Merge pull request #207229 from MicrosoftDocs/main

Merge main to live, 4 AM

Author: ttorble

articles/active-directory/develop/workload-identity-federation-create-trust-gcp.md

@@ -9,14 +9,14 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: how-to
 ms.workload: identity
-ms.date: 07/18/2022
+ms.date: 08/07/2022
 ms.author: ryanwi
 ms.custom: aaddev
 ms.reviewer: udayh
 #Customer intent: As an application developer, I want to create a trust relationship with a Google Cloud identity so my service in Google Cloud can access Azure AD protected resources without managing secrets.
 ---
 
-# Access Azure AD protected resources from an app in Google Cloud (preview)
+# Access Azure AD protected resources from an app in Google Cloud
 
 Software workloads running in Google Cloud need an Azure Active Directory (Azure AD) application to authenticate and access Azure AD protected resources. A common practice is to configure that application with credentials (a secret or certificate). The credentials are used by a Google Cloud workload to request an access token from Microsoft identity platform. These credentials pose a security risk and have to be stored securely and rotated regularly. You also run the risk of service downtime if the credentials expire.
 

articles/api-management/self-hosted-gateway-migration-guide.md

@@ -103,6 +103,15 @@ securityContext:
 > [!WARNING]
 > Running the self-hosted gateway with read-only filesystem (`readOnlyRootFilesystem: true`) is not supported.
 
+## Assessing impact with Azure Advisor
+
+In order to make the migration easier, we have introduced new Azure Advisor recommendations:
+
+- **Use self-hosted gateway v2** recommendation - Identifies Azure API Management instances where the usage of self-hosted gateway v0.x or v1.x was identified.
+- **Use Configuration API v2 for self-hosted gateways** recommendation - Identifies Azure API Management instances where the usage of Configuration API v1 for self-hosted gateway was identified.
+
+We highly recommend customers to use ["All Recommendations" overview in Azure Advisor](https://portal.azure.com/#view/Microsoft_Azure_Expert/AdvisorMenuBlade/~/All) to determine if a migration is required. Use the filtering options to see if one of the above recommendations is present.
+
 ## Known limitations
 
 Here's a list of known limitations for the self-hosted gateway v2:

articles/api-management/self-hosted-gateway-overview.md

@@ -214,6 +214,7 @@ As of v2.1.1 and above, you can manage the ciphers that are being used through t
 
 ## Next steps
 
+-   Learn more about the various gateways in our [API gateway overview](api-management-gateways-overview.md)
 -   Learn more about [API Management in a Hybrid and Multi-Cloud World](https://aka.ms/hybrid-and-multi-cloud-api-management)
 -   Learn more about guidance for [running the self-hosted gateway on Kubernetes in production](how-to-self-hosted-gateway-on-kubernetes-in-production.md)
 -   [Deploy self-hosted gateway to Docker](how-to-deploy-self-hosted-gateway-docker.md)

articles/azure-monitor/agents/agents-overview.md

@@ -41,16 +41,16 @@ Azure Monitor Agent uses [data collection rules](../essentials/data-collection-r
     |:---|:---|:---|
     | Virtual machines, scale sets | [Virtual machine extension](./azure-monitor-agent-manage.md#virtual-machine-extension-details) | Installs the agent by using Azure extension framework. |
     | On-premises servers (Azure Arc-enabled servers) | [Virtual machine extension](./azure-monitor-agent-manage.md#virtual-machine-extension-details) (after installing the [Azure Arc agent](../../azure-arc/servers/deployment-options.md)) | Installs the agent by using Azure extension framework, provided for on-premises by first installing [Azure Arc agent](../../azure-arc/servers/deployment-options.md). |
-    | Windows 10, 11 desktops, workstations | [Client installer (preview)](./azure-monitor-agent-windows-client.md) | Installs the agent by using a Windows MSI installer. |
-    | Windows 10, 11 laptops | [Client installer (preview)](./azure-monitor-agent-windows-client.md) | Installs the agent by using a Windows MSI installer. The installer works on laptops, but the agent *isn't optimized yet* for battery or network consumption. |
+    | Windows 10, 11 desktops, workstations | [Client installer (Public preview)](./azure-monitor-agent-windows-client.md) | Installs the agent by using a Windows MSI installer. |
+    | Windows 10, 11 laptops | [Client installer (Public preview)](./azure-monitor-agent-windows-client.md) | Installs the agent by using a Windows MSI installer. The installer works on laptops, but the agent *isn't optimized yet* for battery or network consumption. |
 
 1. Define a data collection rule and associate the resource to the rule.
 
     The table below lists the types of data you can currently collect with the Azure Monitor Agent and where you can send that data.
 
     | Data source | Destinations | Description |
     |:---|:---|:---|
-    | Performance        | Azure Monitor Metrics (preview)<sup>1</sup> - Insights.virtualmachine namespace<br>Log Analytics workspace - [Perf](/azure/azure-monitor/reference/tables/perf) table | Numerical values measuring performance of different aspects of operating system and workloads |
+    | Performance        | Azure Monitor Metrics (Public preview)<sup>1</sup> - Insights.virtualmachine namespace<br>Log Analytics workspace - [Perf](/azure/azure-monitor/reference/tables/perf) table | Numerical values measuring performance of different aspects of operating system and workloads |
     | Windows event logs | Log Analytics workspace - [Event](/azure/azure-monitor/reference/tables/Event) table | Information sent to the Windows event logging system |
     | Syslog             | Log Analytics workspace - [Syslog](/azure/azure-monitor/reference/tables/syslog)<sup>2</sup> table | Information sent to the Linux event logging system |
     | Text logs | Log Analytics workspace - custom table | Events sent to log file on agent machine |
@@ -64,7 +64,7 @@ Azure Monitor Agent currently supports these Azure Monitor features:
 
 |	Azure Monitor feature	|	Current support	|	Other extensions installed	|	More information	|
 |	:---	|	:---	|	:---	|	:---	|
-|	Text logs and Windows IIS logs	|	Public preview	|	None	|	[Collect text logs with Azure Monitor Agent (preview)](data-collection-text-log.md)	|
+|	Text logs and Windows IIS logs	|	Public preview	|	None	|	[Collect text logs with Azure Monitor Agent (Public preview)](data-collection-text-log.md)	|
 |	Windows client installer	|	Public preview	|	None	|	[Set up Azure Monitor Agent on Windows client devices](azure-monitor-agent-windows-client.md)	|
 |	[VM insights](../vm/vminsights-overview.md)	|	Preview 	|	Dependency Agent extension, if you’re using the Map Services feature	|	[Sign-up link](https://aka.ms/amadcr-privatepreviews)	|
 
@@ -75,7 +75,7 @@ Azure Monitor Agent currently supports these Azure services:
 | [Microsoft Defender for Cloud](../../security-center/security-center-introduction.md)	| Preview	|	<ul><li>Azure Security Agent extension</li><li>SQL Advanced Threat Protection extension</li><li>SQL Vulnerability Assessment extension</li></ul> | [Sign-up link](https://aka.ms/AMAgent)	|
 | [Microsoft Sentinel](../../sentinel/overview.md)	| <ul><li>Windows DNS logs: Preview</li><li>Linux Syslog CEF: Preview</li><li>Windows Forwarding Event (WEF): [Public preview](../../sentinel/data-connectors-reference.md#windows-forwarded-events-preview)</li><li>Windows Security Events: [Generally available](../../sentinel/connect-windows-security-events.md?tabs=AMA)</li></ul> |	Sentinel DNS extension, if you’re collecting DNS logs. For all other data types, you just need the Azure Monitor Agent extension. | <ul><li>[Sign-up link for Windows DNS logs](https://aka.ms/AMAgent)</li><li>[Sign-up link for Linux Syslog CEF](https://aka.ms/AMAgent)</li><li>No sign-up needed for Windows Forwarding Event (WEF) and Windows Security Events</li></ul> |
 |	 [Change Tracking](../../automation/change-tracking/overview.md) (part of Defender)	|	 Supported as File Integrity Monitoring in the Microsoft Defender for Cloud: Preview. 	|	Change Tracking extension	|	[Sign-up link](https://aka.ms/AMAgent)	|
-|	 [Update Management](../../automation/update-management/overview.md) (available without Azure Monitor Agent)	|	 Use Update Management v2 - Public preview	|	None	|	[Update management center (preview) documentation](/azure/update-center/)	|
+|	 [Update Management](../../automation/update-management/overview.md) (available without Azure Monitor Agent)	|	 Use Update Management v2 - Public preview	|	None	|	[Update management center (Public preview) documentation](/azure/update-center/)	|
 |	[Network Watcher](../../network-watcher/network-watcher-monitoring-overview.md)	|	Connection Monitor: Preview	|	Azure NetworkWatcher extension	|	[Sign-up link](https://aka.ms/amadcr-privatepreviews)	|
 
 ## Supported regions
@@ -109,7 +109,7 @@ If the machine connects through a proxy server to communicate over the internet,
 The Azure Monitor Agent extensions for Windows and Linux can communicate either through a proxy server or a [Log Analytics gateway](./gateway.md) to Azure Monitor by using the HTTPS protocol. Use it for Azure virtual machines, Azure virtual machine scale sets, and Azure Arc for servers. Use the extensions settings for configuration as described in the following steps. Both anonymous and basic authentication by using a username and password are supported.
 
 > [!IMPORTANT]
-> Proxy configuration is not supported for [Azure Monitor Metrics (preview)](../essentials/metrics-custom-overview.md) as a destination. If you're sending metrics to this destination, it will use the public internet without any proxy.
+> Proxy configuration is not supported for [Azure Monitor Metrics (Public preview)](../essentials/metrics-custom-overview.md) as a destination. If you're sending metrics to this destination, it will use the public internet without any proxy.
 
 1. Use this flowchart to determine the values of the *`Settings` and `ProtectedSettings` parameters first.
 
@@ -184,12 +184,12 @@ The tables below provide a comparison of Azure Monitor Agent with the legacy the
 |		|	Azure	|	X	|	X	|	X	|
 |		|	Other cloud (Azure Arc)	|	X	|	X	|		|
 |		|	On-premises (Azure Arc)	|	X	|	X	|		|
-|		|	Windows Client OS	|	X (Preview)	|		|		|
+|		|	Windows Client OS	|	X (Public preview)	|		|		|
 |	**Data collected**	|		|		|		|		|
 |		|	Event Logs	|	X	|	X	|	X	|
 |		|	Performance	|	X	|	X	|	X	|
-|		|	File based logs	|	X (Preview)	|	X	|	X	|
-|		|	IIS logs	|	X (Preview)	|	X	|	X	|
+|		|	File based logs	|	X (Public preview)	|	X	|	X	|
+|		|	IIS logs	|	X (Public preview)	|	X	|	X	|
 |		|	ETW events	|		|		|	X	|
 |		|	.NET app logs	|		|		|	X	|
 |		|	Crash dumps	|		|		|	X	|
@@ -201,7 +201,7 @@ The tables below provide a comparison of Azure Monitor Agent with the legacy the
 |		|	Event Hub	|		|		|	X	|
 |	**Services and features supported**	|		|		|		|		|
 |		|	Microsoft Sentinel 	|	X ([View scope](#supported-services-and-features))	|	X	|		|
-|		|	VM Insights	|		|	X (Preview)	|		|
+|		|	VM Insights	|		|	X (Public preview)	|		|
 |		|	Azure Automation	|		|	X	|		|
 |		|	Microsoft Defender for Cloud	|		|	X	|		|
 
@@ -216,16 +216,16 @@ The tables below provide a comparison of Azure Monitor Agent with the legacy the
 |	**Data collected**	|		|		|		|		|		|
 |		|	Syslog	|	X	|	X	|	X	|		|
 |		|	Performance	|	X	|	X	|	X	|	X	|
-|		|	File based logs	|	X (Preview)	|		|		|		|
+|		|	File based logs	|	X (Public preview)	|		|		|		|
 |	**Data sent to**	|		|		|		|		|		|
 |		|	Azure Monitor Logs	|	X	|	X	|		|		|
 |		|	Azure Monitor Metrics<sup>1</sup>	|	X	|		|		|	X	|
 |		|	Azure Storage	|		|		|	X	|		|
 |		|	Event Hub	|		|		|	X	|		|
 |	**Services and features supported**	|		|		|		|		|		|
 |		|	Microsoft Sentinel 	|	X ([View scope](#supported-services-and-features))	|	X	|		|		|
-|		|	VM Insights	|	X (Preview)	|	X	|		|		|
-|		|	Container Insights	|	X (Preview)	|	X	|		|		|
+|		|	VM Insights	|	X (Public preview)	|	X	|		|		|
+|		|	Container Insights	|	X (Public preview)	|	X	|		|		|
 |		|	Azure Automation	|		|	X	|		|		|
 |		|	Microsoft Defender for Cloud	|		|	X	|		|		|
 
@@ -258,7 +258,7 @@ The following tables list the operating systems that Azure Monitor Agent and the
 | Azure Stack HCI                                          |   | X |   |
 
 <sup>1</sup> Running the OS on server hardware, for example, machines that are always connected, always turned on, and not running other workloads (PC, office, browser)<br>
-<sup>2</sup> Using the Azure Monitor agent [client installer (preview)](./azure-monitor-agent-windows-client.md)
+<sup>2</sup> Using the Azure Monitor agent [client installer (Public preview)](./azure-monitor-agent-windows-client.md)
 
 #### Linux
 

articles/azure-video-indexer/accounts-overview.md

@@ -16,12 +16,13 @@ Classic and ARM (Azure Resource Manager) are both paid accounts with similar dat
 Going forward, ARM account support more Azure native features and integrations such as: Azure Monitor, Private endpoints, Service tag and CMK (Customer managed key).  
 **The recommended paid account type is the ARM-based account**  
 
+### To generate an access token
+
 |   | ARM-based |Classic| Trial|
 |---|---|---|---|
 |Get access token | [ARM REST API](https://aka.ms/avam-arm-api) |[Get access token](https://api-portal.videoindexer.ai/api-details#api=Operations&operation=Get-Account-Access-Token)|Same as classic
 |Share account| [Azure RBAC(role based access control)](../role-based-access-control/overview.md)| [Invite users](invite-users.md) |Same as classic
 
-
 A trial Azure Video Indexer account has limitation on number of videos, support, and SLA. 
 
 ### Indexing

articles/cognitive-services/Speech-Service/includes/release-notes/release-notes-tts.md

@@ -5,6 +5,36 @@ ms.topic: include
 ms.date: 01/24/2022
 ms.author: eur
 ---
+### 2022-July release
+
+#### Prebuilt Neural TTS Voice
+
+* Added 5 new voices of `zh-CN` Chinese (Mandarin, Simplified) and 1 new voice of `en-US` English (United States) in Public Preview. See [full language and voice list](../../language-support.md#prebuilt-neural-voices).
+
+| Language | Locale  | Gender | Voice name| Style support|
+|---|---|---|---|---|
+| Chinese (Mandarin, Simplified) | `zh-CN` | Female | `zh-CN-XiaomengNeural` <sup>New</sup> | General, multiple styles available [using SSML](../../speech-synthesis-markup.md#adjust-speaking-styles)  |
+| Chinese (Mandarin, Simplified) | `zh-CN` | Female | `zh-CN-XiaoyiNeural` <sup>New</sup> | General, multiple styles available [using SSML](../../speech-synthesis-markup.md#adjust-speaking-styles)  |
+| Chinese (Mandarin, Simplified) | `zh-CN` | Female | `zh-CN-XiaozhenNeural` <sup>New</sup> | General, multiple styles available [using SSML](../../speech-synthesis-markup.md#adjust-speaking-styles)  |
+| Chinese (Mandarin, Simplified) | `zh-CN` | Male | `zh-CN-YunxiaNeural` <sup>New</sup> | General, multiple styles available [using SSML](../../speech-synthesis-markup.md#adjust-speaking-styles)  |
+| Chinese (Mandarin, Simplified) | `zh-CN` | Male | `zh-CN-YunzeNeural` <sup>New</sup> | General, multiple styles available [using SSML](../../speech-synthesis-markup.md#adjust-speaking-styles)  |
+| English (United States) | `en-US` | Male | `en-US-RogerNeural` <sup>New</sup> | General|
+
+*  Supported styles and roles for the added neural voices.
+
+|Voice|Styles|Style degree|Roles|
+|-----|-----|-----|-----|
+|zh-CN-XiaomengNeural <sup>Public preview</sup>|`chat`|Supported||
+|zh-CN-XiaoyiNeural <sup>Public preview</sup>|`affectionate`, `angry`, `cheerful`, `disgruntled`, `embarrassed`, `fearful`, `gentle`, `sad`, `serious`|Supported||
+|zh-CN-XiaozhenNeural <sup>Public preview</sup>|`angry`, `cheerful`, `disgruntled`, `fearful`, `sad`, `serious`|Supported||
+|zh-CN-YunxiaNeural <sup>Public preview</sup>|`angry`, `calm`, `cheerful`, `fearful`, `sad`|Supported||
+|zh-CN-YunzeNeural <sup>Public preview</sup>|`angry`, `calm`, `cheerful`, `depressed`, `disgruntled`, `documentary-narration`, `fearful`, `sad`, `serious`|Supported|Supported|
+
+#### Get facial position with viseme
+
+* Added support for blend shapes to drive the facial movements of a 3D character that you designed. Learn more at [how to get facial position with viseme](../../how-to-speech-synthesis-viseme.md).
+* SSML updated to support viseme element. See [speech synthesis markup](../../speech-synthesis-markup.md#viseme-element).
+
 ### 2022-June release
 
 #### Prebuilt Neural TTS Voice

articles/cognitive-services/Speech-Service/releasenotes.md

@@ -21,7 +21,7 @@ See below for information about changes to Speech services and resources.
 
 * Speech SDK 1.23.0 and Speech CLI 1.23.0 were released in July 2022. See details below.
 * Custom speech-to-text container v3.1.0 released in March 2022, with support to get display models.
-* TTS Service March 2022, public preview of Cheerful and Sad styles with fr-FR-DeniseNeural.
+* TTS Service July 2022, new voices in Public Preview and new viseme feature blend shapes were released. See details below.
 
 ## Release notes
 

articles/container-apps/managed-identity.md

@@ -125,7 +125,7 @@ First, you'll need to create a user-assigned identity resource.
 
     Note the `id` property of the new identity.
 
-1. Run the `az containerapps identity assign` command to assign the identity to the app. The identities parameter is a space separated list.
+1. Run the `az containerapp identity assign` command to assign the identity to the app. The identities parameter is a space separated list.
 
     ```azurecli
     az containerapp identity assign --resource-group <GROUP_NAME> --name <APP_NAME> \
@@ -289,7 +289,7 @@ For more information on the REST endpoint, see [REST endpoint reference](#rest-e
 You can show the system-assigned and user-assigned managed identities using the following Azure CLI command.  The output will show the managed identity type, tenant IDs and principal IDs of all managed identities assigned to your container app.
 
 ```azurecli
-az containerapps identity show --name <APP_NAME> --resource-group <GROUP_NAME>
+az containerapp identity show --name <APP_NAME> --resource-group <GROUP_NAME>
 ```
 
 ## Remove a managed identity

articles/data-factory/connector-azure-blob-storage.md

@@ -87,7 +87,7 @@ This Blob storage connector supports the following authentication types. See the
 - [User-assigned managed identity authentication](#user-assigned-managed-identity-authentication)
 
 >[!NOTE]
->- If want to use the public Azure integration runtime to connect to your Blob storage by leveraging the **Allow trusted Microsoft services to access this storage account** option enabled on Azure Storage firewall, you must use [managed identity authentication](#managed-identity).
+>- If want to use the public Azure integration runtime to connect to your Blob storage by leveraging the **Allow trusted Microsoft services to access this storage account** option enabled on Azure Storage firewall, you must use [managed identity authentication](#managed-identity). For more information about the Azure Storage firewalls settings, see [Configure Azure Storage firewalls and virtual networks](../storage/common/storage-network-security.md).
 >- When you use PolyBase or COPY statement to load data into Azure Synapse Analytics, if your source or staging Blob storage is configured with an Azure Virtual Network endpoint, you must use managed identity authentication as required by Azure Synapse. See the [Managed identity authentication](#managed-identity) section for more configuration prerequisites.
 
 >[!NOTE]

articles/data-factory/connector-azure-data-lake-storage.md

@@ -86,7 +86,7 @@ The Azure Data Lake Storage Gen2 connector supports the following authentication
 - [User-assigned managed identity authentication](#user-assigned-managed-identity-authentication)
 
 >[!NOTE]
->- If want to use the public Azure integration runtime to connect to the Data Lake Storage Gen2 by leveraging the **Allow trusted Microsoft services to access this storage account** option enabled on Azure Storage firewall, you must use [managed identity authentication](#managed-identity).
+>- If want to use the public Azure integration runtime to connect to the Data Lake Storage Gen2 by leveraging the **Allow trusted Microsoft services to access this storage account** option enabled on Azure Storage firewall, you must use [managed identity authentication](#managed-identity). For more information about the Azure Storage firewalls settings, see [Configure Azure Storage firewalls and virtual networks](../storage/common/storage-network-security.md).
 >- When you use PolyBase or COPY statement to load data into Azure Synapse Analytics, if your source or staging Data Lake Storage Gen2 is configured with an Azure Virtual Network endpoint, you must use managed identity authentication as required by Azure Synapse. See the [managed identity authentication](#managed-identity) section with more configuration prerequisites.
 
 ### Account key authentication