MicrosoftDocs
diff --git a/‎articles/active-directory-b2c/partner-bindid.md
Lines changed: 6 additions & 6 deletions b/‎articles/active-directory-b2c/partner-bindid.md
Lines changed: 6 additions & 6 deletions
diff --git a/‎articles/app-service/deploy-local-git.md
Lines changed: 1 addition & 1 deletion b/‎articles/app-service/deploy-local-git.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/automation/change-tracking/guidance-migration-log-analytics-monitoring-agent.md
Lines changed: 51 additions & 65 deletions b/‎articles/automation/change-tracking/guidance-migration-log-analytics-monitoring-agent.md
Lines changed: 51 additions & 65 deletions
diff --git a/‎articles/backup/azure-file-share-support-matrix.md
Lines changed: 5 additions & 1 deletion b/‎articles/backup/azure-file-share-support-matrix.md
Lines changed: 5 additions & 1 deletion
diff --git a/‎articles/backup/backup-azure-files.md
Lines changed: 3 additions & 1 deletion b/‎articles/backup/backup-azure-files.md
Lines changed: 3 additions & 1 deletion
@@ -1,23 +1,23 @@
 ---
-title: Configure Transmit Security with Azure Active Directory B2C for passwordless authentication
+title: Configure Transmit Security with Azure Active Directory B2C for passkeys authentication
 titleSuffix: Azure AD B2C
-description: Configure Azure AD B2C with Transmit Security hosted sign in for passwordless customer authentication
+description: Configure Azure AD B2C with Transmit Security hosted sign in for passkeys customer authentication
 author: gargi-sinha
 manager: martinco
 ms.reviewer: kengaderdus
 ms.service: azure-active-directory
 ms.topic: how-to
-ms.date: 06/21/2024
+ms.date: 01/06/2025
 ms.author: gasinh
 ms.subservice: b2c
 zone_pivot_groups: b2c-policy-type
 
-# Customer intent: I'm a developer integrating Azure Active Directory B2C with Transmit Security BindID. I need instructions to configure integration, so I can enable passwordless authentication using FIDO2 biometrics for my application.
+# Customer intent: I'm a developer integrating Azure Active Directory B2C with Transmit Security BindID. I need instructions to configure integration, so I can enable passkeys authentication using FIDO2 biometrics for my application.
 ---
 
-# Configure Transmit Security with Azure Active Directory B2C for passwordless authentication
+# Configure Transmit Security with Azure Active Directory B2C for passkeys authentication
 
-In this tutorial, learn to integrate Azure Active Directory B2C (Azure AD B2C) authentication with [Transmit Security's hosted passwordless authentication solution](https://transmitsecurity.com/solutions/password-mfa-replacement). Transmit Security uses strong Fast Identity Online (FIDO2) biometric authentication for reliable omni-channel authentication. The solution ensures a smooth sign-in experience for customers across devices and channels, while reducing fraud, phishing, and credential reuse.
+In this tutorial, learn to integrate Azure Active Directory B2C (Azure AD B2C) authentication with [Transmit Security's hosted passkeys authentication solution](https://transmitsecurity.com/solutions/password-mfa-replacement). Transmit Security uses strong Fast Identity Online (FIDO2) biometric authentication for reliable omni-channel authentication. The solution ensures a smooth sign-in experience for customers across devices and channels, while reducing fraud, phishing, and credential reuse.
 
 ## Scenario description
 
 
@@ -14,7 +14,7 @@ ms.author: cephalin
 This how-to guide shows you how to deploy your app to [Azure App Service](overview.md) from a Git repository on your local computer.
 
 > [!NOTE]
-> When [SCM basic authentication is disabled](configure-basic-auth-disable.md), Local Git deployment doesn't work, and you can't configure Local Git deployment in the app's Deployment Center.
+> This deployment method requires [SCM basic authentication](configure-basic-auth-disable.md), which is less secure than [other deployment methods](deploy-authentication-types.md). When Local Git deployment doesn't work, and you can't configure Local Git deployment in the app's Deployment Center.
 
 ## Prerequisites
 
 
@@ -5,7 +5,7 @@ author: snehasudhirG
 services: automation
 ms.subservice: change-inventory-management
 ms.topic: how-to
-ms.date: 10/10/2024
+ms.date: 01/03/2025
 ms.author: sudhirsneha
 ms.custom:
 ms.service: azure-automation
@@ -19,8 +19,16 @@ This article provides guidance to move from Change Tracking and Inventory using
 
 Using the Azure portal, you can migrate from Change Tracking & Inventory with LA agent to Change Tracking & Inventory with AMA and there are two ways to do this migration: 
 
-- Migrate single/multiple VMs from the Virtual Machines page.
-- Migrate multiples VMs on LA version solution within a particular Automation Account.
+- Migrate single/multiple machines from the Azure Virtual Machines page or Machines-Azure Arc page.
+- Migrate multiple Virtual Machines on LA version solution within a particular Automation Account.
+
+Additionally, you can use a script to migrate all Virtual Machines and Arc-enabled non-Azure machines at a Log Analytics workspace level from LA version solution to Change Tracking and Inventory with AMA. This isn't possible using the Azure portal experience mentioned above.
+
+The script allows you to also migrate to the same workspace. If you are migrating to the same workspace then, the script will remove the LA(MMA/OMS) Agent from your machines. This may cause the other solutions to stop working. We therefore, recommend that you plan the migration accordingly. For example, first migrate other solution and then proceed with Change Tracking migration.
+
+> [!NOTE]
+> The removal doesn't work on MMA agents that were installed using the MSI installer. It only works on VM/Arc VM extensions.
+
 
 > [!NOTE]
 > File Integrity Monitoring (FIM) using [Microsoft Defender for Endpoint (MDE)](/azure/defender-for-cloud/file-integrity-monitoring-enable-defender-endpoint) is now currently available. Follow the guidance to migrate from:
@@ -74,79 +82,61 @@ To onboard through Azure portal, follow these steps:
 
 1. Select the specific Arc machine with Change Tracking V1 enabled that needs to be migrated to Change Tracking V2.
 
-1. Select **Migrate to Change Tracking with AMA** and in the **Configure with Azure monitor agent**,  provide the resource id in the **Log analytics workspace** and select **Migrate** to initiate the deployment.
+1. Select **Migrate to Change Tracking with AMA** and in the **Configure with Azure monitor agent**,  provide the resource ID in the **Log analytics workspace** and select **Migrate** to initiate the deployment.
 
    :::image type="content" source="media/guidance-migration-log-analytics-monitoring-agent/onboarding-single-arc-vm.png" alt-text="Screenshot of onboarding a single Arc VM to Change tracking and inventory using Azure monitoring agent." lightbox="media/guidance-migration-log-analytics-monitoring-agent/onboarding-single-arc-vm.png":::
 
 1. Select **Manage Activity log connection** to evaluate the incoming events and logs across LA agent and AMA version.
 
-### [Arc-enabled VMs - PowerShell script](#tab/ps-policy)
-
-To onboard Arc-enabled VMs, follow the steps:
+### [Log Analytics Workspace - PowerShell Script ](#tab/ps-policy)
 
 #### Prerequisites
 
-- Ensure you have PowerShell installed. The latest version of PowerShell 7 or higher is recommended. Follow the steps to [Install PowerShell on Windows, Linux, and macOS](/powershell/scripting/install/installing-powershell).
-- Obtain Read access for the specified workspace resources.
+- Ensure you have PowerShell installed on the machine where you are planning to execute the script.
+    - The script cannot be executed on Azure Cloud Shell.
+    -  The latest version of PowerShell 7 or higher is recommended. Follow the steps to [Install PowerShell on Windows, Linux, and macOS](/powershell/scripting/install/installing-powershell).
+- Obtain Write access for the specified workspace and machine resources.
 - [Install the latest version of the Az PowerShell module](/powershell/azure/install-azure-powershell). The **Az.Accounts** and **Az.OperationalInsights** modules are required to pull workspace agent configuration information.
 - Ensure you have Azure credentials to run `Connect-AzAccount` and `Select-AzContext` which set the script's context.
-Follow these steps to migrate using scripts.
+
+Follow these steps to migrate using scripts:
 
 #### Migration guidance
 
-1. Install the [script](https://github.com/mayguptMSFT/AzureMonitorCommunity/blob/master/Azure%20Services/Azure%20Monitor/Agents/Migration%20Tools/DCR%20Config%20Generator/CTDcrGenerator/CTWorkSpaceSettingstoDCR.ps1) and run it to conduct migrations. The script does the following:
+- The [script](https://github.com/Azure/ChangeTrackingAndInventory/blob/main/MigrateToChangeTrackingAndInventoryUsingAMA/CTAndIMigrationFromMMAToAMA.ps1) will migrate all Azure Machines and Arc enabled Non-Azure Machines onboarded to LA Agent Change Tracking solution for the Input Log Analytics Workspace to the Change Tracking using AMA agent for the Output Log Analytics Workspace. 
 
-    1. It ensures the new workspace resource ID is different from the one associated with the Change Tracking and Inventory using the LA version.
+- The script provides the ability to migrate using the same workspace, that is Input and Output Log Analytics Workspaces are the same. However, it will then remove the LA (MMA/OMS) agents from the machines.
 
-    1. It migrates the settings for the following data types:
-       - Windows Services
-       - Linux Files
-       - Windows Files
-       - Windows Registry
-       - Linux Daemons
+- The script migrates the settings for the following data types:
+    - Windows services
+    - Linux files
+    - Windows files
+    - Windows registry
+    - Linux Daemons
 
-    1. The script consists of the following **Parameters**  that require an input from you. 
-
-      **Parameter** | **Required** | **Description** |
-      --- | --- | --- |
-      `InputWorkspaceResourceId`| Yes | Resource ID of the workspace associated with Change Tracking & Inventory with Log Analytics. |
-      `OutputWorkspaceResourceId`| Yes | Resource ID of the workspace associated with Change Tracking & Inventory with Azure Monitoring Agent. |
-      `OutputDCRName`| Yes | Custom name of the new DCR created. |
-      `OutputDCRLocation`| Yes | Azure location of the output workspace ID. |
-      `OutputDCRTemplateFolderPath`| Yes | Folder path where DCR templates are created. |
-
-1. A DCR template is generated when you run the above script and the template is available in `OutputDCRTemplateFolderPath`. You have to associate the new DCR to transfer the settings to the Change Tracking and Inventory using AMA.
-
-   1. Sign in to [Azure portal](https://portal.azure.com) and go to **Monitor** and under **Settings**, select **Data Collection Rules**.
-   1. Select the data collection rule that you have created in Step 1 from the listing page.
-   1. In the data collection rule page, under **Configurations**, select **Resources** and then select **Add**.
-   1. In the Select a scope, from Resource types, select Machines-Azure Arc that is connected to the subscription and then select Apply to associate the ctdcr created in Step 1 to the Arc-enabled machine and it will also install the Azure Monitoring Agent extension. For more information, see [Enable Change Tracking and Inventory - for Arc-enabled VMs - using portal/CLI](enable-vms-monitoring-agent.md#enable-change-tracking-and-inventory).
- 
-   Install the Change Tracking extension as per the OS type for the Arc-enabled VM.
-    
-   **Linux**
-       
-   ```azurecli
-   az connectedmachine extension create  --name ChangeTracking-Linux  --publisher Microsoft.Azure.ChangeTrackingAndInventory --type-handler-version 2.20  --type ChangeTracking-Linux  --machine-name XYZ --resource-group XYZ-RG  --location X --enable-auto-upgrade
-   ```
-
-   **Windows**
-
-   ```azurecli
-   az connectedmachine extension create  --name ChangeTracking-Windows  --publisher Microsoft.Azure.ChangeTrackingAndInventory --type-handler-version 2.20  --type ChangeTracking-Windows  --machine-name XYZ --resource-group XYZ-RG  --location X --enable-auto-upgrade
-   ```   
-
-   If the CT logs table schema does not exist, the script mentioned in Step 1 will fail. To troubleshoot, run the following script - 
-
-    ```azurepowershell-interactive
-
-    $psWorkspace = Get-AzOperationalInsightsWorkspace -ResourceGroupName $resourceGroup -Name $laws
- 	 # Enabling CT solution on LA ws
-	 New-AzMonitorLogAnalyticsSolution -Type ChangeTracking -ResourceGroupName $resourceGroup -Location $psWorkspace.Location -WorkspaceResourceId $psWorkspace.ResourceId
-    ```
+- The script consists of the following **Parameters**  that require an input from you. 
+
+   **Parameter** | **Required** | **Description** |
+   --- | --- | --- |
+   `InputLogAnalyticsWorkspaceResourceId`| Yes | Resource ID of the workspace associated with Change Tracking & Inventory with Log Analytics. |
+   `OutputLogAnalyticsWorkspaceResourceId`| Yes | Resource ID of the workspace associated with Change Tracking & Inventory with Azure Monitoring Agent. |
+   `OutputDCRName`| Yes | Custom name of the new DCR to be created. |
+   `OutputVerbose`| No | Optional. Input $true for verbose logs. |
+   `AzureEnvironment`| Yes | Folder path where DCR templates are created. |
+
+- In Details, the script does the following:
+
+   1. Get list of all Azure and Arc Onboarded Non-Azure machines onboarded to Input Log Analytics Workspace for Change Tracking solution using MMA Agent. 
+   1. Create the Data Collection Rule (DCR) ARM template by fetching the files, services, tracking & registry settings configured in the legacy solution and translating them to equivalent settings for the latest solution using AMA Agent and Change Tracking Extensions for the Output Log Analytics Workspace. 
+   1. Deploy Change Tracking solution ARM template to Output Log Analytics Workspace. This is done only if migration to the same workspace is not done. The output workspace requires the legacy solution to create the log analytics tables for Change Tracking like ConfigurationChange & ConfigurationData. The deployment name will be DeployCTSolution_CTMig_{GUID} and it will be in same resource group as Output Log Analytics Workspace. 
+   1. Deploy the DCR ARM template created in Step 2. The deployment name will be OutputDCRName_CTMig_{GUID} and it will be in same resource group as Output Log Analytics Workspace. The DCR will be created in the same location as the Output Log Analytics Workspace. 
+   1. Removes MMA Agent from machines list populated in Step 1. This is done only if migration to the same workspace is carried out. Machines which have the MMA agent installed via the MSI, will not have the MMA agent removed. It will be removed only if the MMA Agent was installed as an extension. 
+   1. Assign DCR to machines and install AMA Agent and CT Extensions. The deployment name of it will be MachineName_CTMig and it will be in same resource group as the machine. 
+       - Assign the DCR deployed in Step 4 to all machines populated in Step 1. 
+       - Install the AMA Agent to all machines populated in Step 1.  
+       - Install the CT Agent to all machines populated in Step 1. 
 ---
 
-
 ### Compare data across Log analytics Agent and Azure Monitoring Agent version
 
 After you complete the onboarding to Change tracking with AMA version, select **Switch to CT with AMA** on the landing page to switch across the two versions and compare the following events.
@@ -175,17 +165,13 @@ To obtain the Log Analytics Workspace resource ID, follow these steps:
 
 **For single VM and Automation Account**
 
-1. 100 VMs per Automation Account can be migrated in one instance.
-1. Any VM with > 100 file/registry settings for migration via portal isn't supported now.
-1. Arc VM migration isn't supported with portal, we recommend that you use PowerShell script migration.
 1. For File Content changes-based settings, you have to migrate manually from LA version to AMA version of Change Tracking & Inventory. Follow the guidance listed in [Track file contents](manage-change-tracking-monitoring-agent.md#configure-file-content-changes).
-1. Alerts that you configure using the Log Analytics Workspace must be [manually configured](configure-alerts.md).
+1. If migration to different workspace is carried out, then alerts configured using the Log Analytics Workspace must be [manually configured](configure-alerts.md).
 
 ### [Using PowerShell script](#tab/limit-policy)
 
-1. For File Content changes-based settings, you must migrate manually from LA version to AMA version of Change Tracking & Inventory. Follow the guidance listed in [Track file contents](manage-change-tracking.md#track-file-contents).
-1. Any VM with > 100 file/registry settings for migration via Azure portal isn't supported.
-1. Alerts that you configure using the Log Analytics Workspace must be [manually configured](configure-alerts.md).
+1. For File Content changes-based settings, you have to migrate manually from LA version to AMA version of Change Tracking & Inventory. Follow the guidance listed in [Track file contents](manage-change-tracking-monitoring-agent.md#configure-file-content-changes).
+1. If migration to different workspace is carried out, then alerts configured using the Log Analytics Workspace must be [manually configured](configure-alerts.md).
 
 ---
 
 
@@ -2,7 +2,7 @@
 title: Support Matrix for Azure file share backup by using Azure Backup
 description: Provides a summary of support settings and limitations when backing up Azure file shares.
 ms.topic: reference
-ms.date: 12/31/2024
+ms.date: 01/06/2025
 ms.custom: references_regions, engagement-fy24
 ms.service: azure-backup
 author: AbhishekMallick-MS
@@ -57,6 +57,10 @@ Cross Subscription Backup (CSB) for Azure File share (preview) is currently avai
 | --- | --- |
 | Account Kind | Azure Backup supports Azure file shares present in general-purpose v2, and file storage type storage accounts. |
 
+>[!Important]
+>The source Storage Account must have the **Allow storage account key access** setting enabled for successful Azure Files backup and restore.
+
+
 >[!Note]
 >Storage accounts with restricted network access aren't supported.   
 
 
@@ -2,7 +2,7 @@
 title: Back up Azure File shares in the Azure portal
 description: Learn how to use the Azure portal to back up Azure File shares in the Recovery Services vault
 ms.topic: how-to
-ms.date: 12/31/2024
+ms.date: 01/06/2025
 ms.service: azure-backup
 ms.custom: engagement-fy23
 author: AbhishekMallick-MS
@@ -25,6 +25,8 @@ Azure File share backup is a native, cloud based backup solution that protects y
 * Ensure the file share is present in one of the supported storage account types. Review the [support matrix](azure-file-share-support-matrix.md).
 * Identify or create a [Recovery Services vault](#create-a-recovery-services-vault) in the same region and subscription as the storage account that hosts the file share.
 * In case you have restricted access to your storage account, check the firewall settings of the account to ensure that the exception "Allow Azure services on the trusted services list to access this storage account" is granted. You can refer to [this](../storage/common/storage-network-security.md?tabs=azure-portal#manage-exceptions) link for the steps to grant an exception.
+* Ensure that you allow the **Storage account key access** in the required storage account.
+
 >[!Important]
 >To perform [Cross Subscription Backup (CSB)  for protecting Azure File share (preview)](azure-file-share-backup-overview.md#how-cross-subscription-backup-for-azure-file-share-preview-works) in another subscription, ensure you register `Microsoft.RecoveryServices` in the **subscription of the file share** in addition to the above prerequisites. Learn about the [supported regions for Cross Subscription Backup (preview)](azure-file-share-support-matrix.md#supported-regions-for-cross-subscription-backup-preview).