Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Banani-Rath

articles/azure-arc/data/upgrade-data-controller-direct-cli.md

@@ -1,5 +1,5 @@
 ---
-title: Upgrade direct mode Azure Arc data controller using the CLI
+title: Upgrade directly connected Azure Arc data controller using the CLI
 description: Article describes how to upgrade a directly connected Azure Arc data controller using the CLI
 services: azure-arc
 ms.service: azure-arc
@@ -11,13 +11,15 @@ ms.date: 12/10/2021
 ms.topic: how-to
 ---
 
-# Upgrade direct mode Azure Arc data controller using the CLI
+# Upgrade a directly connected Azure Arc data controller using the CLI
 
 This article describes how to upgrade a directly connected Azure Arc-enabled data controller using the Azure CLI (`az`).
 
+During a data controller upgrade, portions of the data control plane such as Custom Resource Definitions (CRDs) and containers may be upgraded. An upgrade of the data controller will not cause downtime for the data services (SQL Managed Instance or PostgreSQL Hyperscale server).
+
 ## Prerequisites
 
-You will need a direct mode data controller with the imageTag v1.0.0_2021-07-30 or later.
+You will need a directly connected data controller with the imageTag v1.0.0_2021-07-30 or later.
 
 To check the version, run:
 
@@ -52,15 +54,15 @@ v1.0.0_2021-07-30
 
 ## Upgrade data controller
 
-This section shows how to upgrade a data controller in direct mode.
+This section shows how to upgrade a directly connected data controller.
 
 > [!NOTE]
 > Some of the data services tiers and modes are generally available and some are in preview.
 > If you install GA and preview services on the same data controller, you can't upgrade in place.
 > To upgrade, delete all non-GA database instances. You can find the list of generally available 
 > and preview services in the [Release Notes](./release-notes.md).
 
-### Direct mode
+### Upgrade  
 
 You will need to connect and authenticate to a Kubernetes cluster and have an existing Kubernetes context selected prior to beginning the upgrade of the Azure Arc data controller.
 

articles/azure-arc/data/upgrade-data-controller-indirect-cli.md

@@ -1,6 +1,6 @@
 ---
-title: Upgrade indirect mode Azure Arc data controller using the CLI
-description: Upgrade indirect mode Azure Arc data controller using the CLI
+title: Upgrade indirectly connected Azure Arc data controller using the CLI
+description: Article describes how to upgrade an indirectly connected Azure Arc data controller using the CLI
 services: azure-arc
 ms.service: azure-arc
 ms.subservice: azure-arc-data
@@ -11,16 +11,15 @@ ms.date: 11/03/2021
 ms.topic: how-to
 ---
 
-# Upgrade indirect mode Azure Arc data controller using the CLI
+# Upgrade an indirectly connected Azure Arc data controller using the CLI
 
 This article describes how to upgrade an indirectly connected Azure Arc-enabled data controller using the Azure CLI (`az`).
 
-> [!IMPORTANT]
-> This article does not apply to a directly connected Azure Arc-enabled data controller. For the latest information about how to upgrade a directly connected data controller, see the [release notes](./release-notes.md#data-controller-upgrade).
+During a data controller upgrade, portions of the data control plane such as Custom Resource Definitions (CRDs) and containers may be upgraded. An upgrade of the data controller will not cause downtime for the data services (SQL Managed Instance or PostgreSQL Hyperscale server).
 
 ## Prerequisites
 
-You will need an indirect mode data controller with the imageTag v1.0.0_2021-07-30 or later.
+You will need an indirectly connected data controller with the imageTag v1.0.0_2021-07-30 or later.
 
 To check the version, run:
 
@@ -55,15 +54,15 @@ v1.0.0_2021-07-30
 
 ## Upgrade data controller
 
-This section shows how to upgrade a data controller in indirect mode.
+This section shows how to upgrade an indirectly connected data controller.
 
 > [!NOTE]
 > Some of the data services tiers and modes are generally available and some are in preview.
 > If you install GA and preview services on the same data controller, you can't upgrade in place.
 > To upgrade, delete all non-GA database instances. You can find the list of generally available 
 > and preview services in the [Release Notes](./release-notes.md).
 
-### Indirect mode
+### Upgrade
 
 You will need to connect and authenticate to a Kubernetes cluster and have an existing Kubernetes context selected prior to beginning the upgrade of the Azure Arc data controller.
 

articles/azure-arc/data/upgrade-data-controller-indirect-kubernetes-tools.md

@@ -1,6 +1,6 @@
 ---
-title: Upgrade indirect mode Azure Arc data controller using Kubernetes tools
-description: Article explains how to upgrade indirect mode Azure Arc data controller using Kubernetes tools
+title: Upgrade indirectly connected Azure Arc data controller using Kubernetes tools
+description: Article describes how to upgrade an indirectly connected Azure Arc data controller using Kubernetes tools
 services: azure-arc
 ms.service: azure-arc
 ms.subservice: azure-arc-data
@@ -11,7 +11,7 @@ ms.date: 12/09/2021
 ms.topic: how-to
 ---
 
-# Upgrade indirect mode Azure Arc data controller using Kubernetes tools
+# Upgrade an indirectly connected Azure Arc data controller using Kubernetes tools
 
 This article explains how to upgrade an indirectly connected Azure Arc-enabled data controller with Kubernetes tools.
 

articles/azure-arc/data/upgrade-sql-managed-instance-cli.md

@@ -1,6 +1,6 @@
 ---
-title: Upgrade an indirect mode Azure Arc-enabled Managed Instance using the CLI
-description: Upgrade an indirect mode Azure Arc-enabled Managed Instance using the CLI
+title: Upgrade an an indirectly connected Azure Arc-enabled Managed Instance using the CLI
+description: Article describes how to upgrade an indirectly connected Azure Arc-enabled Managed Instance using the CLI
 services: azure-arc
 ms.service: azure-arc
 ms.subservice: azure-arc-data
@@ -11,7 +11,9 @@ ms.date: 11/03/2021
 ms.topic: how-to
 ---
 
-# Upgrade an indirect mode Azure Arc-enabled Managed Instance using the CLI
+# Upgrade an indirectly connected Azure Arc-enabled Managed Instance using the CLI
+
+This article describes how to upgrade a SQL Managed Instance deployed on an indirectly connected Azure Arc-enabled data controller using the Azure CLI (`az`).
 
 ## Prerequisites
 
@@ -45,6 +47,8 @@ Preparing to upgrade sql sqlmi-1 in namespace arc to data controller version.
 
 ### General Purpose
 
+During a SQL Managed Instance General Purpose upgrade, the containers in the pod will be upgraded and will be reprovisioned. This will cause a short amount of downtime as the new pod is created. You will need to build resiliency into your application, such as connection retry logic, to ensure minimal disruption. Read [Overview of the reliability pillar](/azure/architecture/framework/resiliency/overview) for more information on architecting resiliency.
+
 To upgrade the Managed Instance, use the following command:
 
 ````cli

articles/azure-arc/data/upgrade-sql-managed-instance-direct-cli.md

@@ -1,6 +1,6 @@
 ---
-title: Upgrade a direct mode Azure Arc-enabled Managed Instance using the CLI
-description: Article describes how to upgrade a direct mode Azure Arc-enabled Managed Instance using the CLI
+title: Upgrade a directly connected Azure Arc-enabled Managed Instance using the CLI
+description: Article describes how to upgrade a directly connected Azure Arc-enabled Managed Instance using the CLI
 services: azure-arc
 ms.service: azure-arc
 ms.subservice: azure-arc-data
@@ -11,7 +11,7 @@ ms.date: 11/10/2021
 ms.topic: how-to
 ---
 
-# Upgrade a direct mode Azure Arc-enabled Managed Instance using the CLI
+# Upgrade a directly connected Azure Arc-enabled Managed Instance using the CLI
 
 This article describes how to upgrade a SQL Managed Instance deployed on a directly connected Azure Arc-enabled data controller using the Azure CLI (`az`).
 
@@ -47,6 +47,8 @@ Preparing to upgrade sql sqlmi-1 in namespace arc to data controller version.
 
 ### General Purpose
 
+During a SQL Managed Instance General Purpose upgrade, the containers in the pod will be upgraded and will be reprovisioned. This will cause a short amount of downtime as the new pod is created. You will need to build resiliency into your application, such as connection retry logic, to ensure minimal disruption. Read [Overview of the reliability pillar](/azure/architecture/framework/resiliency/overview) for more information on architecting resiliency.
+
 To upgrade the Managed Instance, use the following command:
 
 ````cli

articles/azure-arc/data/upgrade-sql-managed-instance-indirect-kubernetes-tools.md

@@ -1,6 +1,6 @@
 ---
-title: Upgrade indirect mode Azure Arc-enabled Managed Instance - Kubernetes
-description: Describes how to upgrade indirect mode Azure Arc-enabled Managed Instance using Kubernetes
+title: Upgrade an indirectly connected Azure Arc-enabled Managed Instance using Kubernetes tools
+description: Article describes how to upgrade an indirectly connected Azure Arc-enabled Managed Instance using Kubernetes tools
 services: azure-arc
 ms.service: azure-arc
 ms.subservice: azure-arc-data
@@ -11,10 +11,9 @@ ms.date: 11/08/2021
 ms.topic: how-to
 ---
 
-# Upgrade an indirect mode Azure Arc-enabled Managed Instance using Kubernetes tools
-
-This article describes how to upgrade a SQL Managed Instance deployed on a directly connected Azure Arc-enabled data controller using Kubernetes tools.
+# Upgrade an an indirectly connected Azure Arc-enabled Managed Instance using Kubernetes tools
 
+This article describes how to upgrade a SQL Managed Instance deployed on an indirectly connected Azure Arc-enabled data controller using Kubernetes tools.
 
 ## Prerequisites
 
@@ -25,7 +24,7 @@ Before you can proceed with the tasks in this article you need:
 - To connect and authenticate to a Kubernetes cluster
 - An existing Kubernetes context selected
 
-You need an indirect mode data controller with the `imageTag v1.0.0_2021-07-30` or greater.
+You need an an indirectly connected data controller with the `imageTag v1.0.0_2021-07-30` or greater.
 
 ## Limitations
 

articles/azure-monitor/logs/logs-data-export.md

@@ -78,10 +78,10 @@ You need to have 'write' permissions to both workspace and destination to config
 
 Don't use an existing event hub that has other, non-monitoring data stored in it to better control access to the data and prevent reaching event hub namespace ingress rate limit, failures, and latency.
 
-Data is sent to your event hub as it reaches Azure Monitor and exported to destinations located in workspace region. When specific event hub isn't provided in rule, an event hub is created for each data type that you export with the name *am-* followed by the name of the table. For example, the table *SecurityEvent* would sent to an event hub named *am-SecurityEvent*. The [number of supported event hubs in 'Basic' and 'Standard' namespaces tiers is 10](../../event-hubs/event-hubs-quotas.md#common-limits-for-all-tiers). When exporting more than 10 tables to these tiers, either split the tables between several export rules to different event hub namespaces, or provide an event hub name in the rule to export all tables to that event hub.
+Data is sent to your event hub as it reaches Azure Monitor and exported to destinations located in workspace region. You can create multiple export rules to the same event hub namespace by providing different `event hub name` in rule.When `event hub name` isn't provided, a default event hub is created for each table that you export with the name *am-* followed by the name of the table. For example, the table *SecurityEvent* would sent to an event hub named *am-SecurityEvent*. The [number of supported event hubs in 'Basic' and 'Standard' namespaces tiers is 10](../../event-hubs/event-hubs-quotas.md#common-limits-for-all-tiers). When exporting more than 10 tables to these tiers, either split the tables between several export rules to different event hub namespaces, or provide an event hub name in the rule to export all tables to that event hub.
 
 > [!NOTE]
-> - 'Basic' event hub tier is limited--it supports lower event size [limit](../../event-hubs/event-hubs-quotas.md#basic-vs-standard-vs-premium-vs-dedicated-tiers) and no the is no [Auto-inflate](../../event-hubs/event-hubs-auto-inflate.md) option. Since data volume to your workspace increases over time and consequence event hub scaling is required, use 'Standard', 'Premium' or 'Dedicated' event hub tiers with **Auto-inflate** feature enabled to automatically scale up and increase the number of throughput units. See [Automatically scale up Azure Event Hubs throughput units](../../event-hubs/event-hubs-auto-inflate.md).
+> - 'Basic' event hub tier is limited--it supports [lower event size](../../event-hubs/event-hubs-quotas.md#basic-vs-standard-vs-premium-vs-dedicated-tiers) and no [Auto-inflate](../../event-hubs/event-hubs-auto-inflate.md) option to automatically scale up and increase the number of throughput units. Since data volume to your workspace increases over time and consequence event hub scaling is required, use 'Standard', 'Premium' or 'Dedicated' event hub tiers with **Auto-inflate** feature enabled. See [Automatically scale up Azure Event Hubs throughput units](../../event-hubs/event-hubs-auto-inflate.md).
 > - Data export can't reach event hub resources when virtual networks are enabled. You have to enable the **Allow trusted Microsoft services** to bypass this firewall setting in event hub, to grant access to your Event Hubs resources.
 
 ## Enable data export

articles/cost-management-billing/costs/quick-create-budget-template.md

@@ -94,7 +94,7 @@ One Azure resource is defined in the template:
 
 2. Select or enter the following values.
 
-   :::image type="content" source="./media/quick-create-budget-template/create-budget-simple-image.png" alt-text="Resource Manager template, Create budget without a filter, deploy portal]" lightbox="./media/quick-create-budget-template/create-budget-simple-image.png" :::
+   :::image type="content" source="./media/quick-create-budget-template/create-budget-simple-image.png" alt-text="Resource Manager template, Create budget without a filter, deploy portal." lightbox="./media/quick-create-budget-template/create-budget-simple-image.png" :::
 
     * **Subscription**: select an Azure subscription.
     * **Resource group**: if required, select an existing resource group, or **Create new**.
@@ -114,7 +114,7 @@ One Azure resource is defined in the template:
 
 4. If you selected **Review + create**, your template is validated. Select **Create**.  
 
-   ![Resource Manager template, budget no filters, deploy portal notification](./media/quick-create-budget-template/resource-manager-template-portal-deployment-notification.png)
+   ![Resource Manager template, budget no filters, deploy portal notification.](./media/quick-create-budget-template/resource-manager-template-portal-deployment-notification.png)
 
 The Azure portal is used to deploy the template. In addition to the Azure portal, you can also use Azure PowerShell, Azure CLI, and REST API. To learn about other deployment templates, see [Deploy templates](../../azure-resource-manager/templates/deploy-powershell.md).
 

articles/iot-edge/how-to-connect-downstream-iot-edge-device.md

@@ -4,7 +4,7 @@ description: How to configure an IoT Edge device to connect to Azure IoT Edge ga
 author: kgremban
 
 ms.author: kgremban
-ms.date: 03/01/2021
+ms.date: 01/09/2022
 ms.topic: conceptual
 ms.service: iot-edge
 services: iot-edge
@@ -532,8 +532,60 @@ The API proxy module was designed to be customized to handle most common gateway
 1. Select **Review + create** to go to the final step.
 1. Select **Create** to deploy to your device.
 
+## Integrate Microsoft Defender for IoT with IoT Edge gateway
+
+Leaf devices can be used to integrate the Microsoft Defender for IoT's micro agent with the IoT Edge gateway using leaf device proxying.
+
+Learn more about the [Defender for IoT micro agent](../defender-for-iot/device-builders/overview.md#defender-for-iot-micro-agent).
+
+**To integrate Microsoft Defender for IoT with IoT Edge using leaf device proxying**:
+
+1. Sign in to the Azure portal.
+
+1. Navigate to **IoT Hub** > **`Your Hub`** > **Device management** > **Devices**
+
+1. Select your device.
+
+    :::image type="content" source="media/how-to-connect-downstream-iot-edge-device/select-device.png" alt-text="Screenshot showing where your device is located for selection.":::
+
+1. Select the `DefenderIotMicroAgent` module twin that you created from [these instructions](../defender-for-iot/device-builders/quickstart-create-micro-agent-module-twin.md#create-defenderiotmicroagent-module-twin).
+
+    :::image type="content" source="media/how-to-connect-downstream-iot-edge-device/defender-micro-agent.png" alt-text="Screenshot showing the location of the DefenderIotMicroAgent.":::
+
+1. Select the :::image type="icon" source="media/how-to-connect-downstream-iot-edge-device/copy-icon.png" border="false"::: button to copy your Connection string (primary key).
+
+1. Paste the Connection string into a text editing application, and add the GatewayHostName to the string. For example, `HostName=nested11.azure-devices.net;DeviceId=leaf1;ModuleId=module1;SharedAccessKey=xxx;GatewayHostName=10.16.7.4`.
+
+1. Open a terminal on the leaf device.
+
+1. Use the following command to place the connection string encoded in utf-8 in the Defender for Cloud agent directory into the file `connection_string.txt` in the following path: `/var/defender_iot_micro_agent/connection_string.txt`:
+
+    ```bash
+    sudo bash -c 'echo "<connection string>" > /var/defender_iot_micro_agent/connection_string.txt'
+    ```
+
+    The `connection_string.txt` should now be located in the following path location `/var/defender_iot_micro_agent/connection_string.txt`.
+
+1. Restart the service using this command:  
+
+    ```bash
+    sudo systemctl restart defender-iot-micro-agent.service 
+    ```
+
+1. Navigate back to the device.
+
+    :::image type="content" source="media/how-to-connect-downstream-iot-edge-device/device.png" alt-text="Screenshot showing how to navigate back to your device.":::
+
+1. Enable the connection to the IoT Hub, and select the gear icon.
+
+    :::image type="content" source="media/how-to-connect-downstream-iot-edge-device/gear-icon.png" alt-text="Screenshot showing what to select to set a parent device.":::
+
+1. Select the parent device from the displayed list.
+
+1. Ensure that port 8883 (MQTT) between the leaf device and the IoT Edge device is open.
+
 ## Next steps
 
 [How an IoT Edge device can be used as a gateway](iot-edge-as-gateway.md)
 
-[Configure the API proxy module for your gateway hierarchy scenario](how-to-configure-api-proxy-module.md)
+[Configure the API proxy module for your gateway hierarchy scenario](how-to-configure-api-proxy-module.md)