Merge pull request #220293 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: huypub

articles/active-directory/standards/memo-22-09-multi-factor-authentication.md

@@ -25,7 +25,7 @@ Adoption of MFA is critical for preventing unauthorized access to accounts and d
 
 ## Phishing-resistant methods
 
-U.S. Federal agencies will be approaching this guidance from different starting points. Some agencies will have already deployed modern credentials such as [FIDO2 security keys](../authentication/concept-authentication-passwordless.md#fido2-security-keys) or [Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-overview), many are evaluating [Azure AD certificate-based authentication](../authentication/concept-certificate-based-authentication.md) (currently in Public Preview), some are just starting to modernize their authentication credentials. This guidance is meant to inform agencies on the multiple options available to meet phishing-resistant MFA requirements with Azure AD. The reality is that phishing-resistant MFA is needed sooner then later.  Microsoft recommends adopting phishing-resistant MFA method as soon as possible by whichever method below best matches the agency's current capability. Agencies should approach the phishing-resistant MFA requirement of the memorandum from the mindset of what can I do **now** to gain phishing-resistance for my accounts. Implementing phishing-resistant MFA will provide a significant positive impact on improving the agency's overall cybersecurity posture. The end goal here is to fully implement one or more of the modern credentials. However, if the quickest path to phishing-resistance is not a modern approach below, agencies should take that step as a starting point on their journey towards the more modern approaches.
+U.S. Federal agencies will be approaching this guidance from different starting points. Some agencies will have already deployed modern credentials such as [FIDO2 security keys](../authentication/concept-authentication-passwordless.md#fido2-security-keys) or [Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-overview), many are evaluating [Azure AD certificate-based authentication](../authentication/concept-certificate-based-authentication.md) (currently in Public Preview), some are just starting to modernize their authentication credentials. This guidance is meant to inform agencies on the multiple options available to meet phishing-resistant MFA requirements with Azure AD. The reality is that phishing-resistant MFA is needed sooner than later.  Microsoft recommends adopting phishing-resistant MFA method as soon as possible by whichever method below best matches the agency's current capability. Agencies should approach the phishing-resistant MFA requirement of the memorandum from the mindset of what can I do **now** to gain phishing-resistance for my accounts. Implementing phishing-resistant MFA will provide a significant positive impact on improving the agency's overall cybersecurity posture. The end goal here is to fully implement one or more of the modern credentials. However, if the quickest path to phishing-resistance is not a modern approach below, agencies should take that step as a starting point on their journey towards the more modern approaches.
 
 ![Table of Azure AD phishing-resistant methods.](media/memo-22-09/azure-active-directory-pr-methods.png)
 

articles/azure-arc/kubernetes/overview.md

@@ -8,9 +8,9 @@ description: "This article provides an overview of Azure Arc-enabled Kubernetes.
 
 # What is Azure Arc-enabled Kubernetes?
 
-Azure Arc-enabled Kubernetes allows you to attach and configure Kubernetes clusters running anywhere. You can connect your clusters running on other public cloud providers (such as GCP or AWS) or clusters running on your on-premises data center (such as VMware vSphere or Azure Stack HCI) to Azure Arc.
+Azure Arc-enabled Kubernetes allows you to attach and configure Kubernetes clusters running anywhere. You can connect your clusters running on other public cloud providers (such as GCP or AWS) or clusters running on your on-premises data center (such as VMware vSphere or Azure Stack HCI) to Azure through the Arc platform.
 
-When you connect a Kubernetes cluster to Azure Arc, it will:
+When you connect a Kubernetes cluster to Azure, it will:
 
 * Be represented in Azure Resource Manager by a unique ID
 * Be placed in an Azure subscription and resource group
@@ -20,17 +20,17 @@ Azure Arc-enabled Kubernetes supports industry-standard SSL to secure data in tr
 
 Azure Arc-enabled Kubernetes supports the following scenarios for connected clusters:
 
-* [Connect Kubernetes](quickstart-connect-cluster.md) running outside of Azure for inventory, grouping, and tagging.
+* Single pane of glass to view all [connected Kubernetes clusters](quickstart-connect-cluster.md) running outside of Azure for inventory, grouping, and tagging, along with Azure Kubernetes Service (AKS) clusters.
 
 * Deploy applications and apply configuration using [GitOps-based configuration management](tutorial-use-gitops-connected-cluster.md).
 
 * View and monitor your clusters using [Azure Monitor for containers](../../azure-monitor/containers/container-insights-enable-arc-enabled-clusters.md?toc=/azure/azure-arc/kubernetes/toc.json).
 
 * Enforce threat protection using [Microsoft Defender for Kubernetes](../../defender-for-cloud/defender-for-kubernetes-azure-arc.md?toc=/azure/azure-arc/kubernetes/toc.json).
 
-* Apply policy definitions using [Azure Policy for Kubernetes](../../governance/policy/concepts/policy-for-kubernetes.md?toc=/azure/azure-arc/kubernetes/toc.json).
+* Ensure governance through applying policies with [Azure Policy for Kubernetes](../../governance/policy/concepts/policy-for-kubernetes.md?toc=/azure/azure-arc/kubernetes/toc.json).
 
-* Use [Azure Active Directory for authentication and authorization checks](azure-rbac.md) on your cluster.
+* Manage access by using [Azure Active Directory for authentication and authorization checks](azure-rbac.md) on your cluster.
 
 * Securely access your Kubernetes cluster from anywhere without opening inbound port on firewall using [Cluster Connect](cluster-connect.md).
 

articles/azure-monitor/agents/azure-monitor-agent-migration.md

@@ -23,7 +23,7 @@ Azure Monitor Agent provides the following benefits over legacy agents:
 
 - **Security and performance**
   - Enhanced security through Managed Identity and Azure Active Directory (Azure AD) tokens (for clients).
-  - Same events-per-second (EPS) upload rate with less resouce utilization.
+  - Same events-per-second (EPS) upload rate with less resource utilization.
 - **Cost savings** by [using data collection rules](data-collection-rule-azure-monitor-agent.md). Using DCRs is one of the most useful advantages of using Azure Monitor Agent:
   - DCRs let you configure data collection for specific machines connected to a workspace as compared to the "all or nothing" approach of legacy agents.
   - With DCRs, you can define which data to ingest and which data to filter out to reduce workspace clutter and save on costs.

articles/azure-monitor/app/opentelemetry-overview.md

@@ -59,7 +59,7 @@ A direct exporter sends telemetry in-process (from the application's code) direc
 
 *All currently supported OpenTelemetry-based offerings in Azure Monitor use a direct exporter*.
 
-Alternatively, sending telemetry via an agent will provide a path for any OpenTelemetry-supported language to send to Azure Monitor via [online transactional processing (OTLP)](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/README.md). Receiving OTLP will enable customers to observe applications written in languages beyond our [supported languages](platforms.md).
+Alternatively, sending telemetry via an agent will provide a path for any OpenTelemetry-supported language to send to Azure Monitor via [Open Telemetry Protocol (OTLP)](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/README.md). Receiving OTLP will enable customers to observe applications written in languages beyond our [supported languages](platforms.md).
 
 > [!NOTE]
 > Some customers have begun to use the [OpenTelemetry-Collector](https://github.com/open-telemetry/opentelemetry-collector/blob/main/docs/design.md) as an agent alternative even though Microsoft doesn't officially support the "via an agent" approach for application monitoring yet. In the meantime, the open-source community has contributed an OpenTelemetry-Collector Azure Monitor exporter that some customers are using to send data to Azure Monitor Application Insights.

articles/backup/guidance-best-practices.md

@@ -239,7 +239,7 @@ With soft-delete, if a user deletes the backup (of a VM, SQL Server database, Az
 
 Any administrator that has the privileged access to your backup data has the potential to cause irreparable damage to the system. A rogue admin can delete all your business-critical data or even turn off all the security measures that may leave your system vulnerable to cyber-attacks.
 
-Azure Backup provides you with the [Multi-User Authorization (MUA)](./multi-user-authorization.md) feature to protect you from such rouge administrator attacks. Multi-user authorization helps protect against a rogue administrator performing destructive operations (that is, disabling soft-delete), by ensuring that every privileged/destructive operation is done only after getting approval from a security administrator. 
+Azure Backup provides you with the [Multi-User Authorization (MUA)](./multi-user-authorization.md) feature to protect you from such rogue administrator attacks. Multi-user authorization helps protect against a rogue administrator performing destructive operations (that is, disabling soft-delete), by ensuring that every privileged/destructive operation is done only after getting approval from a security administrator. 
 
 ### Ransomware Protection
 

articles/governance/resource-graph/how-to/get-resource-changes.md

@@ -301,10 +301,10 @@ resourcechanges  
 ```kusto
 resourcechanges 
 |extend targetResourceId = tostring(properties.targetResourceId), changeType = tostring(properties.changeType), createTime = todatetime(properties.changeAttributes.timestamp) 
-| where createTime > ago(7d) and changeType == "Create" 
+| where createTime > ago(7d) and changeType == "Create" or changeType == "Update" or changeType == "Delete"
 | project  targetResourceId, changeType, createTime 
-| join ( resources | extend targetResourceId=id) on targetResourceId 
-| where tags[“Environment”] =~ “prod” 
+| join ( resources | extend targetResourceId=id) on targetResourceId
+| where tags ['Environment'] =~ 'prod' 
 | order by createTime desc 
 | project createTime, id, resourceGroup, type
 ```

articles/iot-edge/how-to-install-iot-edge-kubernetes.md

@@ -22,7 +22,7 @@ IoT Edge can be installed on Kubernetes by using [KubeVirt](https://www.cncf.io/
 | Note | Description |
 |-|-|
 |  1 | Install KubeVirt Custom Resource Definitions (CRDs) into the Kubernetes cluster. Like the Kubernetes cluster, management and updates to KubeVirt components are outside the purview of IoT Edge. |
-|  2️ | A KubeVirt `VirtualMachine` custom resource is used to define a Virtual Machine with required resources and base operating system. A running *instance* of this resouce is created in a Kubernetes Pod using [KVM](https://en.wikipedia.org/wiki/Kernel-based_Virtual_Machine) and [QEMU](https://wiki.qemu.org/Main_Page) technologies. If your Kubernetes node itself is a Virtual Machine, you'll need to enable Nested Virtualization to use KubeVirt.|
+|  2️ | A KubeVirt `VirtualMachine` custom resource is used to define a Virtual Machine with required resources and base operating system. A running *instance* of this resource is created in a Kubernetes Pod using [KVM](https://en.wikipedia.org/wiki/Kernel-based_Virtual_Machine) and [QEMU](https://wiki.qemu.org/Main_Page) technologies. If your Kubernetes node itself is a Virtual Machine, you'll need to enable Nested Virtualization to use KubeVirt.|
 |  3️ | The environment inside the QEMU container is just like an OS environment. IoT Edge and its dependencies (like the Docker container engine) can be setup using standard installation instructions or a [cloud-init](https://github.com/Azure-Samples/IoT-Edge-K8s-KubeVirt-Deployment/blob/12e3192b66aa9b49157c8ee9f6b832b322659f2f/deployment/helm/templates/_helper.tpl#L31) script. |
 
 ## Sample

articles/machine-learning/how-to-use-parallel-job-in-pipeline.md

@@ -113,7 +113,7 @@ Sample code to set two attributes:
 
 ### Implement predefined functions in entry script
 
-Entry script is a single python file where user needs to implement three predefined functions with custom code. Azure ML parallel job follows the diagram below to execute them in each processor.
+Entry script is a single Python file where user needs to implement three predefined functions with custom code. Azure ML parallel job follows the diagram below to execute them in each processor.
 
 :::image type="content" source="./media/how-to-use-parallel-job-in-pipeline/how-entry-script-works-in-parallel-job.png" alt-text="Diagram showing how entry script works in parallel job." lightbox ="./media/how-to-use-parallel-job-in-pipeline/how-entry-script-works-in-parallel-job.png":::
 
@@ -133,7 +133,7 @@ Once you have entry script ready, you can set following two attributes to use it
 | Attribute name | Type | Description | Default value |
 |: ------------- | ---- |: ---------- | ------------- |
 | `code` | string | Local path to the source code directory to be uploaded and used for the job. | |
-| `entry_script` | string | The python file that contains the implementation of pre-defined parallel functions. | |
+| `entry_script` | string | The Python file that contains the implementation of pre-defined parallel functions. | |
 
 Sample code to set two attributes:
 

articles/machine-learning/how-to-use-sweep-in-pipeline.md

@@ -54,7 +54,7 @@ Below code snippet is the source code of trial component.
 
 ### Python SDK
 
-The python SDK example can be found in [azureml-example repo](https://github.com/Azure/azureml-examples). Navigate to *azureml-examples/sdk/jobs/pipelines/1c_pipeline_with_hyperparameter_sweep* to check the example.
+The Python SDK example can be found in [azureml-example repo](https://github.com/Azure/azureml-examples). Navigate to *azureml-examples/sdk/jobs/pipelines/1c_pipeline_with_hyperparameter_sweep* to check the example.
 
 In Azure Machine Learning Python SDK v2, you can enable hyperparameter tuning for any command component by calling `.sweep()` method.
 

articles/machine-learning/migrate-to-v2-execution-parallel-run-step.md

@@ -33,7 +33,7 @@ This article gives a comparison of scenario(s) in SDK v1 and SDK v2. In the foll
 ## Prerequisites
 
  - Prepare your SDK v2 environment: [Install the Azure ML SDK v2 for Python](/python/api/overview/azure/ml/installv2)
- - Understand the basis of SDK v2 pipeline: [How to create Azure ML pipeline with python SDK v2](how-to-create-component-pipeline-python.md)
+ - Understand the basis of SDK v2 pipeline: [How to create Azure ML pipeline with Python SDK v2](how-to-create-component-pipeline-python.md)
 
 
 ## Create parallel step