Merge pull request #291596 from MicrosoftDocs/main

12/6/2024 AM Publish

Author: Taojunshen

articles/automation/automation-manage-send-joblogs-log-analytics.md

@@ -110,7 +110,7 @@ Azure Automation diagnostics create the following types of records in Azure Moni
 | Caller_s |Caller that initiated the operation. Possible values are either an email address or system for scheduled jobs. |
 | Tenant_g | GUID (globally unique identifier) that identifies the tenant for the caller. |
 | JobId_g |GUID that identifies the runbook job. |
-| ResultType |Status of the runbook job. Possible values are:<br>- New<br>- Created<br>- Started<br>- Stopped<br>- Suspended<br>- Failed<br>- Completed |
+| ResultType |Status of the runbook job. Possible values are:<br>- Created<br>- Started<br>- Stopped<br>- Suspended<br>- Failed<br>- Completed |
 | Category | Classification of the type of data. For Automation, the value is JobLogs. |
 | OperationName | Type of operation performed in Azure. For Automation, the value is Job. |
 | Resource | Name of the Automation account |

articles/azure-functions/functions-create-first-java-gradle.md

@@ -36,7 +36,7 @@ Use the following command to clone the sample project:
 
 ```bash
 git clone https://github.com/Azure-Samples/azure-functions-samples-java.git
-cd azure-functions-samples-java/
+cd azure-functions-samples-java/triggers-bindings
 ```
 
 Open `build.gradle` and change the `appName` in the following section to a unique name to avoid domain name conflict when deploying to Azure. 

articles/azure-functions/functions-create-first-quarkus.md

@@ -72,7 +72,6 @@ The resource group is not necessary for this part of the instructions, but it's
 1. Invoke Quarkus dev mode:
 
     ```bash
-    cd functions-azure
     mvn -DskipTests -DresourceGroup=<yourResourceGroupName> quarkus:dev
     ```
 

articles/azure-functions/functions-event-hub-cosmos-db.md

@@ -120,7 +120,8 @@ az eventhubs eventhub create \
     --resource-group $RESOURCE_GROUP \
     --name $EVENT_HUB_NAME \
     --namespace-name $EVENT_HUB_NAMESPACE \
-    --message-retention 1
+    --retention-time 1 \
+    --cleanup-policy Delete
 az eventhubs eventhub authorization-rule create \
     --resource-group $RESOURCE_GROUP \
     --name $EVENT_HUB_AUTHORIZATION_RULE \
@@ -139,7 +140,8 @@ az eventhubs eventhub create ^
     --resource-group %RESOURCE_GROUP% ^
     --name %EVENT_HUB_NAME% ^
     --namespace-name %EVENT_HUB_NAMESPACE% ^
-    --message-retention 1
+    --retention-time 1 ^
+    --cleanup-policy Delete
 az eventhubs eventhub authorization-rule create ^
     --resource-group %RESOURCE_GROUP% ^
     --name %EVENT_HUB_AUTHORIZATION_RULE% ^
@@ -213,7 +215,7 @@ az functionapp create \
     --storage-account $STORAGE_ACCOUNT \
     --consumption-plan-location $LOCATION \
     --runtime java \
-    --functions-version 3
+    --functions-version 4
 ```
 
 # [Cmd](#tab/cmd)
@@ -229,7 +231,7 @@ az functionapp create ^
     --storage-account %STORAGE_ACCOUNT% ^
     --consumption-plan-location %LOCATION% ^
     --runtime java ^
-    --functions-version 3
+    --functions-version 4
 ```
 
 ---
@@ -486,8 +488,8 @@ public class Function {
         @CosmosDBOutput(
             name = "databaseOutput",
             databaseName = "TelemetryDb",
-            containerName = "TelemetryInfo",
-            connection = "CosmosDBConnectionSetting")
+            collectionName = "TelemetryInfo",
+            connectionStringSetting = "CosmosDBConnectionSetting")
             OutputBinding<TelemetryItem> document,
         final ExecutionContext context) {
 

articles/azure-functions/functions-scenarios.md

@@ -285,6 +285,8 @@ public static async Task<IActionResult> Run(
 
 + Article: [Create serverless APIs in Visual Studio using Azure Functions and API Management integration](./openapi-apim-integrate-visual-studio.md) 
 + Training: [Expose multiple function apps as a consistent API by using Azure API Management](/training/modules/build-serverless-api-with-functions-api-management/)
++ Sample: [Implement the geode pattern by deploying the API to geodes in distributed Azure regions.](/mspnp/geode-pattern-accelerator)
++ [Azure Functions HTTP trigger](functions-bindings-http-webhook.md?pivots=programming-language-csharp)
 + Sample: [Web application with a C# API and Azure SQL DB on Static Web Apps and Functions](/samples/azure-samples/todo-csharp-sql-swa-func/todo-csharp-sql-swa-func/)
 + [Azure Functions HTTP trigger](functions-bindings-http-webhook.md?pivots=programming-language-csharp)
 ::: zone-end

articles/azure-netapp-files/configure-customer-managed-keys-hardware.md

@@ -4,16 +4,12 @@ description: Learn how to encrypt data in Azure NetApp Files with customer-manag
 services: azure-netapp-files
 documentationcenter: ''
 author: b-ahibbard
-manager: ''
-editor: ''
-
-ms.assetid:
 ms.service: azure-netapp-files
 ms.workload: storage
 ms.tgt_pltfrm: na
 ms.topic: how-to
 ms.custom: references_regions
-ms.date: 09/27/2024
+ms.date: 12/06/2024
 ms.author: anfdocs
 ---
 # Configure customer-managed keys with managed Hardware Security Module for Azure NetApp Files volume encryption 
@@ -55,6 +51,7 @@ Azure NetApp Files volume encryption with customer-managed keys with the managed
 * Japan East
 * Japan West
 * Korea Central
+* Korea South
 * North Central US
 * North Europe
 * Norway East

articles/azure-vmware/configure-virtual-trusted-platform-module.md

@@ -3,7 +3,7 @@ title: Configure Virtual Machines - Virtual Trusted Platform Module (vTPM)
 description: Learn how to configure Virtual Machines - Virtual Trusted Platform Module (vTPM).
 ms.topic: how-to
 ms.service: azure-vmware
-ms.date: 12/05/2024
+ms.date: 12/06/2024
 ms.custom: engagement-fy25
 ---
 
@@ -13,22 +13,15 @@ This article demonstrates how to enable the virtual Trusted Platform Module (vTP
 
 A virtual Trusted Platform Module (vTPM) in VMware vSphere is a virtual counterpart of a physical TPM 2.0 chip, utilizing VM Encryption. It provides the same functionalities as a physical TPM but operates within VMs. Each VM can have its own unique and isolated vTPM, which helps secure sensitive information and maintain system integrity. This setting enables VMs to apply security features like BitLocker disk encryption and authenticate virtual hardware devices, creating a more secure virtual environment. 
 
-## Prerequisites
-
-Before configuring vTPM on a VM in Azure VMware Solution, ensure the following prerequisites are met:
-
-- The virtual machine must use EFI firmware.
-- The virtual machine must be at hardware version 14 or later.
-- Guest OS support: Linux, Windows Server 2008 and later, Windows 7 and later.
-
->[!IMPORTANT]
->Customers do not need to configure a key provider to use vTPM with Azure VMware Solution. Azure VMware Solution already provides and manages key providers for each environment.
+## Background
 
-## Trusted Launch for Azure VMware Solution
+### Trusted Launch for Azure VMware Solution
 
 Trusted Launch is a comprehensive security solution that encompasses three key components: Secure Boot, Virtual Trusted Platform Module (vTPM), and Virtualization-based security (VBS). Each of these components plays a vital role in fortifying the security posture of VMs.
 
-## Benefits
+:::image type="content" source="./media/trusted-launch.png" alt-text="Diagram showing the three pillars of trusted launch, Secure Boot, Virtual Trusted Platform Module, and Virtualization-based Security." border="false" lightbox="./media/trusted-launch.png":::
+
+### Benefits
 
 •	Securely deploy VMs with verified boot loaders, operating system (OS) kernels, and drivers.
 
@@ -42,13 +35,24 @@ Trusted Launch is a comprehensive security solution that encompasses three key c
 
 Secure Boot is the first line of defense in Trusted Launch. It establishes a "root of trust" for VMs by ensuring that only signed operating systems and drivers are allowed to boot. This prevents the installation of malware-based rootkits and bootkits, which can compromise the security of the entire system. With Secure Boot enabled, every aspect of the boot process, from the boot loader to the kernel and kernel drivers, must be digitally signed by trusted publishers. This creates a robust shield against unauthorized modifications and ensures that the VM starts in a secure and trusted state.
 
-## Virtual Trusted Platform Module (vTPM) 
+### Virtual Trusted Platform Module (vTPM) 
 
 The vTPM is a virtualized version of a hardware Trusted Platform Module (TPM) 2.0 device. It serves as a dedicated secure vault for storing keys, certificates, and secrets. What sets vTPM apart is its ability to operate in a secure environment outside the reach of any VM, making it tamper-resistant and highly secure. One of the key functions of vTPM is attestation. It measures the entire boot chain of a VM, including UEFI, OS, system components, and drivers, to certify that the VM booted securely. This attestation mechanism is invaluable for verifying the integrity of VMs and ensuring that they haven't been compromised.
 
-## Virtualization-based Security (VBS) 
+### Virtualization-based Security (VBS) 
 
-VBS is the final piece of the Trusted Launch puzzle. It leverages the hypervisor to create isolated, secure memory regions within the VM. VBS uses virtualization to enhance system security by creating an isolated, hypervisor-restricted, specialized subsystem. It provides protection against unauthorized access of credential, prevents malware from running on windows system and ensures only trusted code runs from bootloader onwards.
+Virtualization-based Security (VBS) is the final piece of the Trusted Launch puzzle. It leverages the hypervisor to create isolated, secure memory regions within the VM. VBS uses virtualization to enhance system security by creating an isolated, hypervisor-restricted, specialized subsystem. It provides protection against unauthorized access of credential, prevents malware from running on windows system and ensures only trusted code runs from bootloader onwards.
+
+## Prerequisites
+
+Before configuring vTPM on a VM in Azure VMware Solution, ensure the following prerequisites are met:
+
+- The virtual machine must use EFI firmware.
+- The virtual machine must be at hardware version 14 or later.
+- Guest OS support: Linux, Windows Server 2008 and later, Windows 7 and later.
+
+>[!IMPORTANT]
+>Customers do not need to configure a key provider to use vTPM with Azure VMware Solution. Azure VMware Solution already provides and manages key providers for each environment.
 
 ## How to Configure vTPM
 
@@ -72,6 +76,7 @@ To configure vTPM on a VM in Azure VMware Solution, follow these steps:
 Migration of VMs with vTPM might not be supported by some tools. Check the documentation of the migration tool. If it isn't supported, you can follow VMware documentation to safely disable vTPM and re-enable it post-migration. 
 
 ## More information
+
 [Securing Virtual Machines with Virtual Trusted Platform Module](https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.vm_admin.doc/GUID-A43B6914-E5F9-4CB1-9277-448AC9C467FB.html)
 
 [What Is a Virtual Trusted Platform Module](https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6F811A7A-D58B-47B4-84B4-73391D55C268.html)

articles/azure-vmware/media/trusted-launch.png

@@ -130,20 +130,20 @@ Follow these steps:
 1. Identify the items that are in soft-deleted state.
 
    ```powershell
-   $vault = Get-AzRecoveryServicesVault -ResourceGroupName "yourResourceGroupName" -Name "yourVaultName"
-   Get-AzRecoveryServicesBackupItem -BackupManagementType AzureVM -WorkloadType AzureVM -VaultID $vault.ID | Where-Object {$_.DeleteState -eq "ToBeDeleted"}
+   $myVault = Get-AzRecoveryServicesVault -ResourceGroupName "yourResourceGroupName" -Name "yourVaultName"
+   Get-AzRecoveryServicesBackupItem -BackupManagementType AzureVM -WorkloadType AzureVM -VaultID $myVault.ID | Where-Object {$_.DeleteState -eq "ToBeDeleted"}
 
    Name                                     ContainerType        ContainerUniqueName                      WorkloadType         ProtectionStatus     HealthStatus         DeleteState
    ----                                     -------------        -------------------                      ------------         ----------------     ------------         -----------
    VM;iaasvmcontainerv2;selfhostrg;AppVM1    AzureVM             iaasvmcontainerv2;selfhostrg;AppVM1       AzureVM              Healthy              Passed               ToBeDeleted
 
-   $myBkpItem = Get-AzRecoveryServicesBackupItem -BackupManagementType AzureVM -WorkloadType AzureVM -VaultId $myVaultID -Name AppVM1
+   $myBkpItem = Get-AzRecoveryServicesBackupItem -BackupManagementType AzureVM -WorkloadType AzureVM -VaultId $myVault.ID -Name AppVM1
    ```
 
 2. Reverse the deletion operation that was performed when soft-delete was enabled.
 
    ```powershell
-   Undo-AzRecoveryServicesBackupItemDeletion -Item $myBKpItem -VaultId $myVaultID -Force
+   Undo-AzRecoveryServicesBackupItemDeletion -Item $myBKpItem -VaultId $myVault.ID -Force
 
    WorkloadName     Operation            Status               StartTime                 EndTime                   JobID
    ------------     ---------            ------               ---------                 -------                   -----
@@ -152,7 +152,7 @@ Follow these steps:
 3. As the soft-delete is disabled, the deletion operation immediately removes the backup data.
 
    ```powershell
-   Disable-AzRecoveryServicesBackupProtection -Item $myBkpItem -RemoveRecoveryPoints -VaultId $myVaultID -Force
+   Disable-AzRecoveryServicesBackupProtection -Item $myBkpItem -RemoveRecoveryPoints -VaultId $myVault.ID -Force
 
    WorkloadName     Operation            Status               StartTime                 EndTime                   JobID
    ------------     ---------            ------               ---------                 -------                   -----
@@ -172,4 +172,4 @@ Follow these steps:
 ## Next steps
 
 - [Overview of security features in Azure Backup](security-overview.md)
-- [Frequently asked questions](soft-delete-azure-backup-faq.yml).
+- [Frequently asked questions](soft-delete-azure-backup-faq.yml).

articles/backup/backup-azure-security-feature-cloud.md

@@ -79,7 +79,7 @@ This article provides troubleshooting information to address issues you encounte
 
 **Error message**: The required setting PITR is disabled on storage account.
 
-**Recommendation**: Enable that the point-in-restore setting on the storage account. [Learn more](../storage/blobs/point-in-time-restore-manage.md?tabs=portal#enable-and-configure-point-in-time-restore).
+**Recommendation**: Enable that the point-in-time restore setting on the storage account. [Learn more](../storage/blobs/point-in-time-restore-manage.md?tabs=portal#enable-and-configure-point-in-time-restore).
 
 ### UserErrorImmutabilityPolicyConfigured