Merge pull request #230404 from MicrosoftDocs/main

Publish to live, Monday 4 AM PST, 3/13

Author: ttorble

articles/active-directory/develop/custom-claims-provider-overview.md

@@ -10,7 +10,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 03/06/2023
+ms.date: 03/13/2023
 ms.author: davidmu
 ms.reviewer: JasSuri
 ms.custom: aaddev 
@@ -24,6 +24,9 @@ When a user authenticates to an application, a custom claims provider can be use
 
 Key data about a user is often stored in systems external to Azure AD. For example, secondary email, billing tier, or sensitive information. Some applications may rely on these attributes for the application to function as designed. For example, the application may block access to certain features based on a claim in the token.
 
+The following short video provides an excellent overview of the Azure AD custom extensions and custom claims providers:
+> [!VIDEO https://www.youtube.com/embed/BYOMshjlwbc]
+
 Use a custom claims provider for the following scenarios:
 
 - **Migration of legacy systems** - You may have legacy identity systems such as Active Directory Federation Services (AD FS) or data stores (such as LDAP directory) that hold information about users. You'd like to migrate these applications, but can't fully migrate the identity data into Azure AD. Your apps may depend on certain information on the token, and can't be rearchitected.

articles/active-directory/develop/custom-extension-get-started.md

@@ -10,7 +10,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: how-to
 ms.workload: identity
-ms.date: 03/06/2023
+ms.date: 03/13/2023
 ms.author: davidmu
 ms.custom: aaddev
 ms.reviewer: JasSuri
@@ -21,7 +21,9 @@ ms.reviewer: JasSuri
 
 This article describes how to configure and setup a custom claims provider with the [token issuance start event](custom-claims-provider-overview.md#token-issuance-start-event-listener) type. This event is triggered right before the token is issued, and allows you to call a REST API to add claims to the token. 
 
-This how-to guide demonstrates the token issuance start event with a REST API running in Azure Functions and a sample OpenID Connect application.
+This how-to guide demonstrates the token issuance start event with a REST API running in Azure Functions and a sample OpenID Connect application. Before you start, take a look at following video, which demonstrates how to configure Azure AD custom claims provider with Function App:
+
+> [!VIDEO https://www.youtube.com/embed/r-JEsMBJ7GE]
 
 ## Prerequisites
 
@@ -488,7 +490,7 @@ To protect your Azure function, follow these steps to integrate Azure AD authent
 > [!NOTE]
 > If the Azure function app is hosted in a different Azure tenant than the tenant in which your custom extension is registered, skip to [using OpenID Connect identity provider](#51-using-openid-connect-identity-provider) step.
 
-1. In the [Azure portal](https://poral.azure.com), navigate and select the function app you previously published.
+1. In the [Azure portal](https://portal.azure.com), navigate and select the function app you previously published.
 1. Select **Authentication** in the menu on the left.
 1. Select **Add Identity provider**.  
 1. Select **Microsoft** as the identity provider.
@@ -503,7 +505,7 @@ To protect your Azure function, follow these steps to integrate Azure AD authent
 
 If you configured the [Microsoft identity provider](#step-5-protect-your-azure-function), skip this step. Otherwise, if the Azure Function is hosted under a different tenant than the tenant in which your custom extension is registered, follow these steps to protect your function:
 
-1. In the [Azure portal](https://poral.azure.com), navigate and select the function app you previously published.
+1. In the [Azure portal](https://portal.azure.com), navigate and select the function app you previously published.
 1. Select **Authentication** in the menu on the left.
 1. Select **Add Identity provider**.  
 1. Select **OpenID Connect** as the identity provider.

articles/azure-resource-manager/bicep/decompile.md

@@ -2,7 +2,8 @@
 title: Decompile ARM template JSON to Bicep
 description: Describes commands for decompiling Azure Resource Manager templates to Bicep files.
 ms.topic: conceptual
-ms.date: 11/11/2022
+ms.date: 03/03/2023
+ms.custom: devx-track-azurepowershell
 ---
 
 # Decompiling ARM template JSON to Bicep
@@ -11,6 +12,8 @@ This article describes how to decompile Azure Resource Manager templates (ARM te
 
 > [!NOTE]
 > From Visual Studio Code, you can directly create resource declarations by importing from existing resources. For more information, see [Bicep commands](./visual-studio-code.md#bicep-commands).
+>
+> Visual Studio Code enables you to paste JSON as Bicep. It automatically runs the decompile command. For more information, see [Paste JSON as Bicep](./visual-studio-code.md#paste-as-bicep-preview).
 
 Decompiling an ARM template helps you get started with Bicep development. If you have a library of ARM templates and want to use Bicep for future development, you can decompile them to Bicep. However, the Bicep file might need revisions to implement best practices for Bicep.
 

articles/azure-resource-manager/bicep/media/visual-studio-code/enable-paste-json.png

@@ -4,7 +4,7 @@ description: Describes the recommended workflow when migrating Azure resources a
 author: joshuawaddell
 ms.author: jowaddel
 ms.topic: conceptual
-ms.date: 11/11/2022
+ms.date: 03/03/2023
 ---
 # Migrate to Bicep
 
@@ -32,6 +32,8 @@ The convert phase consists of two steps, which you complete in sequence:
 
 > [!NOTE]
 > You can import a resource by opening the Visual Studio Code command palette. Use <kbd>Ctrl+Shift+P</kbd> on Windows and Linux and <kbd>⌘+Shift+P</kbd> on macOS.
+>
+> Visual Studio Code enables you to paste JSON as Bicep. For more information, see [Paste JSON as Bicep](./visual-studio-code.md#paste-as-bicep-preview).
 
 ## Phase 2: Migrate
 
@@ -43,7 +45,7 @@ The migrate phase consists of three steps, which you complete in sequence:
 
 1. **Copy each resource from your decompiled template.** Copy each resource individually from the converted Bicep file to the new Bicep file. This process helps you resolve any issues on a per-resource basis and to avoid any confusion as your template grows in size.
 
-1. **Identify and recreate any missing resources.** Not all Azure resource types can be exported through the Azure portal, Azure CLI, or Azure PowerShell. For example, virtual machine extensions such as the DependencyAgentWindows and MMAExtension (Microsoft Monitoring Agent) aren't supported resource types for export. For any resource that wasn't exported, such as virtual machine extensions, you'll need to recreate those resources in your new Bicep file. You can recreate resources using a variety of tools and approaches, including [Azure Resource Explorer](../templates/export-template-portal.md?azure-portal=true), the [Bicep and ARM template reference documentation](/azure/templates/?azure-portal=true), and the [Azure Quickstart Templates](https://azure.microsoft.com/resources/templates?azure-portal=true) site.
+1. **Identify and recreate any missing resources.** Not all Azure resource types can be exported through the Azure portal, Azure CLI, or Azure PowerShell. For example, virtual machine extensions such as the DependencyAgentWindows and MMAExtension (Microsoft Monitoring Agent) aren't supported resource types for export. For any resource that wasn't exported, such as virtual machine extensions, you need to recreate those resources in your new Bicep file. You can recreate resources using various tools and approaches, including [Azure Resource Explorer](../templates/export-template-portal.md?azure-portal=true), the [Bicep and ARM template reference documentation](/azure/templates/?azure-portal=true), and the [Azure Quickstart Templates](https://azure.microsoft.com/resources/templates?azure-portal=true) site.
 
 ## Phase 3: Refactor
 
@@ -55,7 +57,7 @@ The deploy phase consists of eight steps, which you complete in any order:
 
 1. **Review the linter suggestions in your new Bicep file.** When you use the [Bicep extension for Visual Studio Code](https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-bicep&azure-portal=true) to create Bicep files, the [Bicep linter](linter.md) runs automatically and highlights suggestions and errors in your code. Many of the suggestions and errors include an option to apply a quick fix of the issue. Review these recommendations and adjust your Bicep file.
 
-1. **Revise parameters, variables, and symbolic names.** It's possible the names of parameters, variables, and symbolic names generated by the decompiler won't match your standard naming convention. Review the generated names and make adjustments as necessary.
+1. **Revise parameters, variables, and symbolic names.** It's possible the names of parameters, variables, and symbolic names generated by the decompiler don't match your standard naming convention. Review the generated names and make adjustments as necessary.
 
 1. **Simplify expressions.** The decompile process may not always take advantage of some of Bicep's features. Review any expressions generated in the conversion and simplify them. For example, the decompiled template may include a `concat()` or `format()` function that could be simplified by using [string interpolation](bicep-functions-string.md#concat). Review any suggestions from the linter and make adjustments as necessary.
 
@@ -86,13 +88,13 @@ In the _deploy_ phase of migrating your resources to Bicep, the goal is to deplo
 
 The deploy phase consists of four steps, which you complete in sequence:
 
-1. **Prepare a rollback plan.** The ability to recover from a failed deployment is crucial. Create a rollback strategy in the event that any breaking changes are introduced into your environments. Take inventory of the types of resources that are deployed, such as virtual machines, web apps, and databases. Each resource's data plane should be considered as well. Do you have a way to recover a virtual machine and its data? Do you have a way to recover a database after deletion? A well-developed rollback plan will help to keep your downtime to a minimum if any issues arise from a deployment.
+1. **Prepare a rollback plan.** The ability to recover from a failed deployment is crucial. Create a rollback strategy if any breaking changes are introduced into your environments. Take inventory of the types of resources that are deployed, such as virtual machines, web apps, and databases. Each resource's data plane should be considered as well. Do you have a way to recover a virtual machine and its data? Do you have a way to recover a database after deletion? A well-developed rollback plan helps to keep your downtime to a minimum if any issues arise from a deployment.
 
 1. **Run the what-if operation against production.** Before deploying your final Bicep file to production, run the what-if operation against your production environment, making sure to use production parameter values, and consider documenting the results.
 
 1. **Deploy manually.** If you're going to use the converted template in a pipeline, such as [Azure DevOps](add-template-to-azure-pipelines.md) or [GitHub Actions](deploy-github-actions.md), consider running the deployment from your local machine first. It's preferable to test the template's functionality before incorporating it into your production pipeline. That way, you can respond quickly if there's a problem.
 
-1. **Run smoke tests.** After your deployment is complete, you should run a series of *smoke tests* to ensure that your application or workload is working properly. For example, test to see if your web app is accessible through normal access channels, such as the public Internet or across a corporate VPN. For databases, attempt to make a database connection and execute a series of queries. With virtual machines, log in to the virtual machine and make sure that all services are up and running.
+1. **Run smoke tests.** After your deployment is complete, you should run a series of *smoke tests* to ensure that your application or workload is working properly. For example, test to see if your web app is accessible through normal access channels, such as the public Internet or across a corporate VPN. For databases, attempt to make a database connection and execute a series of queries. With virtual machines, sign in to the virtual machine and make sure that all services are up and running.
 
 ## Next steps
 

articles/azure-resource-manager/bicep/migrate.md

@@ -2,7 +2,7 @@
 title: Create Bicep files by using Visual Studio Code
 description: Describes how to create Bicep files by using Visual Studio Code
 ms.topic: conceptual
-ms.date: 02/21/2023
+ms.date: 03/03/2023
 ---
 
 # Create Bicep files by using Visual Studio Code
@@ -17,7 +17,7 @@ To set up your environment for Bicep development, see [Install Bicep tools](inst
 
 Visual Studio Code comes with several Bicep commands.
 
-Open or create a Bicep file in VS Code, select the **View** menu and then select **Command Palette**. You can also use the key combination **[CTRL]+[SHIFT]+P** to bring up the command palette. Type **Bicep** to list the Bicep commands.
+Open or create a Bicep file in VS Code, select the **View** menu and then select **Command Palette**. You can also use **F1** or the key combination <kbd>Ctrl+Shift+P</kbd> to bring up the command palette. Type **Bicep** to list the Bicep commands.
 
 :::image type="content" source="./media/visual-studio-code/visual-studio-code-bicep-commands.png" alt-text="Screenshot of Visual Studio Code Bicep commands in the command palette.":::
 
@@ -53,7 +53,7 @@ The [Bicep configuration file (bicepconfig.json)](./bicep-config.md) can be used
 To create a Bicep configuration file:
 
 1. Open Visual Studio Code.
-1. From the **View** menu, select **Command Palette** (or press **[CTRL/CMD]**+**[SHIFT]**+**P**), and then select **Bicep: Create Bicep Configuration File**.
+1. From the **View** menu, select **Command Palette** (or press <kbd>Ctrl/Cmd+Shift+P</kbd>), and then select **Bicep: Create Bicep Configuration File**.
 1. Select the file directory where you want to place the file.
 1. Save the configuration file when you're done.
 
@@ -124,6 +124,80 @@ From Visual Studio Code, you can easily open the template reference for the reso
 
 :::image type="content" source="./media/visual-studio-code/visual-studio-code-bicep-view-type-document.png" alt-text="Screenshot of Visual Studio Code Bicep view type document.":::
 
+## Paste as Bicep (Preview)
+
+You can paste a JSON snippet from an ARM template to Bicep file. Visual Studio Code automatically decompiles the JSON to Bicep. This feature is only available with the Bicep extension version 0.14.0 or newer.
+
+To enable the feature:
+
+1. In Visual Studio Code, select **Manage** (gear icon) in the side menu. Select **Settings**.  You can also use <kbd>Ctrl+,</kbd> to open settings.
+1. Expand **Extensions** and then select **Bicep**.
+1. Select **Decompile on Paste**.
+
+    :::image type="content" source="./media/visual-studio-code/enable-paste-json.png" alt-text="Screenshot of Visual Studio Code Paste as Bicep.":::
+
+By using this feature, you can paste:
+
+- Full ARM JSON templates.
+- Single resource or multiple resources.
+- JSON values, such as objects, arrays, and strings. A string with double-quotes is converted to single-quotes.
+
+For example, you can start with the following Bicep file:
+
+```bicep
+@description('Storage Account type')
+@allowed([
+  'Standard_LRS'
+  'Standard_GRS'
+  'Standard_ZRS'
+  'Premium_LRS'
+])
+param storageAccountsku string = 'Standard_LRS'
+
+@description('Location for all resources.')
+param location string = resourceGroup().location
+
+var storageAccountName = '${uniqueString(resourceGroup().id)}storage'
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-08-01' = {
+  name: storageAccountName
+  location: location
+  sku: {
+    name: storageAccountsku
+  }
+  kind: 'StorageV2'
+  tags: {
+    ObjectName: storageAccountName
+  }
+  properties: {}
+}
+
+output storageAccountName string = storageAccountName
+```
+
+And, paste the following JSON:
+
+```json
+{
+  "type": "Microsoft.Batch/batchAccounts",
+  "apiVersion": "2021-06-01",
+  "name": "[parameters('batchAccountName')]",
+  "location": "[parameters('location')]",
+  "tags": {
+    "ObjectName": "[parameters('batchAccountName')]"
+  },
+  "properties": {
+    "autoStorage": {
+      "storageAccountId": "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
+    }
+  }
+}
+```
+
+Visual Studio Code automatically converts the JSON to Bicep. Notice that you also need to add the parameter named `batchAccountName`.
+
+You can undo the decompilation by using <kbd>Ctrl+Z</kbd>. The original JSON appears in the file.
+
 ## Next steps
 
 To walk through a quickstart, see [Quickstart: Create Bicep files with Visual Studio Code](./quickstart-create-bicep-use-visual-studio-code.md).

articles/azure-resource-manager/bicep/visual-studio-code.md

@@ -33,7 +33,7 @@ To move a peered virtual network, you must first disable the virtual network pee
 
 ## VPN Gateways
 
-You cannot move VPN Gateways across subscriptions if they are of Basic SKU. Basic SKU is only meant for test environment usage and doesn't support resource move operation.
+You cannot move VPN Gateways across resource groups or subscriptions if they are of Basic SKU. Basic SKU is only meant for test environment usage and doesn't support resource move operation.
 
 ## Subnet links
 

articles/azure-resource-manager/management/move-limitations/networking-move-limitations.md

@@ -1348,7 +1348,7 @@ Before starting your move operation, review the [checklist](./move-resource-grou
 > | trafficmanagerprofiles / heatmaps | No | No | No |
 > | trafficmanagerusermetricskeys | No | No | No |
 > | virtualhubs | No | No | No |
-> | virtualnetworkgateways | **Yes** | **Yes** - see [Networking move guidance](./move-limitations/networking-move-limitations.md) | No |
+> | virtualnetworkgateways | **Yes** except Basic SKU - see [Networking move guidance](./move-limitations/networking-move-limitations.md)| **Yes** except Basic SKU - see [Networking move guidance](./move-limitations/networking-move-limitations.md) | No |
 > | virtualnetworks | **Yes** | **Yes** | No |
 > | virtualnetworktaps | No | No | No |
 > | virtualrouters | **Yes** | **Yes** | No |

articles/azure-resource-manager/management/move-support-resources.md

@@ -6,11 +6,13 @@ ms.date: 08/06/2021
 ms.author: lianwei
 ---
 
-> [!Important]
+> [!IMPORTANT]
 > A connection string includes the authorization information required for your application to access Azure Web PubSub service. The access key inside the connection string is similar to a root password for your service. In production environments, always be careful to protect your access keys. Use Azure Key Vault to manage and rotate your keys securely. Avoid distributing access keys to other users, hard-coding them, or saving them anywhere in plain text that is accessible to others. Rotate your keys if you believe they may have been compromised.
 
-Use the Azure CLI [az webpubsub key](/cli/azure/webpubsub#az-webpubsub-key) command to get the **ConnectionString** of the service.
+Use the Azure CLI [az webpubsub key](/cli/azure/webpubsub#az-webpubsub-key) command to get the **ConnectionString** of the service.  Replace the `<your-unique-resource-name>` placeholder with the name of your Azure Web PubSub instance.
 
-```azurecli-interactive
-$connection-string=(az webpubsub key show --name "<your-unique-resource-name>" --resource-group "myResourceGroup" --query primaryConnectionString)
+```azurecli
+az webpubsub key show --resource-group myResourceGroup --name <your-unique-resource-name> --query primaryConnectionString --output tsv
 ```
+
+Copy the connection string to use later.

articles/azure-web-pubsub/includes/cli-awps-connstr.md

@@ -17,7 +17,7 @@ Use the Azure CLI [az webpubsub create](/cli/azure/webpubsub#az-webpubsub-create
   > [!Important]
   > Each Web PubSub resource must have a unique name. Replace <your-unique-resource-name> with the name of your Web PubSub in the following examples.
 
-```azurecli-interactive
+```azurecli
 az webpubsub create --name "<your-unique-resource-name>" --resource-group "myResourceGroup" --location "EastUS" --sku Free_F1
 ```