Merge pull request #273065 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: Taojunshen

articles/ai-studio/how-to/deploy-models-llama.md

@@ -245,7 +245,7 @@ __Body__
 {
     "prompt": "What's the distance to the moon?",
     "temperature": 0.8,
-    "max_tokens": 512,
+    "max_tokens": 512
 }
 ```
 

articles/azure-monitor/agents/azure-monitor-agent-migration.md

@@ -12,12 +12,12 @@ ms.custom:
 
 # Migrate to Azure Monitor Agent from Log Analytics agent
 
-[Azure Monitor Agent (AMA)](./agents-overview.md) replaces the Log Analytics agent (also known as Microsoft Monitor Agent (MMA) and OMS) for Windows and Linux machines, in Azure and non-Azure environments, including on-premises and third-party clouds. The agent introduces a simplified, flexible method of configuring data dollection using [Data Collection Rules (DCRs)](../essentials/data-collection-rule-overview.md). This article provides guidance on how to implement a successful migration from the Log Analytics agent to Azure Monitor Agent.
+[Azure Monitor Agent (AMA)](./agents-overview.md) replaces the Log Analytics agent (also known as Microsoft Monitor Agent (MMA) and OMS) for Windows and Linux machines, in Azure and non-Azure environments, including on-premises and third-party clouds. The agent introduces a simplified, flexible method of configuring data collection using [Data Collection Rules (DCRs)](../essentials/data-collection-rule-overview.md). This article provides guidance on how to implement a successful migration from the Log Analytics agent to Azure Monitor Agent.
 
 If you're currently using the Log Analytics agent with Azure Monitor or [other supported features and services](#migrate-additional-services-and-features), start planning your migration to Azure Monitor Agent by using the information in this article. If you are using the Log Analytics Agent for SCOM, you need to [migrate to the SCOM Agent](../vm/scom-managed-instance-overview.md).
 
 The Log Analytics agent will be [retired on **August 31, 2024**](https://azure.microsoft.com/updates/were-retiring-the-log-analytics-agent-in-azure-monitor-on-31-august-2024/). You can expect the following when you use the MMA or OMS agent after this date.
-> - **Data upload**: You can still upload data. At some point when major customer have finished migrating and data volumes significantly drop, upload will be suspended. You can expect this to take at least 6 to 9 months.  You will not receive a breaking change notification of the suspension. 
+> - **Data upload**: You can still upload data. At some point when major customers have finished migrating and data volumes significantly drop, upload will be suspended. You can expect this to take at least 6 to 9 months.  You will not receive a breaking change notification of the suspension. 
 > - **Install or reinstall**: You can still install and reinstall the legacy agents. You will not be able to get support for installing or reinstalling issues.
 > - **Customer Support**: You can expect support for MMA/OMS for security issues.
 
@@ -32,7 +32,7 @@ Before you begin migrating from the Log Analytics agent to Azure Monitor Agent,
 ### Before you begin 
 
 > [!div class="checklist"]
-> - **Check the [prerequisites](./azure-monitor-agent-manage.md#prerequisites) for installing Azure Monitor Agent.**<br>To monitor non-Azure and on-premises servers, you must [install the Azure Arc agent](../../azure-arc/servers/agent-overview.md). The Arc agent makes your on-premises servers visible as to Azure as a resource it can target. You won't incur any additional cost for installing the Azure Arc agent. 
+> - **Check the [prerequisites](./azure-monitor-agent-manage.md#prerequisites) for installing Azure Monitor Agent.**<br>To monitor non-Azure and on-premises servers, you must [install the Azure Arc agent](../../azure-arc/servers/agent-overview.md). The Arc agent makes your on-premises servers visible to Azure as a resource it can target. You won't incur any additional cost for installing the Azure Arc agent. 
 > - **Understand your current needs.**<br>Use the **Workspace overview** tab of the [AMA Migration Helper](./azure-monitor-agent-migration-tools.md#using-ama-migration-helper) to see connected agents and discover solutions enabled on your Log Analytics workspaces that use legacy agents, including per-solution migration recommendations. 
 > - **Verify that Azure Monitor Agent can address all of your needs.**<br>Azure Monitor Agent is General Availablity (GA) for data collection and is used for data collection by various Azure Monitor features and other Azure services. For details, see [Supported services and features](#migrate-additional-services-and-features). 
 > - **Consider installing Azure Monitor Agent together with a legacy agent for a transition period.**<br>Run Azure Monitor Agent alongside the legacy Log Analytics agent on the same machine to continue using existing functionality during evaluation or migration. Keep in mind that running two agents on the same machine doubles resource consumption, including but not limited to CPU, memory, storage space, and network bandwidth.<br>

articles/azure-resource-manager/bicep/add-template-to-azure-pipelines.md

@@ -63,7 +63,9 @@ You can use Azure Resource Group Deployment task or Azure CLI task to deploy a B
     name: Deploy Bicep files
 
     parameters:
-      azureServiceConnection: '<your-connection-name>'
+    - name: azureServiceConnection
+      type: string
+      default: '<your-connection-name>'
 
     variables:
       vmImageName: 'ubuntu-latest'

articles/postgresql/flexible-server/concepts-security.md

@@ -55,8 +55,6 @@ These alerts appear in Defender for Cloud's security alerts page and include:
 - Recommended actions for how to investigate and mitigate the threat
 - Options for continuing your investigations with Microsoft Sentinel
 
-
-
 ### Microsoft Defender for Cloud and Brute Force Attacks
 
 A brute force attack is among the most common and fairly successful hacking methods, despite being least sophisticated hacking methods. The theory behind such an attack is that if you take an infinite number of attempts to guess a password, you're bound to be right eventually. When Microsoft Defender for Cloud detects a brute force attack, it triggers an [alert](../../defender-for-cloud/defender-for-databases-introduction.md#what-kind-of-alerts-does-microsoft-defender-for-open-source-relational-databases-provide) to bring you awareness that a brute force attack took place. It also can separate simple brute force attack from brute force attack on a valid user or a successful brute force attack.
@@ -71,6 +69,9 @@ To get alerts from the Microsoft Defender plan, you'll first need to **enable it
 
 :::image type="content" source="media/concepts-security/defender-for-cloud-azure-portal-postgresql.png" alt-text="Screenshot of Azure portal showing how to enable Cloud Defender." lightbox="media/concepts-security/defender-for-cloud-azure-portal-postgresql.png":::
 
+> [!NOTE]
+> If you have the "open-source relational databases" feature enabled in your Microsoft Defender plan, you will observe that Microsoft Defender is automatically enabled by default for your Azure Database for PostgreSQL flexible server resource.
+
 ## Access management
 
 The best way to manage Azure Database for PostgreSQL - Flexible Server database access permissions at scale is using the concept of [roles](https://www.postgresql.org/docs/current/user-manag.html). A role can be either a database user or a group of database users. Roles can own the database objects and assign privileges on those objects to other roles to control who has access to which objects. It's also possible to grant membership in a role to another role, thus allowing the member role to use privileges assigned to another role.

includes/azure-storage-account-metrics-dimensions.md

@@ -11,5 +11,5 @@
 | **GeoType** | Transaction from Primary or Secondary cluster. The available values include **Primary** and **Secondary**. It applies to Read Access Geo Redundant Storage(RA-GRS) when reading objects from secondary tenant. |
 | **ResponseType** | Transaction response type. The available values include: <br/><br/> <li>**ServerOtherError**: All other server-side errors except described ones </li> <li>**ServerBusyError**: Authenticated request that returned an HTTP 503 status code. </li> <li>**ServerTimeoutError**: Timed-out authenticated request that returned an HTTP 500 status code. The timeout occurred due to a server error. </li><li>**AuthenticationError**: The request failed to be authenticated by the server.</li><li>**AuthorizationError**: Authenticated request that failed due to unauthorized access of data or an authorization failure. </li> <li>**NetworkError**: Authenticated request that failed due to network errors. Most commonly occurs when a client prematurely closes a connection before timeout expiration. </li><li>**ClientAccountBandwidthThrottlingError**: The request is throttled on bandwidth for exceeding [storage account scalability limits](../articles/storage/common/scalability-targets-standard-account.md?toc=%2fazure%2fstorage%2fblobs%2ftoc.json).</li><li>**ClientAccountRequestThrottlingError**: The request is throttled on request rate for exceeding [storage account scalability limits](../articles/storage/common/scalability-targets-standard-account.md?toc=%2fazure%2fstorage%2fblobs%2ftoc.json).<li>**ClientThrottlingError**: Other client-side throttling error. ClientAccountBandwidthThrottlingError and ClientAccountRequestThrottlingError are excluded.</li><li>**ClientShareEgressThrottlingError**: Applicable to premium files shares only. Other client-side throttling error. The request failed due to egress bandwidth throttling for exceeding share limits. ClientAccountBandwidthThrottlingError is excluded.</li><li>**ClientShareIngressThrottlingError**: Applicable to premium files shares only. Other client-side throttling error. The request failed due to ingress bandwidth throttling for exceeding share limits. ClientAccountBandwidthThrottlingError is excluded.</li><li>**ClientShareIopsThrottlingError**: Other client-side throttling error. The request failed due to IOPS throttling. ClientAccountRequestThrottlingError is excluded.</li><li>**ClientTimeoutError**: Timed-out authenticated request that returned an HTTP 500 status code. If the client's network timeout or the request timeout is set to a lower value than expected by the storage service, it is an expected timeout. Otherwise, it is reported as a ServerTimeoutError. </li> <li>**ClientOtherError**: All other client-side errors except described ones. </li> <li>**Success**: Successful request</li> <li> **SuccessWithThrottling**: Successful request when a SMB client gets throttled in the first attempt(s) but succeeds after retries.</li><li> **SuccessWithShareEgressThrottling**: Applicable to premium files shares only. Successful request when a SMB client gets throttled due to egress bandwidth throttling in the first attempt(s) but succeeds after retries.</li><li> **SuccessWithShareIngressThrottling**: Applicable to premium files shares only. Successful request when a SMB client gets throttled due to ingress bandwidth throttling in the first attempt(s) but succeeds after retries.</li><li> **SuccessWithShareIopsThrottling**: Successful request when a SMB client gets throttled due to IOPS throttling in the first attempt(s) but succeeds after retries.</li> |
 | **ApiName** | The name of operation. If a failure occurs before the name of the [operation](/rest/api/storageservices/storage-analytics-logged-operations-and-status-messages) is identified,  the name appears as "Unknown". You can use the value of the **ResponseType** dimension to learn more about the failure.
-| **Authentication** | Authentication type used in transactions. The available values include: <br/> <li>**AccountKey**: The transaction is authenticated with storage account key.</li> <li>**SAS**: The transaction is authenticated with shared access signatures.</li> <li>**OAuth**: The transaction is authenticated with OAuth access tokens.</li> <li>**Anonymous**: The transaction is requested anonymously. It doesn’t include preflight requests.</li> <li>**AnonymousPreflight**: The transaction is preflight request.</li>|
+| **Authentication** | Authentication type used in transactions. The available values include: <br/> <li>**AccountKey**: The transaction is authenticated with storage account key.</li> <li>**SAS**: The transaction is authenticated with service/account shared access signatures.</li><li>**DelegationSas**: The transaction is authenticated with user-delegation SAS.</li> <li>**OAuth**: The transaction is authenticated with OAuth access tokens.</li> <li>**Anonymous**: The transaction is requested anonymously. It doesn’t include preflight requests.</li> <li>**AnonymousPreflight**: The transaction is preflight request.</li>|
 | **TransactionType** | Type of transaction. The available values include: <br/> <li>**User**: The transaction was made by customer.</li> <li>**System**: The transaction was made by system process.</li> |

includes/load-balancer-create-bastion.md

@@ -12,7 +12,7 @@
 
 ## Create a virtual network and bastion host
 
-In this section, you creates a virtual network with a resource subnet, an Azure Bastion subnet, and an Azure Bastion host.
+In this section, you create a virtual network with a resource subnet, an Azure Bastion subnet, and an Azure Bastion host.
 
 > [!IMPORTANT]
 > [!INCLUDE [Pricing](bastion-pricing.md)]
@@ -63,4 +63,4 @@ In this section, you creates a virtual network with a resource subnet, an Azure
 
 8. Select **Save**.
 
-9. Select **Review + create** at the bottom of the screen, and when validation passes, select **Create**.
+9. Select **Review + create** at the bottom of the screen, and when validation passes, select **Create**.