Merge branch 'MicrosoftDocs:main' into patch-4

Author: chengyuanlai-msft

articles/active-directory-b2c/identity-protection-investigate-risk.md

@@ -1,7 +1,7 @@
 ---
 title: Investigate risk with Azure Active Directory B2C Identity Protection
 description: Learn how to investigate risky users, and detections in Azure AD B2C Identity Protection
-ms.service: active-directory
+ms.service: entra-id
 ms.subservice: conditional-access
 ms.topic: overview
 ms.date: 01/24/2024

articles/active-directory-b2c/partner-grit-iam.md

@@ -16,7 +16,7 @@ ms.subservice: B2C
 
 # Tutorial: Configure the Grit IAM B2B2C solution with Azure Active Directory B2C
 
-In this tutorial, you learn how to integrate Azure Active Directory B2C (Azure AD B2C) authentication with a [Grit IAM B2B2C](https://www.gritiam.com/b2b2c) solution. You can use the solution to provide secure, reliable, self-serviceable, and user-friendly identity and access management to your customers. Shared profile data such as first name, last name, home address, and email used in web and mobile applications are stored in a centralized manner with consideration to compliance and regulatory needs.
+In this tutorial, you learn how to integrate Azure Active Directory B2C (Azure AD B2C) authentication with a [Grit IAM B2B2C](https://www.gritiam.com/b2b2c.html) solution. You can use the solution to provide secure, reliable, self-serviceable, and user-friendly identity and access management to your customers. Shared profile data such as first name, last name, home address, and email used in web and mobile applications are stored in a centralized manner with consideration to compliance and regulatory needs.
 
 
 Use Grit's B2BB2C solution for:
@@ -28,7 +28,7 @@ Use Grit's B2BB2C solution for:
 
 To get started, ensure the following prerequisites are met:
 
-- A Grit IAM account. You can go to [Grit IAM B2B2C solution](https://www.gritiam.com/b2b2c) to get a demo.
+- A Grit IAM account. You can go to [Grit IAM B2B2C solution](https://www.gritiam.com/b2b2c.html) to get a demo.
 - A Microsoft Entra subscription. If you don't have one, you can create a [free Azure account](https://azure.microsoft.com/free/).
 - An Azure AD B2C tenant linked to the Azure subscription. You can learn more at [Tutorial: Create an Azure Active Directory B2C tenant](tutorial-create-tenant.md). 
 - Configure your application in the Azure portal. 

articles/ai-services/speech-service/includes/how-to/compressed-audio-input/gstreamer-android.md

@@ -73,7 +73,7 @@ APP_PLATFORM = android-21
 APP_BUILD_SCRIPT = Android.mk
 ```
 
-You can build `libgstreamer_android.so` by using the following command on Ubuntu 18.04 or 20.04. The following command lines have been tested for [GStreamer Android version 1.14.4](https://gstreamer.freedesktop.org/download/) with [Android NDK b16b.](https://dl.google.com/android/repository/android-ndk-r16b-linux-x86_64.zip)
+You can build `libgstreamer_android.so` by using the following command on Ubuntu 18.04 or 20.04. The following command lines have been tested for [GStreamer Android version 1.14.4] with [Android NDK b16b.](https://dl.google.com/android/repository/android-ndk-r16b-linux-x86_64.zip)
 
 ```sh
 # Assuming wget and unzip are already installed on the system

articles/api-management/compute-infrastructure.md

@@ -4,7 +4,7 @@ description: Learn about the compute platform used to host your API Management s
 author: dlepow
 ms.service: api-management
 ms.topic: conceptual
-ms.date: 12/19/2023
+ms.date: 03/26/2024
 ms.author: danlep
 ms.custom:
 ---
@@ -30,9 +30,7 @@ The following table summarizes the compute platforms currently used in the **Con
 <sup>1</sup> Newly created instances in these tiers and some existing instances in Developer and Premium tiers configured with virtual networks or availability zones.
 
 > [!NOTE]
-> Currently, the `stv2` platform isn't available in the following Azure regions: China East, China East 2, China North, China North 2.
-> 
-> Also, as Qatar Central is a recently established Azure region, only the `stv2` platform is supported for API Management services deployed in this region.
+> In Qatar Central, only the `stv2` platform is supported for API Management services deployed in this region.
 
 ## How do I know which platform hosts my API Management instance?
 

articles/automation/update-management/overview.md

@@ -46,7 +46,7 @@ The following table summarizes the supported connected sources with Update Manag
 | Linux |Yes |Update Management collects information about system updates from Linux machines with the Log Analytics agent and installation of required updates on supported distributions.<br> Machines need to report to a local or remote repository. |
 | Operations Manager management group |Yes |Update Management collects information about software updates from agents in a connected management group.<br/><br/>A direct connection from the Operations Manager agent to Azure Monitor logs isn't required. Log data is forwarded from the management group to the Log Analytics workspace. |
 
-The machines assigned to Update Management report how up to date they are based on what source they are configured to synchronize with. Windows machines need to be configured to report to either [Windows Server Update Services](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) or [Microsoft Update](https://support.microsoft.com/windows/update-windows-3c5ae7fc-9fb6-9af1-1984-b5e0412c556a), and Linux machines need to be configured to report to a local or public repository. You can also use Update Management with Microsoft Configuration Manager, and to learn more see [Integrate Update Management with Windows Configuration Manager](mecmintegration.md). 
+The machines assigned to Update Management report how up to date they are based on what source they are configured to synchronize with. Windows machines need to be configured to report to either [Windows Server Update Services](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) or [Microsoft Update](https://www.catalog.update.microsoft.com/), and Linux machines need to be configured to report to a local or public repository. You can also use Update Management with Microsoft Configuration Manager, and to learn more see [Integrate Update Management with Windows Configuration Manager](mecmintegration.md). 
 
 If the Windows Update Agent (WUA) on the Windows machine is configured to report to WSUS, depending on when WSUS last synchronized with Microsoft Update, the results might differ from what Microsoft Update shows. This behavior is the same for Linux machines that are configured to report to a local repo instead of a public repo. On a Windows machine, the compliance scan is run every 12 hours by default. For a Linux machine, the compliance scan is performed every hour by default. If the Log Analytics agent is restarted, a compliance scan is started within 15 minutes. When a machine completes a scan for update compliance, the agent forwards the information in bulk to Azure Monitor Logs. 
 

articles/azure-arc/resource-bridge/maintenance.md

@@ -7,19 +7,23 @@ ms.date: 11/03/2023
 
 # Azure Arc resource bridge maintenance operations
 
-To keep your Azure Arc resource bridge deployment online and operational, you might need to perform maintenance operations such as updating credentials or monitoring upgrades.
+To keep your Azure Arc resource bridge deployment online and operational, you need to perform maintenance operations such as updating credentials,  monitoring upgrades and ensuring the appliance VM is online.
 
-To maintain the on-premises appliance VM, the [appliance configuration files generated during deployment](deploy-cli.md#az-arcappliance-createconfig) need to be saved in a secure location and made available on the management machine. The management machine used to perform maintenance operations must meet all of [the Arc resource bridge requirements](system-requirements.md).  
+## Prerequisites
 
-The following sections describe some of the most common maintenance tasks for Arc resource bridge.
+To maintain the on-premises appliance VM, the [appliance configuration files generated during deployment](deploy-cli.md#az-arcappliance-createconfig) need to be saved in a secure location and made available on the management machine. 
+
+The management machine used to perform maintenance operations must meet all of [the Arc resource bridge requirements](system-requirements.md).  
+
+The following sections describe the maintenance tasks for Arc resource bridge.
 
 ## Update credentials in the appliance VM
 
-Arc resource bridge consists of an on-premises appliance VM. The appliance VM [stores credentials](system-requirements.md#user-account-and-credentials) (for example, a user account for VMware vCenter) used to access the control center of the on-premises infrastructure to view and manage on-premises resources.
+Arc resource bridge consists of an on-premises appliance VM. The appliance VM [stores credentials](system-requirements.md#user-account-and-credentials) (for example, a user account for VMware vCenter) used to access the control center of the on-premises infrastructure to view and manage on-premises resources. The credentials used by Arc resource bridge are the same ones provided during deployment of the resource bridge. This allows the resource bridge visibility to on-premises resources for guest management in Azure.
 
-The credentials used by Arc resource bridge are the same ones provided during deployment of the bridge. This allows the bridge visibility to on-premises resources for guest management in Azure.
+If the credentials change, the credentials stored in the Arc resource bridge need to be updated with the [`update-infracredentials` command](/cli/azure/arcappliance/update-infracredentials). This command must be run from the management machine, and it requires a [kubeconfig file](system-requirements.md#kubeconfig). 
 
-If the credentials change, the credentials stored in the Arc resource bridge need to be updated with the [`update-infracredentials` command](/cli/azure/arcappliance/update-infracredentials). This command must be run from the management machine, and it requires a [kubeconfig file](system-requirements.md#kubeconfig).
+Reference: [Arc-enabled VMware - Update the credentials stored in Arc resource bridge](../vmware-vsphere/administer-arc-vmware.md#updating-the-vsphere-account-credentials-using-a-new-password-or-a-new-vsphere-account-after-onboarding)
 
 ## Troubleshoot Arc resource bridge
 

articles/azure-arc/resource-bridge/system-requirements.md

@@ -39,17 +39,19 @@ These minimum requirements enable most scenarios. However, a partner product may
 
 ## IP address prefix (subnet) requirements
 
-The IP address prefix (subnet) where Arc resource bridge will be deployed requires a minimum prefix of /29. The IP address prefix must have enough available IP addresses for the gateway IP, control plane IP, appliance VM IP, and reserved appliance VM IP. Please work with your network engineer to ensure that there is an available subnet with the required available IP addresses and IP address prefix for Arc resource bridge.
+The IP address prefix (subnet) where Arc resource bridge will be deployed requires a minimum prefix of /29. The IP address prefix must have enough available IP addresses for the gateway IP, control plane IP, appliance VM IP, and reserved appliance VM IP. Arc resource bridge only uses the IP addresses assigned to the IP pool range (Start IP, End IP) and the Control Plane IP. We recommend that the End IP immediately follow the Start IP. Ex: Start IP =192.168.0.2, End IP = 192.168.0.3. Please work with your network engineer to ensure that there is an available subnet with the required available IP addresses and IP address prefix for Arc resource bridge.
 
-The IP address prefix is the subnet's IP address range for the virtual network and subnet mask (IP Mask) in CIDR notation, for example `192.168.7.1/24`. You provide the IP address prefix (in CIDR notation) during the creation of the configuration files for Arc resource bridge. 
+The IP address prefix is the subnet's IP address range for the virtual network and subnet mask (IP Mask) in CIDR notation, for example `192.168.7.1/29`. You provide the IP address prefix (in CIDR notation) during the creation of the configuration files for Arc resource bridge. 
 
 Consult your network engineer to obtain the IP address prefix in CIDR notation. An IP Subnet CIDR calculator may be used to obtain this value.
 
 ## Static IP configuration
 
 If deploying Arc resource bridge to a production environment, static configuration must be used when deploying Arc resource bridge. Static IP configuration is used to assign three static IPs (that are in the same subnet) to the Arc resource bridge control plane, appliance VM, and reserved appliance VM.
 
-DHCP is only supported in a test environment for testing purposes only for VM management on Azure Stack HCI, and it should not be used in a production environment. DHCP isn't supported on any other Arc-enabled private cloud, including Arc-enabled VMware, Arc for AVS, or Arc-enabled SCVMM. If using DHCP, you must reserve the IP addresses used by the control plane and appliance VM. In addition, these IPs must be outside of the assignable DHCP range of IPs. Ex: The control plane IP should be treated as a reserved/static IP that no other machine on the network will use or receive from DHCP. If the control plane IP or appliance VM IP changes (ex: due to an outage, this impacts the resource bridge availability and functionality.
+DHCP is only supported in a test environment for testing purposes only for VM management on Azure Stack HCI. It should not be used in a production environment. DHCP isn't supported on any other Arc-enabled private cloud, including Arc-enabled VMware, Arc for AVS, or Arc-enabled SCVMM. 
+
+If using DHCP, you must reserve the IP addresses used by the control plane and appliance VM. In addition, these IPs must be outside of the assignable DHCP range of IPs. Ex: The control plane IP should be treated as a reserved/static IP that no other machine on the network will use or receive from DHCP. If the control plane IP or appliance VM IP changes, this impacts the resource bridge availability and functionality.
 
 ## Management machine requirements
 
@@ -58,10 +60,14 @@ The machine used to run the commands to deploy and maintain Arc resource bridge
 Management machine requirements:
 
 - [Azure CLI x64](/cli/azure/install-azure-cli-windows?tabs=azure-cli) installed
-- Open communication to Control Plane IP (`controlplaneendpoint` parameter in `createconfig` command)
-- Open communication to Appliance VM IP
-- Open communication to the reserved Appliance VM IP
-- if applicable, communication over port 443 to the private cloud management console (ex: VMware vCenter host machine)
+- Open communication to Control Plane IP 
+
+- Communication to Appliance VM IP (SSH TCP port 22, Kubernetes API port 6443)
+
+- Communication to the reserved Appliance VM IP ((SSH TCP port 22, Kubernetes API port 6443)
+
+- communication over port 443 (if applicable) to the private cloud management console (ex: VMware vCenter host machine)
+
 - Internal and external DNS resolution. The DNS server must resolve internal names, such as the vCenter endpoint for vSphere or cloud agent service endpoint for Azure Stack HCI. The DNS server must also be able to resolve external addresses that are [required URLs](network-requirements.md#outbound-connectivity) for deployment.
 - Internet access
 
@@ -77,11 +83,8 @@ Appliance VM IP address requirements:
 
 - Open communication with the management machine and management endpoint (such as vCenter for VMware or MOC cloud agent service endpoint for Azure Stack HCI).
 - Internet connectivity to [required URLs](network-requirements.md#outbound-connectivity) enabled in proxy/firewall.
-- Static IP assigned (strongly recommended)
+- Static IP assigned and within the IP address prefix.
 
-  - If using DHCP, then the address must be reserved and  outside of the assignable DHCP range of IPs. No other machine on the network will use or receive this IP from DHCP. DHCP is generally not recommended because a change in IP address (ex: due to an outage) impacts the resource bridge availability.
-
-- Must be from within the IP address prefix.
 - Internal and external DNS resolution.
 - If using a proxy, the proxy server has to be reachable from this IP and all IPs within the VM IP pool.
 
@@ -99,15 +102,11 @@ Reserved appliance VM IP requirements:
 
 - Internet connectivity to [required URLs](network-requirements.md#outbound-connectivity) enabled in proxy/firewall.
 
-- Static IP assigned (strongly recommended)
-
-  - If using DHCP, then the address must be reserved and  outside of the assignable DHCP range of IPs. No other machine on the network will use or receive this IP from DHCP. DHCP is generally not recommended because a change in IP address (ex: due to an outage) impacts the resource bridge availability.
-
-  - Must be from within the IP address prefix.
+- Static IP assigned and within the IP address prefix.
 
-  - Internal and external DNS resolution.
+- Internal and external DNS resolution.
 
-  - If using a proxy, the proxy server has to be reachable from this IP and all IPs within the VM IP pool.
+- If using a proxy, the proxy server has to be reachable from this IP and all IPs within the VM IP pool.
 
 ## Control plane IP requirements
 
@@ -117,8 +116,7 @@ Control plane IP requirements:
 
 - Open communication with the management machine.
 
-  - Static IP address assigned; the IP address should be outside the DHCP range but still available on the network segment. This IP address can't be assigned to any other machine on the network. 
-  - If using DHCP, the control plane IP should be a single reserved IP that is outside of the assignable DHCP range of IPs. No other machine on the network will use or receive this IP from DHCP. DHCP is generally not recommended because a change in IP address (ex: due to an outage) impacts the resource bridge availability.
+- Static IP address assigned and within the IP address prefix.
 
 - If using a proxy, the proxy server has to be reachable from IPs within the IP address prefix, including the reserved appliance VM IP.
 
@@ -128,23 +126,23 @@ DNS server(s) must have internal and external endpoint resolution. The appliance
 
 ## Gateway
 
-The gateway IP should be an IP from within the subnet designated in the IP address prefix.
+The gateway IP is the IP of the gateway for the network where Arc resource bridge is deployed. The gateway IP should be an IP from within the subnet designated in the IP address prefix.
 
 ## Example minimum configuration for static IP deployment
 
-The following example shows valid configuration values that can be passed during configuration file creation for Arc resource bridge. It is strongly recommended to use static IP addresses when deploying Arc resource bridge. 
+The following example shows valid configuration values that can be passed during configuration file creation for Arc resource bridge. 
 
 Notice that the IP addresses for the gateway, control plane, appliance VM and DNS server (for internal resolution) are within the IP address prefix. This key detail helps ensure successful deployment of the appliance VM.
 
    IP Address Prefix (CIDR format): 192.168.0.0/29
 
-   Gateway (IP format): 192.168.0.1
+   Gateway IP: 192.168.0.1
 
    VM IP Pool Start (IP format): 192.168.0.2
 
    VM IP Pool End (IP format): 192.168.0.3
 
-   Control Plane IP (IP format): 192.168.0.4
+   Control Plane IP: 192.168.0.4
 
    DNS servers (IP list format): 192.168.0.1, 10.0.0.5, 10.0.0.6