Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Banani-Rath

articles/active-directory-b2c/custom-domain.md

@@ -5,7 +5,7 @@ ms.service: automanage
 ms.collection: linux
 ms.workload: infrastructure
 ms.topic: conceptual
-ms.date: 03/22/2022
+ms.date: 05/12/2022
 ---
 
 # Azure Automanage for Machines Best Practices - Azure Arc-enabled servers
@@ -18,12 +18,10 @@ For all of these services, we will auto-onboard, auto-configure, monitor for dri
 
 Automanage supports the following operating systems for Azure Arc-enabled servers
 
-- Windows Server 2012/R2
-- Windows Server 2016
-- Windows Server 2019
+- Windows Server 2012 R2, 2016, 2019, 2022 
 - CentOS 7.3+, 8
 - RHEL 7.4+, 8
-- Ubuntu 16.04 and 18.04
+- Ubuntu 16.04, 18.04, 20.04
 - SLES 12 (SP3-SP5 only)
 
 ## Participating services
@@ -32,6 +30,7 @@ Automanage supports the following operating systems for Azure Arc-enabled server
 |-----------|---------------|----------------------|
 |[Machines Insights Monitoring](../azure-monitor/vm/vminsights-overview.md)    |Azure Monitor for machines monitors the performance and health of your virtual machines, including their running processes and dependencies on other resources.    |Production    |
 |[Update Management](../automation/update-management/overview.md)    |You can use Update Management in Azure Automation to manage operating system updates for your machines. You can quickly assess the status of available updates on all agent machines and manage the process of installing required updates for servers.    |Production, Dev/Test    |
+|[Microsoft Antimalware](../security/fundamentals/antimalware.md)    |Microsoft Antimalware for Azure is a free real-time protection that helps identify and remove viruses, spyware, and other malicious software. It generates alerts when known malicious or unwanted software tries to install itself or run on your Azure systems. **Note:** Microsoft Antimalware requires that there be no other antimalware software installed, or it may fail to work. This is also only supported for Windows Server 2016 and above. |Production, Dev/Test    |
 |[Change Tracking & Inventory](../automation/change-tracking/overview.md) |Change Tracking and Inventory combines change tracking and inventory functions to allow you to track virtual machine and server infrastructure changes. The service supports change tracking across services, daemons software, registry, and files in your environment to help you diagnose unwanted changes and raise alerts. Inventory support allows you to query in-guest resources for visibility into installed applications and other configuration items.    |Production, Dev/Test    |
 |[Azure Guest Configuration](../governance/policy/concepts/guest-configuration.md)  | Guest Configuration policy is used to monitor the configuration and report on the compliance of the machine. The Automanage service will install the Azure security baseline using the Guest Configuration extension. For Arc machines, the guest configuration service will install the baseline in audit-only mode. You will be able to see where your VM is out of compliance with the baseline, but noncompliance won't be automatically remediated.    |Production, Dev/Test    |
 |[Azure Automation Account](../automation/automation-create-standalone-account.md)    |Azure Automation supports management throughout the lifecycle of your infrastructure and applications.    |Production, Dev/Test    |

articles/active-directory-b2c/media/custom-domain/azure-front-door-route-status.png

@@ -5,7 +5,7 @@ author: mmccrory
 ms.service: automanage
 ms.workload: infrastructure
 ms.topic: conceptual
-ms.date: 10/19/2021
+ms.date: 5/12/2022
 ms.author: memccror
 ms.custom: references_regions
 ---
@@ -109,7 +109,7 @@ The only time you might need to interact with this machine to manage these servi
 ## Enabling Automanage for VMs using Azure Policy
 You can also enable Automanage on VMs at scale using the built-in Azure Policy. The policy has a DeployIfNotExists effect, which means that all eligible VMs located within the scope of the policy will be automatically onboarded to Automanage VM Best Practices.
 
-A direct link to the policy is [here](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F270610db-8c04-438a-a739-e8e6745b22d3).
+A direct link to the policy is [here](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Ff889cab7-da27-4c41-a3b0-de1f6f87c55).
 
 For more information, check out how to enable the [Automanage built-in policy](virtual-machines-policy-enable.md). 
 

articles/active-directory-b2c/media/custom-domain/enable-the-route.png

@@ -9,21 +9,22 @@ ms.date: 03/22/2022
 ms.author: memccror
 ---
 
-# Azure Automanage for Machines Best Practices - Windows Server
+# Azure Automanage for Machines Best Practices - Windows
 
 These Azure services are automatically onboarded for you when you use Automanage Machine Best Practices on a Windows Server VM. They are essential to our best practices white paper, which you can find in our [Cloud Adoption Framework](/azure/cloud-adoption-framework/manage/azure-server-management).
 
 For all of these services, we will auto-onboard, auto-configure, monitor for drift, and remediate if drift is detected. To learn more, go to [Azure Automanage for virtual machines](automanage-virtual-machines.md).
 
 ## Supported Windows Server versions
 
-Automanage supports the following Windows Server versions:
+Automanage supports the following Windows versions:
 
-- Windows Server 2012/R2
+- Windows Server 2012 R2
 - Windows Server 2016
 - Windows Server 2019
 - Windows Server 2022
 - Windows Server 2022 Azure Edition
+- Windows 10 
 
 ## Participating services
 

articles/automanage/automanage-arc.md

@@ -2,7 +2,7 @@
 title: Tag support for resources
 description: Shows which Azure resource types support tags. Provides details for all Azure services.
 ms.topic: conceptual
-ms.date: 04/20/2022
+ms.date: 05/13/2022
 ---
 
 # Tag support for Azure resources
@@ -2934,7 +2934,7 @@ To get the same data as a file of comma-separated values, download [tag-support.
 > | servers / usages | No | No |
 > | servers / virtualNetworkRules | No | No |
 > | servers / vulnerabilityAssessments | No | No |
-> | virtualClusters | Yes | Yes |
+> | virtualClusters | No | No |
 
 <a id="sqlnote"></a>
 

articles/automanage/automanage-virtual-machines.md

@@ -2,7 +2,7 @@
 title: Deploy Resource Manager templates by using GitHub Actions
 description: Describes how to deploy Azure Resource Manager templates (ARM templates) by using GitHub Actions.
 ms.topic: conceptual
-ms.date: 02/07/2022
+ms.date: 05/10/2022
 ms.custom: github-actions-azure
 ---
 
@@ -27,11 +27,13 @@ The file has two sections:
 
 |Section  |Tasks  |
 |---------|---------|
-|**Authentication** | 1. Define a service principal. <br /> 2. Create a GitHub secret. |
+|**Authentication** | 1. Generate deployment credentials. |
 |**Deploy** | 1. Deploy the Resource Manager template. |
 
 ## Generate deployment credentials
 
+# [Service principal](#tab/userlevel)
+
 You can create a [service principal](../../active-directory/develop/app-objects-and-service-principals.md#service-principal-object) with the [az ad sp create-for-rbac](/cli/azure/ad/sp#az-ad-sp-create-for-rbac) command in the [Azure CLI](/cli/azure/). Run this command with [Azure Cloud Shell](https://shell.azure.com/) in the Azure portal or by selecting the **Try it** button.
 
 Create a resource group if you do not already have one.
@@ -61,8 +63,29 @@ In the example above, replace the placeholders with your subscription ID and res
 > [!IMPORTANT]
 > It is always a good practice to grant minimum access. The scope in the previous example is limited to the resource group.
 
+# [OpenID Connect](#tab/openid)
+
+You need to provide your application's **Client ID**, **Tenant ID**, and **Subscription ID** to the login action. These values can either be provided directly in the workflow or can be stored in GitHub secrets and referenced in your workflow. Saving the values as GitHub secrets is the more secure option.
+
+1. Open your GitHub repository and go to **Settings**.
+
+1. Select **Settings > Secrets > New secret**.
+
+1. Create secrets for `AZURE_CLIENT_ID`, `AZURE_TENANT_ID`, and `AZURE_SUBSCRIPTION_ID`. Use these values from your Active Directory application for your GitHub secrets:
+
+    |GitHub Secret  | Active Directory Application  |
+    |---------|---------|
+    |AZURE_CLIENT_ID     |      Application (client) ID   |
+    |AZURE_TENANT_ID     |     Directory (tenant) ID    |
+    |AZURE_SUBSCRIPTION_ID     |     Subscription ID    |
+
+1. Save each secret by selecting **Add secret**.
+
+---
 ## Configure the GitHub secrets
 
+# [Service principal](#tab/userlevel)
+
 You need to create secrets for your Azure credentials, resource group, and subscriptions.
 
 1. In [GitHub](https://github.com/), browse your repository.
@@ -75,6 +98,25 @@ You need to create secrets for your Azure credentials, resource group, and subsc
 
 1. Create an additional secret named `AZURE_SUBSCRIPTION`. Add your subscription ID to the secret's value field (example: `90fd3f9d-4c61-432d-99ba-1273f236afa2`).
 
+# [OpenID Connect](#tab/openid)
+
+You need to provide your application's **Client ID**, **Tenant ID**, and **Subscription ID** to the login action. These values can either be provided directly in the workflow or can be stored in GitHub secrets and referenced in your workflow. Saving the values as GitHub secrets is the more secure option.
+
+1. Open your GitHub repository and go to **Settings**.
+
+1. Select **Settings > Secrets > New secret**.
+
+1. Create secrets for `AZURE_CLIENT_ID`, `AZURE_TENANT_ID`, and `AZURE_SUBSCRIPTION_ID`. Use these values from your Active Directory application for your GitHub secrets:
+
+    |GitHub Secret  | Active Directory Application  |
+    |---------|---------|
+    |AZURE_CLIENT_ID     |      Application (client) ID   |
+    |AZURE_TENANT_ID     |     Directory (tenant) ID    |
+    |AZURE_SUBSCRIPTION_ID     |     Subscription ID    |
+
+1. Save each secret by selecting **Add secret**.
+
+---
 ## Add Resource Manager template
 
 Add a Resource Manager template to your GitHub repository. This template creates a storage account.
@@ -94,8 +136,9 @@ The workflow file must be stored in the **.github/workflows** folder at the root
 1. Select **set up a workflow yourself**.
 1. Rename the workflow file if you prefer a different name other than **main.yml**. For example: **deployStorageAccount.yml**.
 1. Replace the content of the yml file with the following:
+  # [Service principal](#tab/userlevel)
 
-    ```yml
+  ```yml
     on: [push]
     name: Azure ARM
     jobs:
@@ -122,15 +165,57 @@ The workflow file must be stored in the **.github/workflows** folder at the root
 
           # output containerName variable from template
         - run: echo ${{ steps.deploy.outputs.containerName }}
-    ```
+  ```
+
+  > [!NOTE]
+  > You can specify a JSON format parameters file instead in the ARM Deploy action (example: `.azuredeploy.parameters.json`).
+
+  The first section of the workflow file includes:
+
+  - **name**: The name of the workflow.
+  - **on**: The name of the GitHub events that triggers the workflow. The workflow is trigger when there is a push event on the main branch, which modifies at least one of the two files specified. The two files are the workflow file and the template file.
+  
+  # [OpenID Connect](#tab/openid)
+ 
+  ```yml
+    on: [push]
+    name: Azure ARM
+    jobs:
+      build-and-deploy:
+        runs-on: ubuntu-latest
+        steps:
+
+          # Checkout code
+        - uses: actions/checkout@main
+
+          # Log into Azure
+        - uses: azure/login@v1
+          with:
+            client-id: ${{ secrets.AZURE_CLIENT_ID }}
+            tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+            subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+          # Deploy ARM template
+        - name: Run ARM deploy
+          uses: azure/arm-deploy@v1
+          with:
+            subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION }}
+            resourceGroupName: ${{ secrets.AZURE_RG }}
+            template: ./azuredeploy.json
+            parameters: storageAccountType=Standard_LRS
+
+          # output containerName variable from template
+        - run: echo ${{ steps.deploy.outputs.containerName }}
+  ```
 
-    > [!NOTE]
-    > You can specify a JSON format parameters file instead in the ARM Deploy action (example: `.azuredeploy.parameters.json`).
+  > [!NOTE]
+  > You can specify a JSON format parameters file instead in the ARM Deploy action (example: `.azuredeploy.parameters.json`).
 
-    The first section of the workflow file includes:
+  The first section of the workflow file includes:
 
-    - **name**: The name of the workflow.
-    - **on**: The name of the GitHub events that triggers the workflow. The workflow is trigger when there is a push event on the main branch, which modifies at least one of the two files specified. The two files are the workflow file and the template file.
+  - **name**: The name of the workflow.
+  - **on**: The name of the GitHub events that triggers the workflow. The workflow is trigger when there is a push event on the main branch, which modifies at least one of the two files specified. The two files are the workflow file and the template file.
+  ---
 
 1. Select **Start commit**.
 1. Select **Commit directly to the main branch**.

articles/automanage/automanage-windows-server.md

@@ -28,7 +28,7 @@ This section covers backup operation failure of Azure Virtual machine.
   * If Azure Backup is working, then the issue is likely with another backup solution.
   * Here is an example of an Event Viewer error 517 where Azure Backup was working fine but "Windows Server Backup" was failing:
     ![Windows Server Backup failing](media/backup-azure-vms-troubleshoot/windows-server-backup-failing.png)
-  * If Azure Backup is failing, then look for the corresponding error code in the section Common VM backup errors in this article.
+  * If Azure Backup is failing, then look for the corresponding error code in the [Common issues](#common-issues) section.
   * If you see Azure Backup option greyed out on an Azure VM, hover over the disabled menu to find the reason. The reasons could be  "Not available with EphemeralDisk" or "Not available with Ultra Disk".
     ![Reasons for the disablement of Azure Backup option](media/backup-azure-vms-troubleshoot/azure-backup-disable-reasons.png)
 

articles/azure-resource-manager/management/tag-support.md

@@ -146,8 +146,8 @@ Azure Backup has added the Cross Region Restore feature to strengthen data avail
 
 | Backup Management type | Supported                                                    | Supported Regions |
 | ---------------------- | ------------------------------------------------------------ | ----------------- |
-| Azure VM               | Supported for Azure VMs (including encrypted Azure VMs) with both managed and unmanaged disks. Not supported for classic VMs. | Available in all Azure public regions and sovereign regions, except for UG IOWA and UG Virginia. |
-| SQL /SAP HANA | Available      | Available in all Azure public regions and sovereign regions, except for France Central, UG IOWA, and UG Virginia. |
+| Azure VM               | Supported for Azure VMs (including encrypted Azure VMs) with both managed and unmanaged disks. Not supported for classic VMs. | Available in all Azure public regions and sovereign regions, except for UG IOWA. |
+| SQL /SAP HANA | Available      | Available in all Azure public regions and sovereign regions, except for France Central and UG IOWA. |
 | MARS Agent/On premises  | No                                                           | N/A               |
 | AFS (Azure file shares)                 | No                                                           | N/A               |