Merge branch 'MicrosoftDocs:main' into Broken-link-pgibson

Author: atikmapari

articles/active-directory/hybrid/how-to-connect-install-multiple-domains.md

@@ -12,7 +12,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.tgt_pltfrm: na
 ms.topic: how-to
-ms.date: 01/21/2022
+ms.date: 03/09/2022
 ms.subservice: hybrid
 ms.author: billmath
 
@@ -128,7 +128,7 @@ By using the PowerShell command `Get-MsolDomainFederationSettings -DomainName <y
 
 ![Screenshot that shows the federation settings updated on the original domain.](./media/how-to-connect-install-multiple-domains/MsolDomainFederationSettings.png)
 
-And the IssuerUri on the new domain has been set to `https://bmfabrikam.com/adfs/services/trust`
+And the IssuerUri on the new domain has been set to `https://bmcontoso.com/adfs/services/trust`
 
 ![Get-MsolDomainFederationSettings](./media/how-to-connect-install-multiple-domains/settings2.png)
 

articles/attestation/basic-concepts.md

@@ -45,6 +45,8 @@ Azure Attestation provides a regional shared provider in every available region.
 | South East Asia | `https://sharedsasia.sasia.attest.azure.net` | 
 | North Central US | `https://sharedncus.ncus.attest.azure.net` | 
 | South Central US | `https://sharedscus.scus.attest.azure.net` | 
+| Australia East | `https://sharedeau.eau.attest.azure.net` | 
+| Australia SouthEast | `https://sharedsau.sau.attest.azure.net` | 
 | US Gov Virginia | `https://sharedugv.ugv.attest.azure.us` | 
 | US Gov Arizona | `https://shareduga.uga.attest.azure.us` | 
 

articles/attestation/overview.md

@@ -12,7 +12,7 @@ ms.custom: references_regions
 ---
 # Microsoft Azure Attestation 
 
-Microsoft Azure Attestation is a unified solution for remotely verifying the trustworthiness of a platform and integrity of the binaries running inside it. The service supports attestation of the platforms backed by Trusted Platform Modules (TPMs) alongside the ability to attest to the state of Trusted Execution Environments (TEEs) such as [Intel® Software Guard Extensions](https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions.html) (SGX) enclaves and [Virtualization-based Security](/windows-hardware/design/device-experiences/oem-vbs) (VBS) enclaves. 
+Microsoft Azure Attestation is a unified solution for remotely verifying the trustworthiness of a platform and integrity of the binaries running inside it. The service supports attestation of the platforms backed by Trusted Platform Modules (TPMs) alongside the ability to attest to the state of Trusted Execution Environments (TEEs) such as [Intel® Software Guard Extensions](https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions.html) (SGX) enclaves, [Virtualization-based Security](/windows-hardware/design/device-experiences/oem-vbs) (VBS) enclaves, [Trusted Platform Modules (TPMs)](/windows/security/information-protection/tpm/trusted-platform-module-overview),  [Trusted launch for Azure VMs](/azure/virtual-machines/trusted-launch#microsoft-defender-for-cloud-integration) and [Azure confidential VMs](/azure/confidential-computing/confidential-vm-overview). 
 
 Attestation is a process for demonstrating that software binaries were properly instantiated on a trusted platform. Remote relying parties can then gain confidence that only such intended software is running on trusted hardware. Azure Attestation is a unified customer-facing service and framework for attestation.
 
@@ -67,7 +67,7 @@ Azure Attestation is the preferred choice for attesting TEEs as it offers the fo
 
 - Unified framework for attesting multiple environments such as TPMs, SGX enclaves and VBS enclaves 
 - Allows creation of custom attestation providers and configuration of policies to restrict token generation
-- Offers regional shared providers which can attest with no configuration from users
+- Offers [regional shared providers](basic-concepts.md#regional-shared-provider) which can attest with no configuration from users
 - Protects its data while-in use with implementation in an SGX enclave
 - Highly available service 
 

articles/azure-arc/data/release-notes.md

@@ -7,7 +7,7 @@ ms.reviewer: mikeray
 services: azure-arc
 ms.service: azure-arc
 ms.subservice: azure-arc-data
-ms.date: 03/08/2022
+ms.date: 03/09/2022
 ms.topic: conceptual
 ms.custom: references_regions, devx-track-azurecli
 # Customer intent: As a data professional, I want to understand why my solutions would benefit from running with Azure Arc-enabled data services so that I can leverage the capability of the feature.
@@ -29,27 +29,6 @@ For complete release version information, see [Version log](version-log.md).
 ### Data Controller
 - Fixed the issue "ConfigMap sql-config-[SQL MI] does not exist" from the February 2022 release. This issue occurs when deploying a SQL Managed Instance with service type of `loadBalancer` with certain load balancers. 
 
-### SQL Managed Instance
-
-- Support for readable secondary replicas:
-    - To set readable secondary replicas use `--readable-secondaries` when you create or update an Arc-enabled SQL Managed Instance deployment. 
-    - Set `--readable secondaries` to any value between 0 and the number of replicas minus 1.
-    - `--readable-secondaries` only applies to Business Critical tier. 
-- Automatic backups are taken on the primary instance in a Business Critical service tier when there are multiple replicas. When a failover happens, backups move to the new primary. 
-- RWX capable storage class is required for backups, for both General Purpose and Business Critical service tiers.
-- Billing support when using multiple read replicas.
-
-For additional information about service tiers, see [High Availability with Azure Arc-enabled SQL Managed Instance (preview)](managed-instance-high-availability.md).
-
-### User experience improvements
-
-The following improvements are available in [Azure Data Studio](/sql/azure-data-studio/download-azure-data-studio).
-
-- Azure Arc and Azure CLI extensions now generally available. 
-- Changed edit commands for SQL Managed Instance for Azure Arc dashboard to use `update`, reflecting Azure CLI changes. This works in indirect or direct mode. 
-- Data controller deployment wizard step for connectivity mode is now earlier in the process.
-- Removed an extra backups field in SQL MI deployment wizard.
-
 ## February 2022
 
 This release is published February 25, 2022.

articles/azure-arc/data/version-log.md

@@ -7,7 +7,7 @@ ms.reviewer: mikeray
 services: azure-arc
 ms.service: azure-arc
 ms.subservice: azure-arc-data
-ms.date: 03/08/2022
+ms.date: 03/09/2022
 ms.topic: conceptual
 # Customer intent: As a data professional, I want to understand what versions of components align with specific releases.
 ---
@@ -23,8 +23,8 @@ This article identifies the component versions with each release of Azure Arc-en
 |Container images tag |`v1.4.1_2022-03-08`
 |CRD names and versions	|`datacontrollers.arcdata.microsoft.com`: v1beta1, v1, v2, v3</br>`exporttasks.tasks.arcdata.microsoft.com`: v1beta1, v1, v2</br>`kafkas.arcdata.microsoft.com`: v1beta1</br>`monitors.arcdata.microsoft.com`: v1beta1, v1, v2</br>`sqlmanagedinstances.sql.arcdata.microsoft.com`: v1beta1, v1, v2, v3, v4</br>`postgresqls.arcdata.microsoft.com`: v1beta1, v1beta2</br>`sqlmanagedinstancerestoretasks.tasks.sql.arcdata.microsoft.com`: v1beta1, v1</br>`dags.sql.arcdata.microsoft.com`: v1beta1, v2beta2</br>`activedirectoryconnectors.arcdata.microsoft.com`: v1beta1|
 |ARM API version|2021-11-01|
-|`arcdata` Azure CLI extension version|	1.2.1|
-|Arc enabled Kubernetes helm chart extension version|1.1.18791000|
+|`arcdata` Azure CLI extension version|	1.2.3|
+|Arc enabled Kubernetes helm chart extension version|1.1.18911000|
 |Arc Data extension for Azure Data Studio|1.0|
 
 ### February 25, 2022

articles/azure-sql/database/authentication-azure-ad-user-assigned-managed-identity.md

@@ -1,31 +1,29 @@
 ---
 title: User-assigned managed identity in Azure AD for Azure SQL
-description: This article provides information on user-assigned managed identities in Azure Active Directory (AD) with Azure SQL Database and Azure SQL Managed Instance
+description: User-assigned managed identities (UMI) in Azure AD (AD) for Azure SQL Database, SQL Managed Instance, and dedicated SQL pools in Azure Synapse Analytics. 
 titleSuffix: Azure SQL Database & Azure SQL Managed Instance
 ms.service: sql-db-mi
 ms.subservice: security
 ms.topic: conceptual
 author: GithubMirek
 ms.author: mireks
 ms.reviewer: vanto
-ms.date: 12/15/2021
+ms.date: 03/09/2022
 ---
 
 # User-assigned managed identity in Azure AD for Azure SQL
 
-[!INCLUDE[appliesto-sqldb-sqlmi](../includes/appliesto-sqldb-sqlmi.md)]
+[!INCLUDE[appliesto-sqldb-sqlmi-asa-dedicated-only](../includes/appliesto-sqldb-sqlmi-asa-dedicated-only.md)]
 
 > [!NOTE]
 > User-assigned managed identity for Azure SQL is in **public preview**. 
 
 Azure Active Directory (AD) supports two types of managed identities: System-assigned managed identity (SMI) and user-assigned managed identity (UMI). For more information, see [Managed identity types](../../active-directory/managed-identities-azure-resources/overview.md#managed-identity-types).
 
-When using Azure AD authentication with Azure SQL Managed Instance, a managed identity must be assigned to the server identity. Previously, only a system-assigned managed identity could be assigned to the Managed Instance or SQL Database server identity. With support for user-assigned managed identity, the UMI can be assigned to Azure SQL Managed Instance or Azure SQL Database as the instance or server identity. This feature is now supported for SQL Database. 
+A system-assigned managed identity is automatically assigned to a managed instance when it is created. When using Azure AD authentication with Azure SQL Managed Instance, a managed identity must be assigned to the server identity. Previously, only a system-assigned managed identity could be assigned to the Managed Instance or SQL Database server identity. With support for user-assigned managed identity, the UMI can be assigned to Azure SQL Managed Instance or Azure SQL Database as the instance or server identity. This feature is now supported for SQL Database. 
 
 > [!NOTE]
-> A system-assigned managed identity is automatically assigned to a managed instance when it is created.
->
-> User-assigned managed identity is not supported for Azure Synapse Analytics.
+> This article applies only to dedicated SQL pools (formerly SQL DW) in standalone Azure SQL servers. For more information on user-assigned managed identities for dedicated pools in Azure Synapse workspaces, see [Using a user-assigned managed identity](../../synapse-analytics/security/workspaces-encryption.md#using-a-user-assigned-managed-identity).
 
 ## Benefits of using user-assigned managed identities
 
@@ -55,9 +53,12 @@ Once the UMI is created, some permissions are needed to allow the UMI to read fr
 - [**GroupMember.Read.All**](/graph/permissions-reference#group-permissions) – allows access to Azure AD group information
 - [**Application.Read.ALL**](/graph/permissions-reference#application-resource-permissions) – allows access to Azure AD service principal (applications) information
 
-### Granting permissions
+### Grant permissions
 
-The following is a sample PowerShell script that will grant the necessary permissions for UMI or SMI.
+The following is a sample PowerShell script that will grant the necessary permissions for UMI or SMI. This sample will assign permissions to the UMI `umiservertest`. To execute the script, you must sign in as a user with a "Global Administrator" or "Privileged Role Administrator" role, and have the following [Microsoft Graph permissions](/graph/auth/auth-concepts#microsoft-graph-permissions): 
+- User.Read.All
+- GroupMember.Read.All
+- Application.Read.ALL
 
 ```powershell
 # Script to assign permissions to the UMI "umiservertest"
@@ -108,6 +109,8 @@ $AAD_AppRole = $AAD_SP.AppRoles | Where-Object {$_.Value -eq "Application.Read.A
 New-AzureADServiceAppRoleAssignment -ObjectId $MSI.ObjectId  -PrincipalId $MSI.ObjectId  -ResourceId $AAD_SP.ObjectId[0]  -Id $AAD_AppRole.Id
 ```
 
+In the final steps of the script, if you have more UMIs with similar names, you have to use the proper `$MSI[ ]array` number, for example, `$AAD_SP.ObjectId[0]`.
+
 ### Check permissions for user-assigned manage identity
 
 To check permissions for a UMI, go to the [Azure portal](https://portal.azure.com). In the **Azure Active Directory** resource, go to **Enterprise applications**. Select **All Applications** for the **Application type**, and search for the UMI that was created.
@@ -178,7 +181,6 @@ The ARM template used in [Creating an Azure SQL logical server using a user-assi
 
 ## Limitations and known issues
 
-- This feature isn't supported for Azure Synapse Analytics.
 - After a Managed Instance is created, the **Active Directory admin** blade in the Azure portal shows a warning: `Managed Instance needs permissions to access Azure Active Directory. Click here to grant "Read" permissions to your Managed Instance.` If the user-assigned managed identity was given the appropriate permissions discussed in the above [Permissions](#permissions) section, this warning can be ignored.
 - If a system-assigned or user-assigned managed identity is used as the server or instance identity, deleting the identity will result in the server or instance inability to access Microsoft Graph. Azure AD authentication and other functions will fail. To restore Azure AD functionality, a new SMI or UMI must be assigned to the server with appropriate permissions.
 - Permissions to access Microsoft Graph using UMI or SMI can only be granted using PowerShell. These permissions can't be granted using the Azure portal.
@@ -189,4 +191,7 @@ The ARM template used in [Creating an Azure SQL logical server using a user-assi
 > [Create an Azure SQL logical server using a user-assigned managed identity](authentication-azure-ad-user-assigned-managed-identity-create-server.md)
 
 > [!div class="nextstepaction"]
-> [Create an Azure SQL Managed Instance with a user-assigned managed identity](../managed-instance/authentication-azure-ad-user-assigned-managed-identity-create-managed-instance.md)
+> [Create an Azure SQL Managed Instance with a user-assigned managed identity](../managed-instance/authentication-azure-ad-user-assigned-managed-identity-create-managed-instance.md)
+
+> [!div class="nextstepaction"]
+> [Using a user-assigned managed identity in Azure Synapse workspaces](../../synapse-analytics/security/workspaces-encryption.md#using-a-user-assigned-managed-identity)

articles/cognitive-services/Computer-vision/includes/quickstarts-sdk/go-sdk.md

@@ -16,7 +16,7 @@ ms.author: pafarley
 
 Use the OCR client library to read printed and handwritten text from images.
 
-[Reference documentation](https://godoc.org/github.com/Azure/azure-sdk-for-go/services/cognitiveservices/v2.1/computervision) | [Library source code](https://github.com/Azure/azure-sdk-for-go/tree/master/services/cognitiveservices/v2.1/computervision) | [Package](https://github.com/Azure/azure-sdk-for-go)
+[Reference documentation](https://godoc.org/github.com/Azure/azure-sdk-for-go/services/cognitiveservices/v2.1/computervision) | [Library source code](github.com/Azure/azure-sdk-for-go/services/cognitiveservices/v2.1/computervision) | [Package](https://github.com/Azure/azure-sdk-for-go)
 
 ## Prerequisites
 

articles/cognitive-services/Custom-Vision-Service/includes/quickstarts/python-tutorial.md

@@ -58,6 +58,8 @@ Create variables for your resource's Azure endpoint and subscription keys.
 >
 > You can find the prediction resource ID on the resource's **Properties** tab in the Azure portal, listed as **Resource ID**.
 >
+> You also can go to https://www.customvision.ai/. After you sign in, select the **Settings** icon at the top right. On the **Setting** pages, you can get all the keys, resource ID, and endpoints.
+>
 > Remember to remove the keys from your code when you're done, and never post them publicly. For production, consider using a secure way of storing and accessing your credentials. For more information, see the Cognitive Services [security](../../../cognitive-services-security.md) article.
 
 ## Object model

articles/cost-management-billing/reservations/view-reservations.md

@@ -28,8 +28,6 @@ By default, the following users can view and manage reservations:
 
 Currently, the reservation administrator and reservation reader roles are are only available to assign using PowerShell. They can't be viewed or assigned in the Azure portal. For more information, see [Grant access with PowerShell](#grant-access-with-powershell).
 
-The reservation administrator and reservation reader roles provide access to only reservations and not to reservation orders, hence any operation that requires to have access to reservation order is not permitted with these roles. For providing access to reservation orders, see [Grant access to individual reservations](#grant-access-to-individual-reservations).
-
 The reservation lifecycle is independent of an Azure subscription, so the reservation isn't a resource under the Azure subscription. Instead, it's a tenant-level resource with its own Azure RBAC permission separate from subscriptions. Reservations don't inherit permissions from subscriptions after the purchase.
 
 ## View and manage reservations

articles/data-factory/monitor-shir-in-azure.md

@@ -18,11 +18,11 @@ By default, the Self Hosted Integration Runtime’s diagnostic and performance t
 
 ## Event logs
 
-When logged on locally to the Self Hosted Integration Runtime, specific events can be viewed using the [event viewer](/windows/win32/eventlog/viewing-the-event-log.md). The relevant events are captured in two event viewer journals named: **Connectors – Integration Runtime** and **Integration Runtime** respectively. While it’s possible to log on to to the Self Hosted Integration Runtime hosts individually to view these events, it's also possible to stream these events to a Log Analytics workspace in Azure monitor for ease of query and centralization purposes.
+When logged on locally to the Self Hosted Integration Runtime, specific events can be viewed using the [event viewer](/windows/win32/eventlog/viewing-the-event-log). The relevant events are captured in two event viewer journals named: **Connectors – Integration Runtime** and **Integration Runtime** respectively. While it’s possible to log on to to the Self Hosted Integration Runtime hosts individually to view these events, it's also possible to stream these events to a Log Analytics workspace in Azure monitor for ease of query and centralization purposes.
 
 ## Performance counters
 
-Performance counters in Windows and Linux provide insight into the performance of hardware components, operating systems, and applications such as the Self Hosted Integration Runtime. The performance counters can be viewed and collected locally on the VM using the performance monitor tool. See the article on [using performance counters](/windows/win32/perfctrs/using-performance-counters.md) for more details. 
+Performance counters in Windows and Linux provide insight into the performance of hardware components, operating systems, and applications such as the Self Hosted Integration Runtime. The performance counters can be viewed and collected locally on the VM using the performance monitor tool. See the article on [using performance counters](/windows/win32/perfctrs/using-performance-counters) for more details. 
 
 ## Centralize log collection and analysis
 
@@ -32,4 +32,4 @@ When a deployment requires a more in-depth level of analysis or has reached a ce
 
 - [How to configure SHIR for log analytics collection](how-to-configure-shir-for-log-analytics-collection.md)
 - [Review integration runtime concepts in Azure Data Factory.](concepts-integration-runtime.md)
-- Learn how to [create a self-hosted integration runtime in the Azure portal.](create-self-hosted-integration-runtime.md)
+- Learn how to [create a self-hosted integration runtime in the Azure portal.](create-self-hosted-integration-runtime.md)