Merge pull request #218178 from MicrosoftDocs/main

Publish to live, Sunday 4 PM PST, 11/13

Author: LJSpiller

articles/aks/deploy-marketplace.md

@@ -40,7 +40,7 @@ az provider register --namespace Microsoft.KubernetesConfiguration --wait
 
 ## Select and deploy a Kubernetes offer
 
-1. In the [Azure portal](https://ms.portal.azure.com/), search for **Marketplace** on the top search bar. In the results, under **Services**, select **Marketplace**.
+1. In the [Azure portal](https://portal.azure.com/), search for **Marketplace** on the top search bar. In the results, under **Services**, select **Marketplace**.
 
 1. You can search for an offer or publisher directly by name, or you can browse all offers. To find Kubernetes application offers, use the **Product Type** filter for **Azure Containers**. 
 

articles/aks/operator-best-practices-run-at-scale.md

@@ -58,7 +58,7 @@ To increase the node limit beyond 1000, you must have the following pre-requisit
 [Managed NAT Gateway - Azure Kubernetes Service]: nat-gateway.md
 [Configure Azure CNI networking in Azure Kubernetes Service (AKS)]: configure-azure-cni.md#dynamic-allocation-of-ips-and-enhanced-subnet-support
 [max surge]: upgrade-cluster.md?tabs=azure-cli#customize-node-surge-upgrade
-[Azure Portal]: https://ms.portal.azure.com/#create/Microsoft.Support/Parameters/%7B%0D%0A%09%22subId%22%3A+%22%22%2C%0D%0A%09%22pesId%22%3A+%225a3a423f-8667-9095-1770-0a554a934512%22%2C%0D%0A%09%22supportTopicId%22%3A+%2280ea0df7-5108-8e37-2b0e-9737517f0b96%22%2C%0D%0A%09%22contextInfo%22%3A+%22AksLabelDeprecationMarch22%22%2C%0D%0A%09%22caller%22%3A+%22Microsoft_Azure_ContainerService+%2B+AksLabelDeprecationMarch22%22%2C%0D%0A%09%22severity%22%3A+%223%22%0D%0A%7D
+[Azure Portal]: https://portal.azure.com/#create/Microsoft.Support/Parameters/%7B%0D%0A%09%22subId%22%3A+%22%22%2C%0D%0A%09%22pesId%22%3A+%225a3a423f-8667-9095-1770-0a554a934512%22%2C%0D%0A%09%22supportTopicId%22%3A+%2280ea0df7-5108-8e37-2b0e-9737517f0b96%22%2C%0D%0A%09%22contextInfo%22%3A+%22AksLabelDeprecationMarch22%22%2C%0D%0A%09%22caller%22%3A+%22Microsoft_Azure_ContainerService+%2B+AksLabelDeprecationMarch22%22%2C%0D%0A%09%22severity%22%3A+%223%22%0D%0A%7D
 [uptime SLA]: uptime-sla.md
 
 <!-- LINKS - Internal -->

articles/app-service/quickstart-wordpress.md

@@ -25,7 +25,7 @@ To complete this quickstart, you need an Azure account with an active subscripti
 
 ## Create WordPress site using Azure portal
 
-1. To start creating the WordPress site, browse to [https://ms.portal.azure.com/#create/WordPress.WordPress](https://ms.portal.azure.com/#create/WordPress.WordPress).
+1. To start creating the WordPress site, browse to [https://portal.azure.com/#create/WordPress.WordPress](https://portal.azure.com/#create/WordPress.WordPress).
 
     :::image type="content" source="./media/quickstart-wordpress/01-portal-create-wordpress-on-app-service.png?text=WordPress from Azure Marketplace" alt-text="Screenshot of Create a WordPress site.":::
 

articles/azure-arc/servers/concept-log-analytics-extension-deployment.md

@@ -40,7 +40,7 @@ This method supports managing the installation, management, and removal of VM ex
 
 ### Use Azure Policy
 
-You can use Azure Policy to deploy the Azure Monitor agent VM extension at-scale to machines in your environment, and maintain configuration compliance. This is accomplished by using either the [**Configure Linux Arc-enabled machines to run Azure Monitor Agent**](https://ms.portal.azure.com/#view/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F845857af-0333-4c5d-bbbc-6076697da122) or the [**Configure Windows Arc-enabled machines to run Azure Monitor Agent**](https://ms.portal.azure.com/#view/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F94f686d6-9a24-4e19-91f1-de937dc171a4) policy definition.
+You can use Azure Policy to deploy the Azure Monitor agent VM extension at-scale to machines in your environment, and maintain configuration compliance. This is accomplished by using either the [**Configure Linux Arc-enabled machines to run Azure Monitor Agent**](https://portal.azure.com/#view/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F845857af-0333-4c5d-bbbc-6076697da122) or the [**Configure Windows Arc-enabled machines to run Azure Monitor Agent**](https://portal.azure.com/#view/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F94f686d6-9a24-4e19-91f1-de937dc171a4) policy definition.
 
 Azure Policy includes several prebuilt definitions related to Azure Monitor. For a complete list of the built-in policies in the  **Monitoring** category, see [Azure Policy built-in definitions for Azure Monitor](../../azure-monitor/policy-reference.md).
 

articles/azure-monitor/insights/insights-overview.md

@@ -17,7 +17,7 @@ Some visualizations are considered part of Azure Monitor and follow the support
 
 ## Insights and curated visualizations
 
-The following table lists the available curated visualizations and information about them. **Most** of the list below can be found in the [Insights hub in the Azure portal](https://ms.portal.azure.com/#view/Microsoft_Azure_Monitoring/AzureMonitoringBrowseBlade/~/more). The table uses the same grouping as portal.
+The following table lists the available curated visualizations and information about them. **Most** of the list below can be found in the [Insights hub in the Azure portal](https://portal.azure.com/#view/Microsoft_Azure_Monitoring/AzureMonitoringBrowseBlade/~/more). The table uses the same grouping as portal.
 
 >[!NOTE]
 > Another type of older visualization called *monitoring solutions* is no longer in active development. The replacement technology is the Azure Monitor Insights, as mentioned here. We suggest you use the Insights and not deploy new instances of solutions. For more information on the solutions, see [Monitoring solutions in Azure Monitor](solutions.md).

articles/azure-monitor/logs/manage-access.md

@@ -29,7 +29,7 @@ The factors that define the data you can access are described in the following t
 | [Access mode](#access-mode) | Method used to access the workspace. Defines the scope of the data available and the access control mode that's applied. |
 | [Access control mode](#access-control-mode) | Setting on the workspace that defines whether permissions are applied at the workspace or resource level. |
 | [Azure role-based access control (RBAC)](#azure-rbac) | Permissions applied to individuals or groups of users for the workspace or resource sending data to the workspace. Defines what data you have access to. |
-| [Table-level Azure RBAC](#set-table-level-read-access) | Optional permissions that define specific data types in the workspace that you can access. Apply to all users no matter your access mode or access control mode. |
+| [Table-level Azure RBAC](#set-table-level-read-access-preview) | Optional permissions that define specific data types in the workspace that you can access. Apply to all users no matter your access mode or access control mode. |
 
 ## Access mode
 
@@ -56,14 +56,14 @@ The following table summarizes the access modes:
 |:---|:---|:---|
 | Who is each model intended for? | Central administration.<br>Administrators who need to configure data collection and users who need access to a wide variety of resources. Also currently required for users who need to access logs for resources outside of Azure. | Application teams.<br>Administrators of Azure resources being monitored. Allows them to focus on their resource without filtering. |
 | What does a user require to view logs? | Permissions to the workspace.<br>See "Workspace permissions" in [Manage access using workspace permissions](./manage-access.md#azure-rbac). | Read access to the resource.<br>See "Resource permissions" in [Manage access using Azure permissions](./manage-access.md#azure-rbac). Permissions can be inherited from the resource group or subscription or directly assigned to the resource. Permission to the logs for the resource will be automatically assigned. The user doesn't require access to the workspace.|
-| What is the scope of permissions? | Workspace.<br>Users with access to the workspace can query all logs in the workspace from tables they have permissions to. See [Set table-level read access](./manage-access.md#set-table-level-read-access). | Azure resource.<br>Users can query logs for specific resources, resource groups, or subscriptions they have access to in any workspace, but they can't query logs for other resources. |
+| What is the scope of permissions? | Workspace.<br>Users with access to the workspace can query all logs in the workspace from tables they have permissions to. See [Set table-level read access](./manage-access.md#set-table-level-read-access-preview). | Azure resource.<br>Users can query logs for specific resources, resource groups, or subscriptions they have access to in any workspace, but they can't query logs for other resources. |
 | How can a user access logs? | On the **Azure Monitor** menu, select **Logs**.<br><br>Select **Logs** from **Log Analytics workspaces**.<br><br>From Azure Monitor [workbooks](../best-practices-analysis.md#workbooks). | Select **Logs** on the menu for the Azure resource. Users will have access to data for that resource.<br><br>Select **Logs** on the **Azure Monitor** menu. Users will have access to data for all resources they have access to.<br><br>Select **Logs** from **Log Analytics workspaces**. Users will have access to data for all resources they have access to.<br><br>From Azure Monitor [workbooks](../best-practices-analysis.md#workbooks). |
 
 ## Access control mode
 
 The *access control mode* is a setting on each workspace that defines how permissions are determined for the workspace.
 
-* **Require workspace permissions**. This control mode doesn't allow granular Azure RBAC. To access the workspace, the user must be [granted permissions to the workspace](#azure-rbac) or to [specific tables](#set-table-level-read-access).
+* **Require workspace permissions**. This control mode doesn't allow granular Azure RBAC. To access the workspace, the user must be [granted permissions to the workspace](#azure-rbac) or to [specific tables](#set-table-level-read-access-preview).
 
     If a user accesses the workspace in [workspace-context mode](#access-mode), they have access to all data in any table they've been granted access to. If a user accesses the workspace in [resource-context mode](#access-mode), they have access to only data for that resource in any table they've been granted access to.
 
@@ -276,11 +276,11 @@ Grant a user access to log data from their resources and read all Azure AD sign-
   - `Microsoft.OperationalInsights/workspaces/query/ComputerGroup/read`: Required to be able to use Update Management solutions
 - Grant users the following permissions to their resources: `*/read`, assigned to the Reader role, or `Microsoft.Insights/logs/*/read`
 
-## Set table-level read access
+## Set table-level read access (preview)
 
 To create a [custom role](../../role-based-access-control/custom-roles.md) that lets specific users or groups read data from specific tables in a workspace:
 
-1. Create a custom role that grants read access to table data, based on the built-in Azure Monitor Logs **Reader** role:
+1. Create a custom role that grants users permission to execute queries in the Log Analytics workspace, based on the built-in Azure Monitor Logs **Reader** role:
 
     1. Navigate to your workspace and select **Access control (AIM)** > **Roles**.
 
@@ -290,7 +290,7 @@ To create a [custom role](../../role-based-access-control/custom-roles.md) that
 
        This opens the **Create a custom role** screen.
 
-    1. On the **Basics** tab of the screen enter a **Custom role name** value and, optionally, provide a description.
+    1. On the **Basics** tab of the screen, enter a **Custom role name** value and, optionally, provide a description.
 
         :::image type="content" source="media/manage-access/manage-access-create-custom-role.png" alt-text="Screenshot that shows the Basics tab of the Create a custom role screen with the Custom role name and Description fields highlighted." lightbox="media/manage-access/manage-access-create-custom-role.png":::
 
@@ -299,17 +299,6 @@ To create a [custom role](../../role-based-access-control/custom-roles.md) that
         :::image type="content" source="media/manage-access/manage-access-create-custom-role-json.png" alt-text="Screenshot that shows the JSON tab of the Create a custom role screen with the actions section of the JSON file highlighted." lightbox="media/manage-access/manage-access-create-custom-role-json.png":::    
 
     1. Select **Review + Create** at the bottom of the screen, and then **Create** on the next page.   
-    1. Copy the custom role ID:
-        1. Select **Access control (AIM)** > **Roles**.
-        1. Right-click on your custom role and select **Edit**. 
-          
-           This opens the **Custom Role** screen.
-
-            :::image type="content" source="media/manage-access/manage-access-role-definition-id.png" alt-text="Screenshot that shows the JSON tab of the Custom Role screen with the ID field highlighted." lightbox="media/manage-access/manage-access-role-definition-id.png":::        
-
-        1. Select **JSON** and copy the `id` field.
-             
-            You'll need the `/providers/Microsoft.Authorization/roleDefinitions/<definition_id>` value when you call the `https://management.azure.com/batch?api-version=2020-06-01` POST API.
 
 1. Assign your custom role to the relevant users or groups:
     1. Select **Access control (AIM)** > **Add** > **Add role assignment**.
@@ -339,9 +328,9 @@ To create a [custom role](../../role-based-access-control/custom-roles.md) that
                 "content": {
                     "Id": "<GUID_1>",
                     "Properties": {
-                        "PrincipalId": "<User_object_ID>",
+                        "PrincipalId": "<user_object_ID>",
                         "PrincipalType": "User",
-                        "RoleDefinitionId": "<custom_role_ID>",
+                        "RoleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
                         "Scope": "/subscriptions/<subscription_ID>/resourceGroups/<resource_group_name>/providers/Microsoft.OperationalInsights/workspaces/<workspace_name>/Tables/<table_name>",
                         "Condition": null,
                         "ConditionVersion": null
@@ -360,15 +349,15 @@ To create a [custom role](../../role-based-access-control/custom-roles.md) that
 
     Where:
     - You can generate a GUID for `<GUID 1>` and `<GUID 2>` using any GUID generator.
-    - `<custom_role_ID>` is the `/providers/Microsoft.Authorization/roleDefinitions/<definition_id>` value you copied earlier.
+    - `<user_object_ID>` is the object ID of the user to which you want to grant table read access.
     - `<subscription_ID>` is the ID of the subscription related to the workspace.
     - `<resource_group_name>` is the resource group of the workspace.
     - `<workspace_name>` is the name of the workspace.
     - `<table_name>` is the name of the table to which you want to assign the user or group permission to read data from.
 
 ### Legacy method of setting table-level read access
 
-[Azure custom roles](../../role-based-access-control/custom-roles.md) let you grant access to specific tables in the workspace, although we recommend defining [table-level read access](#set-table-level-read-access) as described above. 
+[Azure custom roles](../../role-based-access-control/custom-roles.md) let you grant access to specific tables in the workspace, although we recommend defining [table-level read access](#set-table-level-read-access-preview) as described above. 
 
 Azure custom roles apply to workspaces with either workspace-context or resource-context [access control modes](#access-control-mode) regardless of the user's [access mode](#access-mode).
 

articles/azure-monitor/logs/workspace-design.md

@@ -105,7 +105,7 @@ When you grant a user [access to a workspace](manage-access.md#azure-rbac), the
 - **If you want users to be able to access data for their resources:** Keep the default access control mode of **Use resource or workspace permissions**.
 - **If you want to explicitly assign permissions for all users:** Change the access control mode to **Require workspace permissions**.
 
-[Table-level RBAC](manage-access.md#set-table-level-read-access): With table-level RBAC, you can grant or deny access to specific tables in the workspace. In this way, you can implement granular permissions required for specific situations in your environment.
+[Table-level RBAC](manage-access.md#set-table-level-read-access-preview): With table-level RBAC, you can grant or deny access to specific tables in the workspace. In this way, you can implement granular permissions required for specific situations in your environment.
 
 For example, you might grant access to only specific tables collected by Microsoft Sentinel to an internal auditing team. Or you might deny access to security-related tables to resource owners who need operational data related to their resources.
 

articles/azure-monitor/monitor-reference.md

@@ -20,9 +20,9 @@ For a list of Azure resource provider namespaces, see [Resource providers for Az
 For a list of resource providers that support Azure Monitor
 
 - **Metrics** - See [Supported metrics in Azure Monitor](essentials/metrics-supported.md).
-- **Metric alerts** - See [Supported resources for metric alerts in Azure Monitor](/alerts/alerts-metric-near-real-time.md).
-- **Prometheus metrics** - See [TBD](essentials/FILL ME IN.md).
-- **Resource logs** - See [Supported categories for Azure Monitor resource logs](/essentials/resource-logs-categories.md).
+- **Metric alerts** - See [Supported resources for metric alerts in Azure Monitor](alerts/alerts-metric-near-real-time.md).
+- **Prometheus metrics** - See [Prometheus metrics overview](essentials/prometheus-metrics-overview.md#enable).
+- **Resource logs** - See [Supported categories for Azure Monitor resource logs](essentials/resource-logs-categories.md).
 - **Activity log** - All entries in the activity log are available for query, alerting and routing to Azure Monitor Logs store regardless of resource provider.
 
 ## Services that require agents

articles/azure-video-indexer/logic-apps-connector-arm-accounts.md

@@ -44,7 +44,7 @@ The following image shows the first flow:
 
 ![Screenshot of the file upload flow.](./media/logic-apps-connector-arm-accounts/first-flow-high-level.png)
 
-1. Create the [Logic App](https://ms.portal.azure.com/#create/Microsoft.LogicApp). We create a Logic App in the same region as the Azure Video  Indexer region (recommended but not required). We call the logic app `UploadIndexVideosApp`.
+1. Create the [Logic App](https://portal.azure.com/#create/Microsoft.LogicApp). We create a Logic App in the same region as the Azure Video  Indexer region (recommended but not required). We call the logic app `UploadIndexVideosApp`.
 
     1. Select **Consumption** for **Plan type**.
     1. Press **Review + Create** -> **Create**.

articles/container-registry/tutorial-enable-customer-managed-keys.md

@@ -13,7 +13,7 @@ This article is part two in a four-part tutorial series. [Part one](tutorial-cus
 ## Prerequisites
 
 * [Install the Azure CLI][azure-cli] or prepare to use [Azure Cloud Shell](../cloud-shell/quickstart.md).
-* Sign in to the [Azure portal](https://ms.portal.azure.com/). 
+* Sign in to the [Azure portal](https://portal.azure.com/). 
 
 ## Enable a customer-managed key by using the Azure CLI