Merge branch 'MicrosoftDocs:main' into main

Author: ChaseCrum

articles/azure-monitor/app/availability-azure-functions.md

@@ -13,12 +13,12 @@ This article explains how to review [TrackAvailability()](/dotnet/api/microsoft.
 
 > [!div class="checklist"]
 > - [Workspace-based Application Insights resource](create-workspace-resource.md)
-> - Access to the source code of a [function app](../../azure-functions/functions-how-to-use-azure-function-app-settings.md) in Azure Functions.
-> - Developer expertise capable of authoring custom code for [TrackAvailability()](/dotnet/api/microsoft.applicationinsights.telemetryclient.trackavailability), tailored to your specific business needs
+> - Access to the source code of a [function app](../../azure-functions/functions-how-to-use-azure-function-app-settings.md) in Azure Functions
+> - Developer expertise capable of authoring [custom code](#basic-code-sample) for [TrackAvailability()](/dotnet/api/microsoft.applicationinsights.telemetryclient.trackavailability), tailored to your specific business needs
 
 > [!NOTE]
-> - TrackAvailability() requires that you have made a developer investment in custom code.
-> - [Standard tests](availability-standard-tests.md) should always be used if possible as they require little investment and have few prerequisites.
+> - [TrackAvailability()](/dotnet/api/microsoft.applicationinsights.telemetryclient.trackavailability) requires that you make a developer investment in custom code.
+> - [Standard tests](availability-standard-tests.md) **should always be used if possible** as they require little investment, no maintenance, and have few prerequisites.
 
 ## Check availability
 
@@ -43,6 +43,25 @@ You can use Log Analytics to view your availability results, dependencies, and m
 
 :::image type="content" source="media/availability-azure-functions/dependencies.png" alt-text="Screenshot that shows the New Query tab with dependencies limited to 50." lightbox="media/availability-azure-functions/dependencies.png":::
 
+## Basic code sample
+
+The following example demonstrates a web availability test that requires a simple URL ping using the `getStringAsync()` method.
+
+```csharp
+using System.Net.Http;
+
+public async static Task RunAvailabilityTestAsync(ILogger log)
+{
+    using (var httpClient = new HttpClient())
+    {
+        // TODO: Replace with your business logic
+        await httpClient.GetStringAsync("https://www.bing.com/");
+    }
+}
+```
+
+For advanced scenarios where the business logic must be adjusted to access the URL, such as obtaining tokens, setting parameters, and other test cases, custom code is necessary.
+
 ## Next steps
 
 * [Standard tests](availability-standard-tests.md)

articles/key-vault/general/best-practices.md

@@ -30,10 +30,10 @@ Encryption keys and secrets like certificates, connection strings, and passwords
 
 Recommendations for controlling access to your vault are as follows:
 - Lock down access to your subscription, resource group, and key vaults using role-based access control (RBAC).
-- Assign RBAC roles at Key Vault scope for applications, services, and workloads requiring persistent access to Key Vault
-- Assign just-in-time eligible RBAC roles for operators, administrators and other user accounts requiring privileged access to Key Vault using [Privileged Identity Management (PIM)](../../active-directory/privileged-identity-management/pim-configure.md) 
-  - Require at least one approver
-  - Enforce multi-factor authentication
+  - Assign RBAC roles at Key Vault scope for applications, services, and workloads requiring persistent access to Key Vault
+  - Assign just-in-time eligible RBAC roles for operators, administrators and other user accounts requiring privileged access to Key Vault using [Privileged Identity Management (PIM)](../../active-directory/privileged-identity-management/pim-configure.md) 
+    - Require at least one approver
+    - Enforce multi-factor authentication
 - Restrict network access with [Private Link](private-link-service.md), [firewall and virtual networks](network-security.md)
 
 ## Turn on data protection for your vault

articles/logic-apps/logic-apps-using-sap-connector.md

@@ -127,13 +127,6 @@ Along with simple string and number inputs, the SAP connector accepts the follow
   1. In the action named **\[BAPI] Call method in SAP**, disable the auto-commit feature.
   1. Call the action named **\[BAPI] Commit transaction** instead.
 
-### SAP built-in connector
-
-The SAP built-in connector trigger named **Register SAP RFC server for trigger** is available in the Azure portal, but the trigger currently can't receive calls from SAP when deployed in Azure. To fire the trigger, you can run the workflow locally in Visual Studio Code. For Visual Studio Code setup requirements and more information, see [Create a Standard logic app workflow in single-tenant Azure Logic Apps using Visual Studio Code](create-single-tenant-workflows-visual-studio-code.md). You must also set up the following environment variables on the computer where you install Visual Studio Code:
- 
- - **WEBSITE_PRIVATE_IP**: Set this environment variable value to **127.0.0.1** as the localhost address. 
- - **WEBSITE_PRIVATE_PORTS**: Set this environment variable value to two free and usable ports on your local computer, separating the values with a comma (**,**), for example, **8080,8088**.
-
 ## Prerequisites
 
 * An Azure account and subscription. If you don't have an Azure subscription yet, [sign up for a free Azure account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
@@ -206,6 +199,11 @@ The SAP built-in connector trigger named **Register SAP RFC server for trigger**
   > In Standard workflows, the SAP built-in trigger named **Register SAP RFC server for trigger** uses the Azure 
   > Functions trigger instead, and shows only the actual callbacks from SAP.
 
+  * For the SAP built-in connector trigger named **Register SAP RFC server for trigger**, you have to enable virtual network integration and private ports by following the article at [Enabling Service Bus and SAP built-in connectors for stateful Logic Apps in Standard](https://techcommunity.microsoft.com/t5/integrations-on-azure-blog/enabling-service-bus-and-sap-built-in-connectors-for-stateful/ba-p/3820381). You can also run the workflow in Visual Studio Code to fire the trigger locally. For Visual Studio Code setup requirements and more information, see [Create a Standard logic app workflow in single-tenant Azure Logic Apps using Visual Studio Code](create-single-tenant-workflows-visual-studio-code.md). You must also set up the following environment variables on the computer where you install Visual Studio Code:
+ 
+   - **WEBSITE_PRIVATE_IP**: Set this environment variable value to **127.0.0.1** as the localhost address. 
+   - **WEBSITE_PRIVATE_PORTS**: Set this environment variable value to two free and usable ports on your local computer, separating the values with a comma (**,**), for example, **8080,8088**.
+
 * The message content to send to your SAP server, such as a sample IDoc file. This content must be in XML format and include the namespace of the [SAP action](/connectors/sap/#actions) that you want to use. You can [send IDocs with a flat file schema by wrapping them in an XML envelope](sap-create-example-scenario-workflows.md#send-flat-file-idocs).
 
 <a name="network-prerequisites"></a>
@@ -536,7 +534,7 @@ For a Consumption workflow in multi-tenant Azure Logic Apps, the SAP managed con
 
 <a name="single-tenant-prerequisites"></a>
 
-For a Standard workflow in single-tenant Azure Logic Apps, use the SAP *built-in* connector to directly access resources that are protected by an Azure virtual network. You can also use other built-in connectors that let workflows directly access on-premises resources without having to use the on-premises data gateway.
+For a Standard workflow in single-tenant Azure Logic Apps, use the SAP *built-in* connector to directly access resources that are protected by an Azure virtual network. You can also use other built-in connectors that let workflows directly access on-premises resources without having to use the on-premises data gateway. For additional requirements regarding the SAP built-in connector trigger named **Register SAP RFC server for trigger**, see [Prerequisites](#prerequisites).
 
 1. To use the SAP connector, you need to download the following files and have them read to upload to your Standard logic app resource. For more information, see [SAP NCo client library prerequisites](#sap-client-library-prerequisites):
 
@@ -590,13 +588,6 @@ For a Standard workflow in single-tenant Azure Logic Apps, use the SAP *built-in
 
    1. In the **net472** folder, upload the assembly files larger than 4 MB.
 
-#### SAP trigger requirements
-
-The SAP built-in connector trigger named **Register SAP RFC server for trigger** is available in the Azure portal, but the trigger currently can't receive calls from SAP when deployed in Azure. To fire the trigger, you can run the workflow locally in Visual Studio Code. For Visual Studio Code setup requirements and more information, see [Create a Standard logic app workflow in single-tenant Azure Logic Apps using Visual Studio Code](create-single-tenant-workflows-visual-studio-code.md). You must also set up the following environment variables on the computer where you install Visual Studio Code:
- 
- - **WEBSITE_PRIVATE_IP**: Set this environment variable value to **127.0.0.1** as the localhost address. 
- - **WEBSITE_PRIVATE_PORTS**: Set this environment variable value to two free and usable ports on your local computer, separating the values with a comma (**,**), for example, **8080,8088**.
-
 ### [ISE](#tab/ise)
 
 <a name="ise-prerequisites"></a>

articles/role-based-access-control/built-in-roles.md

@@ -29,6 +29,7 @@ The following table provides a brief description of each built-in role. Click th
 > | [Contributor](#contributor) | Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries. | b24988ac-6180-42a0-ab88-20f7382dd24c |
 > | [Owner](#owner) | Grants full access to manage all resources, including the ability to assign roles in Azure RBAC. | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 |
 > | [Reader](#reader) | View all resources, but does not allow you to make any changes. | acdd72a7-3385-48ef-bd42-f606fba81ae7 |
+> | [Role Based Access Control Administrator (Preview)](#role-based-access-control-administrator-preview) | Manage access to Azure resources by assigning roles using Azure RBAC. This role does not allow you to manage access using other ways, such as Azure Policy. | f58310d9-a9f6-439a-9e8d-f62e7b41a168 |
 > | [User Access Administrator](#user-access-administrator) | Lets you manage user access to Azure resources. | 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 |
 > | **Compute** |  |  |
 > | [Classic Virtual Machine Contributor](#classic-virtual-machine-contributor) | Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to. | d73bb868-a0df-4d4d-bd69-98a00b01fccb |
@@ -461,6 +462,50 @@ View all resources, but does not allow you to make any changes. [Learn more](rba
   "type": "Microsoft.Authorization/roleDefinitions"
 }
 ```
+### Role Based Access Control Administrator (Preview)
+
+Manage access to Azure resources by assigning roles using Azure RBAC. This role does not allow you to manage access using other ways, such as Azure Policy.
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | --- | --- |
+> | [Microsoft.Authorization](resource-provider-operations.md#microsoftauthorization)/roleAssignments/write | Create a role assignment at the specified scope. |
+> | [Microsoft.Authorization](resource-provider-operations.md#microsoftauthorization)/roleAssignments/delete | Delete a role assignment at the specified scope. |
+> | */read | Read resources of all types, except secrets. |
+> | [Microsoft.Support](resource-provider-operations.md#microsoftsupport)/* | Create and update a support ticket |
+> | **NotActions** |  |
+> | *none* |  |
+> | **DataActions** |  |
+> | *none* |  |
+> | **NotDataActions** |  |
+> | *none* |  |
+
+```json
+{
+  "assignableScopes": [
+    "/"
+  ],
+  "description": "Manage access to Azure resources by assigning roles using Azure RBAC. This role does not allow you to manage access using other ways, such as Azure Policy.",
+  "id": "/providers/Microsoft.Authorization/roleDefinitions/f58310d9-a9f6-439a-9e8d-f62e7b41a168",
+  "name": "f58310d9-a9f6-439a-9e8d-f62e7b41a168",
+  "permissions": [
+    {
+      "actions": [
+        "Microsoft.Authorization/roleAssignments/write",
+        "Microsoft.Authorization/roleAssignments/delete",
+        "*/read",
+        "Microsoft.Support/*"
+      ],
+      "notActions": [],
+      "dataActions": [],
+      "notDataActions": []
+    }
+  ],
+  "roleName": "Role Based Access Control Administrator (Preview)",
+  "roleType": "BuiltInRole",
+  "type": "Microsoft.Authorization/roleDefinitions"
+}
+```
 
 ### User Access Administrator
 

articles/spring-apps/quickstart-configure-single-sign-on-enterprise.md

@@ -182,7 +182,7 @@ To complete the single sign-on experience, use the following steps to deploy the
        --name identity-routes \
        --service <Azure-Spring-Apps-service-instance-name> \
        --app-name identity-service \
-       --routes-file azure/routes/identity-service.json
+       --routes-file azure-spring-apps-enterprise/resources/json/routes/identity-service.json
    ```
 
 ## Configure single sign-on for Spring Cloud Gateway

articles/spring-apps/quickstart-deploy-apps-enterprise.md

@@ -240,7 +240,7 @@ Use the following steps to deploy and build applications. For these steps, make
        --resource-group <resource-group-name> \
        --name quickstart-builder \
        --service <Azure-Spring-Apps-service-instance-name> \
-       --builder-file azure/builder.json
+       --builder-file azure-spring-apps-enterprise/resources/json/tbs/builder.json
    ```
 
 1. Use the following command to build and deploy the payment service:
@@ -343,7 +343,7 @@ Use the following steps to configure Spring Cloud Gateway and configure routes t
        --name cart-routes \
        --service <Azure-Spring-Apps-service-instance-name> \
        --app-name cart-service \
-       --routes-file azure/routes/cart-service.json
+       --routes-file azure-spring-apps-enterprise/resources/json/routes/cart-service.json
    ```
 
 1. Use the following command to create routes for the order service:
@@ -354,7 +354,7 @@ Use the following steps to configure Spring Cloud Gateway and configure routes t
        --name order-routes \
        --service <Azure-Spring-Apps-service-instance-name> \
        --app-name order-service \
-       --routes-file azure/routes/order-service.json
+       --routes-file azure-spring-apps-enterprise/resources/json/routes/order-service.json
    ```
 
 1. Use the following command to create routes for the catalog service:
@@ -365,7 +365,7 @@ Use the following steps to configure Spring Cloud Gateway and configure routes t
        --name catalog-routes \
        --service <Azure-Spring-Apps-service-instance-name> \
        --app-name catalog-service \
-       --routes-file azure/routes/catalog-service.json
+       --routes-file azure-spring-apps-enterprise/resources/json/routes/catalog-service.json
    ```
 
 1. Use the following command to create routes for the frontend:
@@ -376,7 +376,7 @@ Use the following steps to configure Spring Cloud Gateway and configure routes t
        --name frontend-routes \
        --service <Azure-Spring-Apps-service-instance-name> \
        --app-name frontend \
-       --routes-file azure/routes/frontend.json
+       --routes-file azure-spring-apps-enterprise/resources/json/routes/frontend.json
    ```
 
 1. Use the following commands to retrieve the URL for Spring Cloud Gateway:

articles/spring-apps/quickstart-integrate-azure-database-and-redis-enterprise.md

@@ -110,13 +110,13 @@ The following instructions describe how to provision an Azure Cache for Redis an
 
 [!INCLUDE [About Azure Resource Manager](../../includes/resource-manager-quickstart-introduction.md)]
 
-You can find the template used in this quickstart in the [fitness store sample GitHub repository](https://github.com/Azure-Samples/acme-fitness-store/blob/Azure/azure/templates/azuredeploy.json).
+You can find the template used in this quickstart in the [fitness store sample GitHub repository](https://github.com/Azure-Samples/acme-fitness-store/blob/Azure/azure-spring-apps-enterprise/resources/json/deploy/azuredeploy.json).
 
 To deploy this template, follow these steps:
 
 1. Select the following image to sign in to Azure and open a template. The template creates an Azure Cache for Redis and an Azure Database for PostgreSQL Flexible Server.
 
-   :::image type="content" source="../media/template-deployments/deploy-to-azure.svg" alt-text="Button to deploy the ARM template to Azure." border="false" link="https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure-Samples%2Facme-fitness-store%2FAzure%2Fazure%2Ftemplates%2Fazuredeploy.json":::
+   :::image type="content" source="../media/template-deployments/deploy-to-azure.svg" alt-text="Button to deploy the ARM template to Azure." border="false" link="https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure-Samples%2Facme-fitness-store%2FAzure%2Fazure-spring-apps-enterprise%2Fresources%2Fjson%2Fdeploy%2Fazuredeploy.json":::
 
 1. Enter values for the following fields:
 

articles/spring-apps/quickstart-set-request-rate-limits-enterprise.md

@@ -82,7 +82,7 @@ az spring gateway route-config update \
     --service <Azure-Spring-Apps-service-instance-name> \
     --name catalog-routes \
     --app-name catalog-service \
-    --routes-file azure/routes/catalog-service_rate-limit.json
+    --routes-file azure-spring-apps-enterprise/resources/json/routes/catalog-service_rate-limit.json
 ```
 
 Use the following commands to retrieve the URL for the `/products` route in Spring Cloud Gateway: