Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into yelevin/auxiliary-logs

Author: yelevin

articles/aks/azure-csi-files-storage-provision.md

@@ -5,7 +5,7 @@ description: Learn how to create a static or dynamic persistent volume with Azur
 ms.topic: article
 ms.custom: devx-track-azurecli
 ms.subservice: aks-storage
-ms.date: 07/09/2024
+ms.date: 07/20/2024
 author: tamram
 ms.author: tamram
 
@@ -108,6 +108,7 @@ For more information on Kubernetes storage classes for Azure Files, see [Kuberne
      - mfsymlinks
      - cache=strict
      - actimeo=30
+     - nobrl  # disable sending byte range lock requests to the server and for applications which have challenges with posix locks
     parameters:
       skuName: Premium_LRS
     ```
@@ -240,6 +241,7 @@ mountOptions:
   - mfsymlinks
   - cache=strict
   - actimeo=30
+  - nobrl  # disable sending byte range lock requests to the server and for applications which have challenges with posix locks
 parameters:
   skuName: Premium_LRS
 ```
@@ -368,7 +370,7 @@ Kubernetes needs credentials to access the file share created in the previous st
         - mfsymlinks
         - cache=strict
         - nosharesock
-        - nobrl
+        - nobrl  # disable sending byte range lock requests to the server and for applications which have challenges with posix locks
     ```
 
 2. Create the persistent volume using the [`kubectl create`][kubectl-create] command.
@@ -470,7 +472,7 @@ spec:
         volumeAttributes:
           secretName: azure-secret  # required
           shareName: aksshare  # required
-          mountOptions: 'dir_mode=0777,file_mode=0777,cache=strict,actimeo=30,nosharesock'  # optional
+          mountOptions: 'dir_mode=0777,file_mode=0777,cache=strict,actimeo=30,nosharesock,nobrl'  # optional
 ```
 
 2. Create the pod using the [`kubectl apply`][kubectl-apply] command.

articles/aks/csi-migrate-in-tree-volumes.md

@@ -2,7 +2,7 @@
 title: Migrate from in-tree storage class to CSI drivers on Azure Kubernetes Service (AKS)
 description: Learn how to migrate from in-tree persistent volume to the Container Storage Interface (CSI) driver in an Azure Kubernetes Service (AKS) cluster.
 ms.topic: article
-ms.date: 01/11/2024
+ms.date: 07/20/2024
 author: mgoedtel
 ms.subservice: aks-storage
 ---
@@ -444,7 +444,7 @@ Migration from in-tree to CSI is supported by creating a static volume:
         - mfsymlinks
         - cache=strict
         - nosharesock
-        - nobrl
+        - nobrl  # disable sending byte range lock requests to the server and for applications which have challenges with posix locks
     ```
 
 5. Create a file named *azurefile-mount-pvc.yaml* file with a *PersistentVolumeClaim* that uses the *PersistentVolume* using the following code.

articles/azure-monitor/agents/azure-monitor-agent-custom-text-log-migration.md

@@ -5,24 +5,29 @@ ms.topic: conceptual
 ms.date: 05/09/2023
 ---
 
-# Migrate from MMA custom text log to AMA DCR based custom text logs
-This article describes the steps to migrate a [MMA Custom text log](data-sources-custom-logs.md) table so you can use it as a destination for a new [AMA custom text logs](data-collection-log-text.md) DCR. When you follow the steps, you won't lose any data. If you're creating a new AMA custom text log table, then this article doesn't pertain to you.
+# Migrate from MMA custom text table to AMA DCR based custom text table
+This article describes the steps to migrate a [MMA Custom text log](data-sources-custom-logs.md) table so you can use it as a destination for a new [AMA custom text logs](data-collection-log-text.md) DCR. If you're creating a new AMA custom text table, then this article doesn't pertain to you.
 
-> Note: Once logs are migrated, MMA will not be able to write to the destination table. This is an issue for the migration of production system that we are actively working.
->
 
-## Background
-MMA custom text logs must be configured to support new features in order for AMA custom text log DCRs to write to it. The following actions are taken:
-- The table is reconfigured to enable all DCR-based custom logs features.
-- All MMA custom fields stop updating in the table. AMA can write data to any column in the table. 
-- The MMA Custom text log can write to noncustom fields, but it will not be able to create new columns. The portal table management UI can be used to change the schema after migration.
+> [!Warning]
+> Your MMA agents won't be able to write to existing custom tables after migration. If your AMA agent writes to an existing custom table, it is implicitly migrated.
+
 
-## Migration procedure
+## Background
+You must configure MMA custom text logs to support new DCR features that allow AMA agents to write to it. Take the following actions:
+- Your table is reconfigured to enable all DCR-based custom logs features.
+- Your AMA agents can write data to any column in the table. 
+- Your MMA Custom text log will lose the ability to write to the custom log.
+To continue to write you custom data from both MMA and AMA each must have its own custom table. Your data queries in LA that process your data must join the two tables until the migration is complete at which point you can remove the join. 
+  
+## Migration
 You should follow the steps only if the following criteria are true:  
 - You created the original table using the Custom Log Wizard.
 - You're going to preserve the existing data in the table.
-- You're going to write new data using and [AMA custom text log DCR](data-collection-log-text.md) and possibly configure an [ingestion time transformation](azure-monitor-agent-transformation.md).
+- You do not need MMA agents to send data to the existing table
+- You're going to exclusively write new data using and [AMA custom text log DCR](data-collection-log-text.md) and possibly configure an [ingestion time transformation](azure-monitor-agent-transformation.md).
 
+## Procedure
 1. Configure your data collection rule (DCR) following procedures at [collect text logs with Azure Monitor Agent](data-collection-log-text.md) 
 2. Issue the following API call against your existing custom logs table to enable ingestion from Data Collection Rule and manage your table from the portal UI. This call is idempotent and future calls have no effect. Migration is one-way, you can't migrate the table back to MMA. 
 

articles/azure-monitor/agents/data-collection-log-text.md

@@ -62,9 +62,8 @@ The incoming stream of data includes the columns in the following table.
 ## Custom table
 Before you can collect log data from a text file, you must create a custom table in your Log Analytics workspace to receive the data. The table schema must match the data you are collecting, or you must add a transformation to ensure that the output schema matches the table. 
 
->
-> Warning: You shouldn’t use an existing custom log table used by MMA agents. Your MMA agents won't be able to write to the table once the first AMA agent writes to the table. You should create a new table for AMA to use to prevent MMA data loss.
->
+> [!Warning]
+> You shouldn’t use an existing custom log table used by MMA agents. Your MMA agents won't be able to write to the table once the first AMA agent writes to the table. You should create a new table for AMA to use to prevent MMA data loss.
 
 
 For example, you can use the following PowerShell script to create a custom table with `RawData` and `FilePath`. You wouldn't need a transformation for this table because the schema matches the default schema of the incoming stream. 

articles/azure-monitor/essentials/activity-log.md

@@ -155,8 +155,6 @@ You can also access activity log events by using the following methods:
 - Use the [Get-AzLog](/powershell/module/az.monitor/get-azlog) cmdlet to retrieve the activity log from PowerShell. See [Azure Monitor PowerShell samples](../powershell-samples.md#retrieve-activity-log).
 - Use [az monitor activity-log](/cli/azure/monitor/activity-log) to retrieve the activity log from the CLI.  See [Azure Monitor CLI samples](../cli-samples.md#view-activity-log).
 - Use the [Azure Monitor REST API](/rest/api/monitor/) to retrieve the activity log from a REST client.
-- 
-- 
 ## Legacy collection methods
 
 > [!NOTE]

articles/azure-monitor/essentials/data-collection-rule-create-edit.md

@@ -35,7 +35,9 @@ The following table lists methods to create data collection scenarios using the
 
 ## Create a DCR
 
-The Azure portal provides a data collection rule wizard for collecting data from virtual machines and for collecting Prometheus metrics from containers. 
+Azure provides a centralized cloud based data collection configuration plan for virtual machines, virtual machine scale sets, On-Prem machines and Prometheus metrics from containers.
+
+This article describes how to create a DCR from scratch. There are other insights solution that provide DCR creation experiences like Sentinel, VM insights, and Application Insights that create DCRs as part of there own workflows. Some time the DCRs created in these by different solution can seem to conflict. There are three tables to which Windows events can be sent to. Sentinel security audit events with go to SecurityEvents, WEF connector events go to the WindowsEvent table. If you use the scratch Windows event collection the results go to the Event table.
 
 To create a data collection rule using the Azure CLI, PowerShell, API, or ARM templates, create a JSON file, starting with one of the [sample DCRs](./data-collection-rule-samples.md). Use information in [Structure of a data collection rule in Azure Monitor](./data-collection-rule-structure.md) to modify the JSON file for your particular environment and requirements.
 

articles/business-continuity-center/tutorial-view-protectable-resources.md

@@ -2,7 +2,7 @@
 title: Tutorial - View protectable resources
 description: In this tutorial, learn how to view your resources that are currently not protected by any solution using Azure Business Continuity center.
 ms.topic: tutorial
-ms.date: 03/29/2024
+ms.date: 07/22/2024
 ms.service: azure-business-continuity-center
 ms.custom:
   - ignite-2023
@@ -18,7 +18,7 @@ This tutorial shows you how to view your resources that are currently not protec
 
 Before you start this tutorial:
 
-- Review supported regions for ABC Center.
+- Review [supported regions for ABC Center](business-continuity-center-support-matrix.md#supported-regions).
 - Ensure you have the required resource permissions to view them in the ABC center.
 
 ## View protectable resources

articles/defender-for-cloud/faq-vulnerability-assessments.yml

@@ -5,7 +5,6 @@ metadata:
   services: defender-for-cloud
   ms.author: dacurwin
   author: dcurwin
-  manager: raynew
   ms.topic: faq
   ms.date: 06/20/2023
 title: Common questions about vulnerability assessment
@@ -14,6 +13,18 @@ summary: |
 sections:
   - name: Ignored
     questions:
+
+      - question: |
+          What is the Auto-Provisioning feature for BYOL, and can it work on multiple solutions?
+        answer: |
+          The Defender for Cloud BYOL integration allows only one solution to have auto-provisioning enabled per subscription. This feature scans all unhealthy machines in the subscription (those without any VA solution installed) and automatically remediates them by installing the selected VA solution. Auto-provisioning will use the single selected BYOL solution for remediation. If no solution is selected or if multiple solutions have auto-provisioning enabled, the system will not perform auto-remediation, as it can't implicitly decide which solution to prioritize.
+                    
+      - question: |
+          Why do I have to specify a resource group when configuring a Bring Your Own License (BYOL) solution?
+        answer: |
+          When you set up your solution, you must choose a resource group to attach it to. The solution isn't an Azure resource, so it won't be included in the list of the resource group’s resources. Nevertheless, it's attached to that resource group. If you later delete the resource group, the BYOL solution is unavailable.
+
+
       - question: |
           Are there any additional charges for the Qualys license?
         answer: |
@@ -99,7 +110,3 @@ sections:
           There are multiple Qualys platforms across various geographic locations. The SOC CIDR and URLs differ depending on the host platform of your Qualys subscription. [Identify your Qualys host platform](https://www.qualys.com/platform-identification/).
                     
           
-      - question: |
-          Why do I have to specify a resource group when configuring a Bring Your Own License (BYOL) solution?
-        answer: |
-          When you set up your solution, you must choose a resource group to attach it to. The solution isn't an Azure resource, so it won't be included in the list of the resource group’s resources. Nevertheless, it's attached to that resource group. If you later delete the resource group, the BYOL solution is unavailable.

articles/defender-for-cloud/release-notes-recommendations-alerts.md

@@ -48,7 +48,7 @@ New and updated recommendations and alerts are added to the table in date order.
 | ----------- | ------------------------------ | ------------------------------------------------------------ | ------------------------------------------------------------ |
 | June 28     | Recommendation                 | GA                                                           | [Azure DevOps repositories should require minimum two-reviewer approval for code pushes](recommendations-reference-devops.md#preview-azure-devops-repositories-should-require-minimum-two-reviewer-approval-for-code-pushes) |
 | June 28     | Recommendation                 | GA                                                           | [Azure DevOps repositories should not allow requestors to approve their own Pull Requests](recommendations-reference-devops.md#preview-azure-devops-repositories-should-not-allow-requestors-to-approve-their-own-pull-requests) |
-| June 28     | Recommendation                 | GA                                                           | [GitHub organizations should not make action secrets accessible to all repositories](recommendations-reference-devops.md#github-organizations-should-not-make-action-secrets-accessible-to-all repositories) |
+| June 28     | Recommendation                 | GA                                                           | [GitHub organizations should not make action secrets accessible to all repositories](recommendations-reference-devops.md#github-organizations-should-not-make-action-secrets-accessible-to-all-repositories) |
 | June 27     | Alert                          | Deprecation                                                  | `Security incident detected suspicious source IP activity`<br><br/> Severity: Medium/High |
 | June 27     | Alert                          | Deprecation                                                  | `Security incident detected on multiple resources`<br><br/> Severity: Medium/High |
 | June 27     | Alert                          | Deprecation                                                  | `Security incident detected compromised machine`<br><br/> Severity: Medium/High |

articles/defender-for-cloud/secrets-scanning.md

@@ -23,6 +23,20 @@ Defender for Cloud provides secrets scanning for virtual machines, and for cloud
 - **Cloud deployments**: Agentless secrets scanning across multicloud infrastructure-as-code deployment resources.
 - **Azure DevOps**: [Scanning to discover exposed secrets in Azure DevOps](defender-for-devops-introduction.md).
 
+## Prerequisites
+
+Required roles and permissions:
+
+   - Security Reader
+   
+      - Security Admin
+      
+         - Reader
+         
+            - Contributor
+            
+               - Owner
+               
 ## Deploying secrets scanning
 
 Secrets scanning is provided as a feature in Defender for Cloud plans: