Diagnostic category group|none,<br>audit,<br>allLogs|audit|
+|resourceTypeList|For initiatives, a list of resource types to be evaluated for diagnostic setting existence.|Supported resources|All supported resources|
 
 ## Policy-specific parameters
 ### Log Analytics policy parameters

articles/backup/enable-multi-user-authorization-quickstart.md

@@ -2,7 +2,7 @@
 title: Quickstart - Multi-user authorization using Resource Guard
 description: In this quickstart, learn how to use Multi-user authorization to protect against unauthorized operation.
 ms.topic: quickstart
-ms.date: 09/25/2023
+ms.date: 06/11/2024
 ms.service: backup
 author: AbhishekMallick-MS
 ms.author: v-abhmallick
@@ -28,15 +28,15 @@ Before you start:
 # [Recovery Services vault](#tab/recovery-services-vault)
 
 -  Ensure the Resource Guard and the Recovery Services vault are in the same Azure region.
--  Ensure the Backup admin does **not** have **Contributor** permissions on the Resource Guard. You can choose to have the Resource Guard in another subscription of the same directory or in another directory to ensure maximum isolation.
+- Ensure the **Backup admin** doesn't have **Contributor**, **Backup MUA Admin**, or **Backup MUA Operator** roles added on the Resource Guard. You can choose to have the Resource Guard in another subscription of the same directory or in another directory to ensure maximum isolation.
 - Ensure that your subscriptions containing the Recovery Services vault as well as the Resource Guard (in different subscriptions or tenants) are registered to use the **Microsoft.RecoveryServices** provider. For more details, see [Azure resource providers and types](../azure-resource-manager/management/resource-providers-and-types.md#register-resource-provider-1).
 - Ensure that you [create a Resource Guard](multi-user-authorization.md#create-a-resource-guard) in a different subsctiption/tenant as that of the vault located in the same region.
 - Ensure to [assign permissions to the Backup admin on the Resource Guard to enable MUA](multi-user-authorization.md#assign-permissions-to-the-backup-admin-on-the-resource-guard-to-enable-mua).
 
 # [Backup vault](#tab/backup-vault)
 
 -  Ensure the Resource Guard and the Backup vault are in the same Azure region.
--  Ensure the Backup admin does **not** have **Contributor** permissions on the Resource Guard. You can choose to have the Resource Guard in another subscription of the same directory or in another directory to ensure maximum isolation.
+- Ensure the **Backup admin** doesn't have **Contributor**, **Backup MUA Admin**, or **Backup MUA Operator** roles added on the Resource Guard. You can choose to have the Resource Guard in another subscription of the same directory or in another directory to ensure maximum isolation.
 - Ensure that your subscriptions contain the Backup vault as well as the Resource Guard (in different subscriptions or tenants) are registered to use the provider - **Microsoft.DataProtection**4. For more information, see [Azure resource providers and types](../azure-resource-manager/management/resource-providers-and-types.md#register-resource-provider-1).
 
 ---

articles/backup/media/multi-user-authorization/test-vault-properties.png

@@ -2,7 +2,7 @@
 title: Multi-user authorization using Resource Guard
 description: An overview of Multi-user authorization using Resource Guard.
 ms.topic: conceptual
-ms.date: 03/26/2024
+ms.date: 06/11/2024
 ms.service: backup
 author: AbhishekMallick-MS
 ms.author: v-abhmallick
@@ -19,7 +19,7 @@ Multi-user authorization (MUA) for Azure Backup allows you to add an additional
 Azure Backup uses the Resource Guard as an additional authorization mechanism for a Recovery Services vault or a Backup vault. Therefore, to perform a critical operation (described below) successfully, you must have sufficient permissions on the associated Resource Guard as well.
 
 > [!Important]
-> To function as intended, the Resource Guard must be owned by a different user, and the vault admin must not have Contributor permissions. You can place Resource Guard in a subscription or tenant different from the one containing the vaults to provide better protection.
+> To function as intended, the Resource Guard must be owned by a different user, and the **vault admin** mustn't have **Contributor**, **Backup MUA Admin**, or **Backup MUA Operator** permissions on the Resource Guard. You can place Resource Guard in a subscription or tenant different from the one containing the vaults to provide better protection.
 
 ## Critical operations
 
@@ -32,21 +32,29 @@ The following table lists the operations defined as critical operations and can
 
 # [Recovery Services vault](#tab/recovery-services-vault)
 
-**Operation** | **Mandatory/ Optional**
---- | ---
-Disable soft delete | Mandatory
-Disable MUA protection | Mandatory
-Modify backup policy (reduced retention) | Optional
-Modify protection (reduced retention) | Optional
-Stop protection with delete data | Optional
-Change MARS security PIN | Optional
+| Operation | Mandatory/ Optional | Description |
+| --- | --- | --- |
+| **Disable soft delete or security features** | Mandatory | Disable soft delete setting on a vault. |
+| **Remove MUA protection** | Mandatory | Disable MUA protection on a vault. |
+| **Delete protection** | Optional | Delete protection by stopping backups and performing delete data. |
+| **Modify protection** | Optional | Add a new backup policy with reduced retention or change policy frequency to increase [RPO](azure-backup-glossary.md#recovery-point-objective-rpo). |
+| **Modify policy** | Optional | Modify backup policy to reduce retention or change policy frequency to increase [RPO](azure-backup-glossary.md#recovery-point-objective-rpo). |
+| **Get backup security PIN** | Optional | Change MARS security PIN. |
+| **Stop backup and retain data** | Optional | Delete protection by stopping backups and performing retain data forever or retain as per policy. |
+| **Disable immutability** | Optional | Disable immutability setting on a vault. |
+
 
 # [Backup vault](#tab/backup-vault)
 
-**Operation** | **Mandatory/ Optional**
---- | ---
-Disable MUA protection | Mandatory
-Delete backup instance | Optional
+| Operation | Mandatory/ Optional | Description |
+| --- | --- | --- |
+| **Disable soft delete** | Mandatory | Disable soft delete setting on a vault. |
+| **Remove MUA protection** | Mandatory | Disable MUA protection on a vault. |
+| **Delete Backup Instance** | Optional | Delete protection by stopping backups and performing delete data. |
+| **Stop backup and retain forever** | Optional | Delete protection by stopping backups and performing retain data forever. |
+| **Stop backup and retain as per policy** | Optional | Delete protection by stopping backups and performing retain data as per policy. |
+| **Disable immutability** | Optional | Disable immutability setting on a vault. |
+
 
 ---
 
@@ -69,7 +77,7 @@ Here's the flow of events in a typical scenario:
 1. The Backup admin creates the Recovery Services vault or the Backup vault.
 2. The Security admin creates the Resource Guard.
 
-   The Resource Guard can be in a different subscription or a different tenant with respect to the vault. Ensure that the Backup admin doesn't have Contributor permissions on the Resource Guard.
+   The Resource Guard can be in a different subscription or a different tenant with respect to the vault. Ensure that the Backup admin doesn't have **Contributor**, **Backup MUA Admin**, or **Backup MUA Operator** permissions on the Resource Guard.
 
 3. The Security admin grants the Reader role to the Backup Admin for the Resource Guard (or a relevant scope). The Backup admin requires the reader role to enable MUA on the vault.
 4. The Backup admin now configures the vault to be protected by MUA via the Resource Guard.
@@ -81,15 +89,15 @@ Here's the flow of events in a typical scenario:
 
 
 >[!Note]
->- If you grant the **Contributor** role on the Resource Guard access temporarily to the Backup Admin, it also provides the delete permissions on the Resource Guard. We recommend you to provide **Backup MUA Operator** permissions only.
+>- If you grant the **Contributor** or **Backup MUA Admin** role on the Resource Guard access temporarily to the Backup Admin, it also provides the delete permissions on the Resource Guard. We recommend you to provide **Backup MUA Operator** permissions only.
 >- MUA provides protection on the above listed operations performed on the vaulted backups only. Any operations performed directly on the data source (that is, the Azure resource/workload that is protected) are beyond the scope of the Resource Guard. 
 
 ## Usage scenarios
 
 The following table lists the scenarios for creating your Resource Guard and vaults (Recovery Services vault and Backup vault), along with the relative protection offered by each.
 
 >[!Important]
-> The Backup admin must not have Contributor permissions to the Resource Guard in any scenario.
+> The **Backup admin** must not have **Contributor**, **Backup MUA Admin**, or **Backup MUA Operator** permissions to the Resource Guard in any scenario as this overrides adding MUA protection on the vault.
 
 **Usage scenario** | **Protection due to MUA** | **Ease of implementation** | **Notes**
 --- | --- |--- |--- |