Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into heidist-fresh

Author: HeidiSteen

.openpublishing.publish.config.json

@@ -931,6 +931,12 @@
       "url": "https://github.com/Azure-Samples/cosmos-db-sql-api-dotnet-samples",
       "branch": "v3",
       "branch_mapping": {}
+    },
+    {
+      "path_to_root": "azure-cosmos-mongodb-dotnet",
+      "url": "https://github.com/Azure-Samples/cosmos-db-mongodb-api-dotnet-samples",
+      "branch": "quickstart-test",
+      "branch_mapping": {}
     }
   ],
   "branch_target_mapping": {

.openpublishing.redirection.defender-for-iot.json

@@ -1,5 +1,10 @@
 {
     "redirections": [
+        {
+            "source_path_from_root": "/articles/defender-for-iot/organizations/plan-network-monitoring.md",
+            "redirect_url": "/azure/defender-for-iot/organizations/best-practices/plan-network-monitoring",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/defender-for-iot/organizations/how-to-identify-required-appliances.md",
             "redirect_url": "/azure/defender-for-iot/organizations/ot-appliance-sizing",

articles/active-directory-domain-services/concepts-forest-trust.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 06/07/2021
+ms.date: 07/05/2022
 ms.author: justinha
 ---
 
@@ -280,11 +280,8 @@ Administrators can use *Active Directory Domains and Trusts*, *Netdom* and *Nlte
 
 ## Next steps
 
-To learn more about forest trusts, see [How do forest trusts work in Azure AD DS?][concepts-trust]
-
 To get started with creating a managed domain with a forest trust, see [Create and configure an Azure AD DS managed domain][tutorial-create-advanced]. You can then [Create an outbound forest trust to an on-premises domain][create-forest-trust].
 
 <!-- LINKS - INTERNAL -->
-[concepts-trust]: concepts-forest-trust.md
 [tutorial-create-advanced]: tutorial-create-instance-advanced.md
 [create-forest-trust]: tutorial-create-forest-trust.md

articles/active-directory/app-provisioning/on-premises-scim-provisioning.md

@@ -7,7 +7,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 11/17/2021
+ms.date: 07/05/2022
 ms.author: billmath
 ms.reviewer: arvinh
 ---
@@ -27,7 +27,6 @@ The Azure Active Directory (Azure AD) provisioning service supports a [SCIM 2.0]
 To provision users to SCIM-enabled apps:
 
  1. [Download](https://aka.ms/OnPremProvisioningAgent) the provisioning agent and copy it onto the virtual machine or server that your SCIM endpoint is hosted on.
- 1. Copy the agent onto the virtual machine or server that your SCIM endpoint is hosted on.
  1. Open the provisioning agent installer, agree to the terms of service, and select **Install**.
  1. Open the provisioning agent wizard, and select **On-premises provisioning** when prompted for the extension you want to enable.
  1. Provide credentials for an Azure AD administrator when you're prompted to authorize. Hybrid administrator or global administrator is required.

articles/active-directory/app-provisioning/provision-on-demand.md

@@ -1,5 +1,5 @@
 ---
-title: Provision a user on demand by using Azure Active Directory
+title: Provision a user or group on demand using the Azure Active Directory provisioning service
 description: Learn how to provision users on demand in Azure Active Directory.
 services: active-directory
 author: kenwith
@@ -8,13 +8,13 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.workload: identity
 ms.topic: how-to
-ms.date: 03/09/2022
+ms.date: 06/30/2022
 ms.author: kenwith
 ms.reviewer: arvinh
 ---
 
 # On-demand provisioning in Azure Active Directory
-Use on-demand provisioning to provision a user into an application in seconds. Among other things, you can use this capability to:
+Use on-demand provisioning to provision a user or group in seconds. Among other things, you can use this capability to:
 
 * Troubleshoot configuration issues quickly.
 * Validate expressions that you've defined.
@@ -27,7 +27,7 @@ Use on-demand provisioning to provision a user into an application in seconds. A
 1. Select your application, and then go to the provisioning configuration page.
 1. Configure provisioning by providing your admin credentials.
 1. Select **Provision on demand**.
-1. Search for a user by first name, last name, display name, user principal name, or email address.
+1. Search for a user by first name, last name, display name, user principal name, or email address. Alternatively, you can search for a group and pick up to 5 users. 
    > [!NOTE]
    > For Cloud HR provisioning app (Workday/SuccessFactors to AD/Azure AD), the input value is different. 
    > For Workday scenario, please provide "WorkerID" or "WID" of the user in Workday. 
@@ -130,6 +130,7 @@ The **View details** section displays the attributes that were modified in the t
 #### Troubleshooting tips
 
 * Failures for exporting changes can vary greatly. Check the [documentation for provisioning logs](../reports-monitoring/concept-provisioning-logs.md#error-codes) for common failures.
+* On-demand provisioning says the group or user can't be provisioned because they're not assigned to the application. Note that there is a replicate delay of up to a few minutes between when an object is assigned to an application and that assignment being honored by on-demand provisioning. You may need to wait a few minutes and try again.  
 
 ## Frequently asked questions
 
@@ -145,9 +146,9 @@ There are currently a few known limitations to on-demand provisioning. Post your
 > The following limitations are specific to the on-demand provisioning capability. For information about whether an application supports provisioning groups, deletions, or other capabilities, check the tutorial for that application.
 
 * Amazon Web Services (AWS) application does not support on-demand provisioning. 
-* On-demand provisioning of groups and roles isn't supported.
+* On-demand provisioning of groups supports updating up to 5 members at a time
+* On-demand provisioning of roles isn't supported.
 * On-demand provisioning supports disabling users that have been unassigned from the application. However, it doesn't support disabling or deleting users that have been disabled or deleted from Azure AD. Those users won't appear when you search for a user.
-* Provisioning multiple roles on a user isn't supported by on-demand provisioning. 
 
 ## Next steps
 

articles/active-directory/roles/admin-units-faq-troubleshoot.yml

@@ -54,7 +54,7 @@ sections:
       - question: |
           What does it mean to add a group to an administrative unit?
         answer: |
-          Adding a group to an administrative unit brings the group itself into the management scope of any group administrator who is also scoped to that administrative unit. For more information, see [Administrative units in Azure Active Directory](administrative-units.md#groups).
+          Adding a group to an administrative unit brings the group itself into the management scope of the administrative unit, but **not** the members of the group. For more information, see [Administrative units in Azure Active Directory](administrative-units.md#groups).
 
       - question: |
           Can a resource (user, group, or device) be a member of more than one administrative unit?

articles/active-directory/roles/admin-units-members-add.md

@@ -22,7 +22,7 @@ ms.collection: M365-identity-device-management
 > Administrative units support for devices is currently in PREVIEW.
 > See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
 
-In Azure Active Directory (Azure AD), you can add users, groups, or devices to an administrative unit to restrict the scope of role permissions. Adding a group to an administrative unit brings the group itself into the management scope of any group administrator who is also scoped to that administrative unit. For additional details on what scoped administrators can do, see [Administrative units in Azure Active Directory](administrative-units.md).
+In Azure Active Directory (Azure AD), you can add users, groups, or devices to an administrative unit to restrict the scope of role permissions. Adding a group to an administrative unit brings the group itself into the management scope of the administrative unit, but **not** the members of the group. For additional details on what scoped administrators can do, see [Administrative units in Azure Active Directory](administrative-units.md).
 
 This article describes how to add users, groups, or devices to administrative units manually. For information about how to add users or devices to administrative units dynamically using rules, see [Manage users or devices for an administrative unit with dynamic membership rules](admin-units-members-dynamic.md).
 

articles/api-management/authorizations-how-to.md

@@ -73,7 +73,7 @@ Four steps are needed to set up an authorization with the authorization code gra
 1. Sign in to your GitHub account if you're prompted to do so.
 1. Select **Authorize** so that the application can access the signed-in user’s account. 
 
-     :::image type="content" source="media/authorizations-how-to/consent-to-authorization.png" alt-text="Screenshot of consenting to authorize with Github."::: 
+     :::image type="content" source="media/authorizations-how-to/consent-to-authorization.png" alt-text="Screenshot of consenting to authorize with GitHub."::: 
 
     After authorization, the browser is redirected to API Management and the window is closed. If prompted during redirection, select **Allow access**. In API Management, select **Next**.
 1. On the **Access policy** page, create an access policy so that API Management has access to use the authorization. Ensure that a managed identity is configured for API Management. [Learn more about managed identities in API Management](api-management-howto-use-managed-service-identity.md#create-a-system-assigned-managed-identity).

articles/app-service/environment/using-an-ase.md

@@ -116,7 +116,7 @@ In an ILB ASE, the domain suffix used for app creation is *.<asename>.apps
 
 For information about how to create an ILB ASE, see [Create and use an ILB ASE][MakeILBASE].
 
-The SCM URL is used to access the Kudu console or for publishing your app by using Web Deploy. For information on the Kudu console, see [Kudu console for Azure App Service][Kudu]. The Kudu console gives you a web UI for debugging, uploading files, editing files, and much more.
+The SCM URL is used to access the Kudu console or for publishing your app by using Web Deploy. The Kudu console gives you a web UI for debugging, uploading files, editing files, and much more.
 
 ### DNS configuration 
 
@@ -300,7 +300,6 @@ For more specific examples, use: az find "az appservice ase"
 [Pricing]: https://azure.microsoft.com/pricing/details/app-service/
 [ARMOverview]: ../../azure-resource-manager/management/overview.md
 [ConfigureSSL]: ../configure-ssl-certificate.md
-[Kudu]: https://azure.microsoft.com/resources/videos/super-secret-kudu-debug-console-for-azure-web-sites/
 [AppDeploy]: ../deploy-local-git.md
 [ASEWAF]: ./integrate-with-application-gateway.md
 [AppGW]: ../../web-application-firewall/ag/ag-overview.md

articles/azure-arc/data/includes/azure-arc-data-preview-release.md

@@ -1,18 +1,16 @@
 ---
 author: MikeRayMSFT
+ms.author: mikeray
 ms.service: azure-arc
 ms.topic: include
-ms.date: 06/28/2022
-ms.author: mikeray
+ms.date: 07/05/2022
 ---
 
-The current preview released on June 28, 2022.
-
-This preview is a test release.
+The current preview released on July 05, 2022.
 
 |Component|Value|
 |-----------|-----------|
-|Container images registry/repository |`mcr.microsoft.com/arcdata/test`|
+|Container images registry/repository |`mcr.microsoft.com/arcdata/preview`|
 |Container images tag |`v1.9.0_2022-07-12`|
 |CRD names and version|`datacontrollers.arcdata.microsoft.com`: v1beta1, v1 through v6<br/>`exporttasks.tasks.arcdata.microsoft.com`: v1beta1, v1, v2<br/>`kafkas.arcdata.microsoft.com`: v1beta1<br/>`monitors.arcdata.microsoft.com`: v1beta1, v1, v2<br/>`sqlmanagedinstances.sql.arcdata.microsoft.com`: v1beta1, v1 through v6<br/>`postgresqls.arcdata.microsoft.com`: v1beta1, v1beta2<br/>`sqlmanagedinstancerestoretasks.tasks.sql.arcdata.microsoft.com`: v1beta1, v1<br/>`failovergroups.sql.arcdata.microsoft.com`: v1beta1, v1beta2, v1<br/>`activedirectoryconnectors.arcdata.microsoft.com`: v1beta1, v1beta2<br/>|
 |Azure Resource Manager (ARM) API version|2022-03-01-preview (No change)|
@@ -31,8 +29,9 @@ New for this release:
   - Added process level CPU  and memory metrics to the monitoring dashboards for the SQL managed instance process.
   - syncSecondaryToCommit property is now available to be viewed and edited in Azure portal and Azure Data Studio.
   - Added ability to set the DNS name for the readableSecondaries service in Azure CLI and Azure portal.
+  - Now collecting the agent.log, security.log and sqlagentstartup.log for Arc-enabled SQL Managed instance to ElasticSearch so they're searchable via Kibana and optionally uploading them to Azure Log Analytics.
+  - There are more additional notifications when provisioning new SQL managed instances is blocked due to not exporting/uploading billing data to Azure.
 
 - Data controller
   - Permissions required to deploy the Arc data controller have been reduced to a least-privilege level.
-  - When deployed via the Azure CLI, the Arc data controller is now installed via a K8s job that uses a helm chart to do the installation. There's no change to the user experience.
-
+  - When deployed via the Azure CLI, the Arc data controller is now installed via a K8s job that uses a helm chart to do the installation. There's no change to the user experience.