Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into mrb_10_31_2022_how_to_updates

Author: mrbullwinkle

articles/active-directory/develop/media/workload-identity-federation-create-trust-user-assigned-managed-identity/copy-managed-identity-id.png

@@ -19,7 +19,7 @@ zone_pivot_groups: identity-wif-mi-methods
 
 # Configure a user-assigned managed identity to trust an external identity provider (preview)
 
-This article describes how to manage a federated identity credential on a user-assigned managed identity in Azure Active Directory (Azure AD).  The federated identity credential creates a trust relationship between a user-assigned managed identity and an external identity provider (IdP).  Configuring a federated identity credential on a system-assigned managed identity is not supported.
+This article describes how to manage a federated identity credential on a user-assigned managed identity in Azure Active Directory (Azure AD).  The federated identity credential creates a trust relationship between a user-assigned managed identity and an external identity provider (IdP).  Configuring a federated identity credential on a system-assigned managed identity isn't supported.
 
 After you configure your user-assigned managed identity to trust an external IdP, configure your external software workload to exchange a token from the external IdP for an access token from Microsoft identity platform. The external workload uses the access token to access Azure AD protected resources without needing to manage secrets (in supported scenarios).  To learn more about the token exchange workflow, read about [workload identity federation](workload-identity-federation.md).  
 
@@ -50,13 +50,27 @@ In the **Federated credential scenario** dropdown box, select your scenario.
 
 ### GitHub Actions deploying Azure resources
 
-For **Entity type**, select **Environment**, **Branch**, **Pull request**, or **Tag** and specify the value. The values must exactly match the configuration in the [GitHub workflow](https://docs.github.com/actions/using-workflows/workflow-syntax-for-github-actions#on).  For more info, read the [examples](#entity-type-examples).
+To add a federated identity for GitHub actions, follow these steps:
 
-Add a **Name** for the federated credential.
+1. For **Entity type**, select **Environment**, **Branch**, **Pull request**, or **Tag** and specify the value. The values must exactly match the configuration in the [GitHub workflow](https://docs.github.com/actions/using-workflows/workflow-syntax-for-github-actions#on).  For more info, read the [examples](#entity-type-examples).
 
-The **Issuer**, **Audiences**, and **Subject identifier** fields autopopulate based on the values you entered.
+1. Add a **Name** for the federated credential.
 
-Click **Add** to configure the federated credential.
+1. The **Issuer**, **Audiences**, and **Subject identifier** fields autopopulate based on the values you entered.
+
+1. Select **Add** to configure the federated credential.
+
+Use the following values from your Azure AD Managed Identity for your GitHub workflow:
+
+- `AZURE_CLIENT_ID` the managed identity **Client ID**
+
+- `AZURE_SUBSCRIPTION_ID` the **Subscription ID**. 
+
+    The following screenshot demonstrates how to copy the managed identity ID and subscription ID.
+
+    [![Screenshot that demonstrates how to copy the managed identity ID and subscription ID from Azure portal.](./media/workload-identity-federation-create-trust-user-assigned-managed-identity/copy-managed-identity-id.png)](./media/workload-identity-federation-create-trust-user-assigned-managed-identity/copy-managed-identity-id.png#lightbox)
+
+- `AZURE_TENANT_ID` the **Directory (tenant) ID**. Learn [how to find your Azure Active Directory tenant ID](../fundamentals/active-directory-how-to-find-tenant.md).
 
 #### Entity type examples
 
@@ -128,7 +142,7 @@ Fill in the **Cluster issuer URL**, **Namespace**, **Service account name**, and
 - **Namespace** is the service account namespace.
 - **Name** is the name of the federated credential, which can't be changed later.
 
-Click **Add** to configure the federated credential.
+Select **Add** to configure the federated credential.
 
 ### Other
 
@@ -140,7 +154,7 @@ Specify the following fields (using a software workload running in Google Cloud
 - **Subject identifier**: must match the `sub` claim in the token issued by the external identity provider.  In this example using Google Cloud, *subject* is the Unique ID of the service account you plan to use.
 - **Issuer**: must match the `iss` claim in the token issued by the external identity provider. A URL that complies with the OIDC Discovery spec. Azure AD uses this issuer URL to fetch the keys that are necessary to validate the token. For Google Cloud, the *issuer* is "https://accounts.google.com".
 
-Click **Add** to configure the federated credential.
+Select **Add** to configure the federated credential.
 
 ## List federated identity credentials on a user-assigned managed identity
 
@@ -356,11 +370,11 @@ Federated identity credential and parent user assigned identity can be created o
 
 All of the template parameters are mandatory.
 
-There is a limit of 3-120 characters for a federated identity credential name length. It must be alphanumeric, dash, underscore. First symbol is alphanumeric only.  
+There's a limit of 3-120 characters for a federated identity credential name length. It must be alphanumeric, dash, underscore. First symbol is alphanumeric only.  
 
-You must add exactly 1 audience to a federated identity credential. The audience is verified during token exchange. Use “api://AzureADTokenExchange” as the default value.
+You must add exactly one audience to a federated identity credential. The audience is verified during token exchange. Use “api://AzureADTokenExchange” as the default value.
 
-List, Get, and Delete operations are not available with template. Refer to Azure CLI for these operations.  By default, all child federated identity credentials are created in parallel, which triggers concurrency detection logic and causes the deployment to fail with a 409-conflict HTTP status code. To create them sequentially, specify a chain of dependencies using the *dependsOn* property.
+List, Get, and Delete operations aren't available with template. Refer to Azure CLI for these operations.  By default, all child federated identity credentials are created in parallel, which triggers concurrency detection logic and causes the deployment to fail with a 409-conflict HTTP status code. To create them sequentially, specify a chain of dependencies using the *dependsOn* property.
 
 Make sure that any kind of automation creates federated identity credentials under the same parent identity sequentially. Federated identity credentials under different managed identities can be created in parallel without any restrictions.
 

articles/active-directory/develop/media/workload-identity-federation-create-trust/copy-client-id.png

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: how-to
 ms.workload: identity
-ms.date: 07/27/2022
+ms.date: 10/31/2022
 ms.author: ryanwi
 ms.custom: aaddev
 ms.reviewer: shkhalid, udayh, vakarand
@@ -43,21 +43,37 @@ Get the *subject* and *issuer* information for your external IdP and software wo
 ## Configure a federated identity credential on an app
 
 ### GitHub Actions
-Find your app registration in the [App Registrations](https://aka.ms/appregistrations) experience of the Azure portal.  Select **Certificates & secrets** in the left nav pane, select the **Federated credentials** tab, and select **Add credential**.
 
-In the **Federated credential scenario** drop-down box, select **GitHub actions deploying Azure resources**.
+To add a federated identity for GitHub actions, follow these steps:
+
+1. Find your app registration in the [App Registrations](https://aka.ms/appregistrations) experience of the Azure portal.  Select **Certificates & secrets** in the left nav pane, select the **Federated credentials** tab, and select **Add credential**.
+
+1. In the **Federated credential scenario** drop-down box, select **GitHub actions deploying Azure resources**.
+
+1. Specify the **Organization** and **Repository** for your GitHub Actions workflow.  
+
+1. For **Entity type**, select **Environment**, **Branch**, **Pull request**, or **Tag** and specify the value. The values must exactly match the configuration in the [GitHub workflow](https://docs.github.com/actions/using-workflows/workflow-syntax-for-github-actions#on). Pattern matching isn't supported for branches and tags. Specify an environment if your on-push workflow runs against many branches or tags. For more info, read the [examples](#entity-type-examples).
+
+1. Add a **Name** for the federated credential.
+
+1. The **Issuer**, **Audiences**, and **Subject identifier** fields autopopulate based on the values you entered.
+
+1. Select **Add** to configure the federated credential.
+
+    :::image type="content" source="media/workload-identity-federation-create-trust/add-credential.png" alt-text="Screenshot of the Add a credential window, showing sample values." :::
 
-Specify the **Organization** and **Repository** for your GitHub Actions workflow.  
 
-For **Entity type**, select **Environment**, **Branch**, **Pull request**, or **Tag** and specify the value. The values must exactly match the configuration in the [GitHub workflow](https://docs.github.com/actions/using-workflows/workflow-syntax-for-github-actions#on). Pattern matching is not supported for branches and tags. Specify an environment if your on-push workflow runs against many branches or tags. For more info, read the [examples](#entity-type-examples).
+Use the following values from your Azure AD application registration for your GitHub workflow:
 
-Add a **Name** for the federated credential.
+- `AZURE_CLIENT_ID` the **Application (client) ID** 
 
-The **Issuer**, **Audiences**, and **Subject identifier** fields autopopulate based on the values you entered.
+- `AZURE_TENANT_ID` the **Directory (tenant) ID**
+    
+    The following screenshot demonstrates how to copy the application ID and tenant ID.
 
-Click **Add** to configure the federated credential.
+    ![Screenshot that demonstrates how to copy the application ID and tenant ID from Microsoft Entra portal.](./media/workload-identity-federation-create-trust/copy-client-id.png)
 
-:::image type="content" source="media/workload-identity-federation-create-trust/add-credential.png" alt-text="Screenshot of the Add a credential window, showing sample values." :::
+- `AZURE_SUBSCRIPTION_ID` your subscription ID. To get the subscription ID, open **Subscriptions** in Azure portal and find your subscription. Then, copy the **Subscription ID**.
 
 #### Entity type examples
 
@@ -173,7 +189,7 @@ To delete a federated identity credential, select the **Delete** icon for the cr
 
 Run the [az ad app federated-credential create](/cli/azure/ad/app/federated-credential) command to create a new federated identity credential on your app.  
 
-The *id* parameter specifies the identifier URI, application ID, or object ID of the application.  *parameters* specifies the parameters, in JSON format, for creating the federated identity credential.
+The `id` parameter specifies the identifier URI, application ID, or object ID of the application. The `parameters` parameter specifies the parameters, in JSON format, for creating the federated identity credential.
 
 ### GitHub Actions example
 

articles/active-directory/develop/workload-identity-federation-create-trust-user-assigned-managed-identity.md

@@ -118,7 +118,7 @@ az aks update -g <resourceGroup> -n <clusterName> --kube-proxy-config kube-proxy
 
 ## Next steps
 
-Learn more about utilizing the Standard Load Balancer for inbound traffic at the [AKS Standard Load Balancer documentation][load-balancer-standard.md].
+Learn more about utilizing the Standard Load Balancer for inbound traffic at the [AKS Standard Load Balancer documentation](load-balancer-standard.md).
 
 Learn more about using Internal Load Balancer for Inbound traffic at the [AKS Internal Load Balancer documentation](internal-lb.md).
 

articles/active-directory/develop/workload-identity-federation-create-trust.md

@@ -8,12 +8,10 @@ ms.date: 03/25/2021
 
 # Preview - Secure your cluster using pod security policies in Azure Kubernetes Service (AKS)
 
-> [!WARNING]
-> **The feature described in this document, pod security policy (preview), will begin [deprecation](https://kubernetes.io/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/) with Kubernetes version 1.21, with its removal in version 1.25.** You can now [Migrate Pod Security Policy to Pod Security Admission Controller](https://kubernetes.io/docs/tasks/configure-pod-container/migrate-from-psp/) ahead of the deprecation.
->
-> After pod security policy (preview) is deprecated, you must have already migrated to Pod Security Admission controller or disabled the feature on any existing clusters using the deprecated feature to perform future cluster upgrades and stay within Azure support.
+[!Important]
+The feature described in this document, pod security policy (preview), will begin deprecation with Kubernetes version 1.21, with its removal in version 1.25. AKS will mark Pod Security Policy as "Deprecated" in the AKS API on 04-01-2023. You can now Migrate Pod Security Policy to Pod Security Admission Controller ahead of the deprecation.
 
-To improve the security of your AKS cluster, you can limit what pods can be scheduled. Pods that request resources you don't allow can't run in the AKS cluster. You define this access using pod security policies. This article shows you how to use pod security policies to limit the deployment of pods in AKS.
+After pod security policy (preview) is deprecated, you must have already migrated to Pod Security Admission controller or disabled the feature on any existing clusters using the deprecated feature to perform future cluster upgrades and stay within Azure support.
 
 [!INCLUDE [preview features callout](./includes/preview/preview-callout.md)]
 

articles/aks/configure-kube-proxy.md

@@ -3,7 +3,7 @@ title: Quickstart - Create an Azure Analysis Services server resource by using B
 description: Quickstart showing how to an Azure Analysis Services server resource by using a Bicep file.
 ms.date: 03/08/2022
 ms.topic: quickstart
-ms.service: analysis-services
+ms.service: azure-analysis-services
 ms.author: jgao
 author: mumian
 tags: azure-resource-manager, bicep

articles/aks/use-pod-security-policies.md

@@ -19,7 +19,7 @@ Azure Analysis Services is a fully managed platform as a service (PaaS) that pro
 
 ![Data sources](./media/analysis-services-overview/aas-overview-overall.png)
 
-**Video:** Check out [Azure Analysis Services Overview](https://sec.ch9.ms/ch9/d6dd/a1cda46b-ef03-4cea-8f11-68da23c5d6dd/AzureASoverview_high.mp4)  to learn how Azure Analysis Services fits in with Microsoft's overall BI capabilities.
+**Video:** Check out [Azure Analysis Services Overview](https://www.youtube.com/watch?v=m1jnG1zIvTo&t=31s) to learn how Azure Analysis Services fits in with Microsoft's overall BI capabilities.
 
 ## Get up and running quickly
 

articles/analysis-services/analysis-services-create-bicep-file.md

@@ -1,13 +1,13 @@
 ---
-title: Intelligent document processing - Form Recognizer
+title: Form Recognizer overview
 titleSuffix: Azure Applied AI Services
-description: Machine-learning based OCR and document understanding service to automate extraction of text, table and structure, and key-value pairs from your forms and documents.
+description: Machine-learning based OCR and intelligent document processing understanding service to automate extraction of text, table and structure, and key-value pairs from your forms and documents.
 author: laujan
 manager: nitinme
 ms.service: applied-ai-services
 ms.subservice: forms-recognizer
 ms.topic: overview
-ms.date: 10/20/2022
+ms.date: 10/31/2022
 ms.author: lajanuar
 recommendations: false
 ---
@@ -16,13 +16,7 @@ recommendations: false
 <!-- markdownlint-disable MD024 -->
 <!-- markdownlint-disable MD036 -->
 
-# What is Intelligent Document Processing?
-
-Intelligent Document Processing (IDP) refers to capturing, transforming, and processing data from documents (e.g., PDF, or scanned documents including Microsoft Office and HTML documents). It typically uses advanced machine-learning based technologies like computer vision, Optical Character Recognition (OCR), document layout analysis, and Natural Language Processing (NLP) to extract meaningful information, process and integrate with other systems.
-
-IDP solutions can extract data from structured documents with pre-defined layouts like a tax form, unstructured or free-form documents like a contract, and semi-structured documents. They have a wide variety of benefits spanning knowledge mining, business process automation, and industry-specific applications. Examples include invoice processing, medical claims processing, and contracts workflow automation.
-
-## What is Azure Form Recognizer?
+# What is Azure Form Recognizer?
 
 ::: moniker range="form-recog-3.0.0"
 [!INCLUDE [applies to v3.0](includes/applies-to-v3-0.md)]

articles/analysis-services/analysis-services-overview.md

@@ -1227,7 +1227,7 @@ For a list of preinstalled system libraries in Python worker Docker images, see
 
 |  Functions runtime  | Debian version | Python versions |
 |------------|------------|------------|
-| Version 3.x | Buster | [Python 3.6](https://github.com/Azure/azure-functions-docker/blob/master/host/3.0/buster/amd64/python/python36/python36.Dockerfile)<br/>[Python 3.7](https://github.com/Azure/azure-functions-docker/blob/master/host/3.0/buster/amd64/python/python37/python37.Dockerfile)<br />[Python 3.8](https://github.com/Azure/azure-functions-docker/blob/master/host/3.0/buster/amd64/python/python38/python38.Dockerfile)<br/> [Python 3.9](https://github.com/Azure/azure-functions-docker/blob/master/host/3.0/buster/amd64/python/python39/python39.Dockerfile)|
+| Version 3.x | Buster | [Python 3.7](https://github.com/Azure/azure-functions-docker/blob/master/host/3.0/buster/amd64/python/python37/python37.Dockerfile)<br />[Python 3.8](https://github.com/Azure/azure-functions-docker/blob/master/host/3.0/buster/amd64/python/python38/python38.Dockerfile)<br/> [Python 3.9](https://github.com/Azure/azure-functions-docker/blob/master/host/3.0/buster/amd64/python/python39/python39.Dockerfile)|
 
 ## Python worker extensions