Merge pull request #293367 from MicrosoftDocs/main

1/22/2025 11:00 AM IST Publish

Author: PhilKang0704

.openpublishing.publish.config.json

@@ -128,12 +128,6 @@
             "branch": "master",
             "branch_mapping": {}
         },
-        {
-            "path_to_root": "azure-docs-snippets-pr",
-            "url": "https://github.com/MicrosoftDocs/azure-docs-snippets-pr",
-            "branch": "main",
-            "branch_mapping": {}
-        },
         {
             "path_to_root": "azure-functions-dapr-extension",
             "url": "https://github.com/Azure/azure-functions-dapr-extension",

.openpublishing.redirection.json

@@ -2,7 +2,7 @@
 title: Create a Batch account in the Azure portal
 description: Learn how to use the Azure portal to create and manage an Azure Batch account for running large-scale parallel workloads in the cloud.
 ms.topic: how-to
-ms.date: 04/16/2024
+ms.date: 01/22/2025
 ms.custom: subject-rbac-steps, linux-related-content
 ---
 
@@ -98,7 +98,7 @@ Get-AzMarketplaceTerms -Publisher 'microsoft-azure-batch' -Product 'ubuntu-serve
 <a name="allow-azure-batch-to-access-the-subscription-one-time-operation"></a>
 ### Allow Batch to access the subscription
 
-When you create the first user subscription mode Batch account in an Azure subscription, you must register your subscription with Batch. You need to do this registration only once per subscription.
+When you create the first user subscription mode Batch account in an Azure subscription, you must register your subscription with Batch resource provider, and assign **Azure Batch Service Orchestration Role** to Microsoft Azure Batch service principal. You need to do this configuration only once per subscription.
 
 > [!IMPORTANT]
 > You need **Owner** permissions in the subscription to take this action.
@@ -112,9 +112,9 @@ When you create the first user subscription mode Batch account in an Azure subsc
 
 1. Return to the **Subscription** page and select **Access control (IAM)** from the left navigation.
 1. At the top of the **Access control (IAM)** page, select **Add** > **Add role assignment**.
-1. On the **Add role assignment** screen, under **Assignment type**, select **Privileged administrator role**, and then select **Next**.
-1. On the **Role** tab, select either the **Contributor** or **Owner** role for the Batch account, and then select **Next**.
+1. On the **Role** tab, search for and select **Azure Batch Service Orchestration Role**, and then select **Next**.
 1. On the **Members** tab, select **Select members**. On the **Select members** screen, search for and select **Microsoft Azure Batch**, and then select **Select**.
+1. Select **Review + assign** to go to **Review + assign** tab, and select **Review + create** again to apply role assignment changes. 
 
 For detailed steps, see [Assign Azure roles by using the Azure portal](../role-based-access-control/role-assignments-portal.yml).
 
@@ -147,6 +147,7 @@ To create a Batch account with authentication mode settings:
 1. You can select either of the 3 **"Microsoft Entra ID**, **Shared Key**, **Task Authentication Token** authentication mode for the Batch account to support or leave the settings at default values. 
 
    :::image type="content" source="media/batch-account-create-portal/authentication-mode-property.png" alt-text="Screenshot of the Authentication Mode options when creating a Batch account.":::
+
 1. Leave the remaining settings at default values, select **Review + create**, and then select **Create**.
 
 > [!TIP]
@@ -157,38 +158,31 @@ To create a Batch account with authentication mode settings:
 
 ### Grant access to the key vault manually
 
-You can also grant access to the key vault manually in [Azure portal](https://portal.azure.com).
+To grant access to the key vault manually in [Azure portal](https://portal.azure.com), you need to assign **Key Vault Secrets Officer** role for Batch:
 
-#### If the Key Vault permission model is **Azure role-based access control**:
 1. Select **Access control (IAM)** from the left navigation of the key vault page.
 1. At the top of the **Access control (IAM)** page, select **Add** > **Add role assignment**.
-1. On the **Add role assignment** screen, under **Role** tab, under **Job function roles** sub tab, select either **Key Vault Secrets Officer** or **Key Vault Administrator** role for the Batch account, and then select **Next**.
+1. On the **Add role assignment** screen, under **Role** tab, under **Job function roles** sub tab, search and select **Key Vault Secrets Officer** role for the Batch account, and then select **Next**.
 1. On the **Members** tab, select **Select members**. On the **Select members** screen, search for and select **Microsoft Azure Batch**, and then select **Select**.
-1. Click the **Review + create** button on the bottom to go to **Review + assign** tab, and click the **Review + create** button on the bottom again.
+1. Select the **Review + create** button on the bottom to go to **Review + assign** tab, and select the **Review + create** button on the bottom again.
 
 For detailed steps, see [Assign Azure roles by using the Azure portal](../role-based-access-control/role-assignments-portal.yml).
 
-#### If the Key Vault permission model is **Vault access policy**:
+> [!NOTE]
+> **KeyVaultNotFound** error returns for Batch account creation if the RBAC role isn't assigned for Batch in the referenced key vault.
+
+If the Key Vault permission model is **Vault access policy**, you also need to configure the **Access policies**:
+
 1. Select **Access policies** from the left navigation of the key vault page.
 1. On the **Access policies** page, select **Create**.
-1. On the **Create an access policy** screen, select a minimum of **Get**, **List**, **Set**, and **Delete** permissions under **Secret permissions**. For [key vaults with soft-delete enabled](/azure/key-vault/general/soft-delete-overview), also select **Recover**.
+1. On the **Create an access policy** screen, select a minimum of **Get**, **List**, **Set**, **Delete**, and **Recover** permissions under **Secret permissions**.
 
    :::image type="content" source="media/batch-account-create-portal/secret-permissions.png" alt-text="Screenshot of the Secret permissions selections for Azure Batch":::
 
 1. Select **Next**.
 1. On the **Principal** tab, search for and select **Microsoft Azure Batch**.
 1. Select the **Review + create** tab, and then select **Create**.
 
-<!--can't find this link or screen
-
-Select **Add**, then ensure that the **Azure Virtual Machines for deployment** and **Azure Resource Manager for template deployment** check boxes are selected for the linked **Key Vault** resource. Select **Save** to commit your changes.
-
-:::image type="content" source="media/batch-account-create-portal/key-vault-access-policy.png" alt-text="Screenshot of the Access policy screen.":::
-
--->
-> [!NOTE]
-> Currently, the Batch account name supports only access policies. When creating a Batch account, ensure that the key vault uses the associated access policy instead of the EntraID RBAC permissions. For more information on how to add an access policy to your Azure key vault instance, see [Configure your Azure Key Vault instance](batch-customer-managed-key.md).
-
 ### Configure subscription quotas
 
 For user subscription Batch accounts, [core quotas](batch-quota-limit.md) must be set manually. Standard Batch core quotas don't apply to accounts in user subscription mode. The [quotas in your subscription](/azure/azure-resource-manager/management/azure-subscription-service-limits) for regional compute cores, per-series compute cores, and other resources are used and enforced.

articles/azure-web-pubsub/howto-troubleshoot-resource-logs.md

@@ -6,15 +6,15 @@ ms.reviewer: amberb
 ms.service: cost-management-billing
 ms.subservice: billing
 ms.topic: conceptual
-ms.date: 03/21/2024
+ms.date: 01/21/2025
 ms.author: banders
 ---
 
 # Terms in the Azure usage and charges file for a Microsoft Customer Agreement
 
 This article applies to a billing account for a Microsoft Customer Agreement. [Check if you have access to a Microsoft Customer Agreement](#check-access-to-a-microsoft-customer-agreement).
 
-The Azure usage and charges CSV file contains daily and meter-level usage charges for the current billing period.
+The Azure usage and charges CSV file contain daily and meter-level usage charges for the current billing period.
 
 To get your Azure usage and charges file, see [View and download Azure usage and charges for your Microsoft Customer Agreement](download-azure-daily-usage.md). It's available in a comma-separated values (.csv) file format that you can open in a spreadsheet application.
 
@@ -45,7 +45,7 @@ If you're an EA customer, notice that the terms in the Azure billing profile usa
 | MeterRegion | meterRegion | Detail required for a service. Useful to find the region context of the resource. |
 | MeterName | meterName | Name of the meter. Represents the Azure service deployable resource. |
 | ConsumedQuantity | quantity | Measured quantity purchased or consumed. The amount of the meter used during the billing period. |
-| ResourceRate | effectivePrice | The price represents the actual rate that you end up paying per unit, after discounts are taken into account. It's the price that should be used with the `Quantity` to do `Price` \* `Quantity` calculations to reconcile charges. The price takes into account the following scenarios and the scaled unit price that's also present in the files. As a result, it might differ from the scaled unit price. |
+| ResourceRate | effectivePrice | The price represents the actual rate that you end up paying per unit, after discounts are taken into account. It's the price that should be used with the `Quantity` to do `Price` \* `Quantity` calculations to reconcile charges. The price takes into account the following scenarios and the scaled unit price that's also present in the files. As a result, it might differ from the scaled unit price. <br> [Reservation](../reservations/understand-reserved-instance-usage-ea.md) and [savings plan](../savings-plan/utilization-cost-reports.md) charges might be zero in actual cost reports but are shown in amortized cost reports. |
 | ExtendedCost | cost | Cost of the charge in the billing currency before credits or taxes. |
 | ResourceLocation | resourceLocation | Location of the used resource's data center. |
 | ConsumedService | consumedService | Name of the service. |

articles/batch/batch-account-create-portal.md

@@ -5,20 +5,45 @@ services: ddos-protection
 author: AbdullahBell
 ms.service: azure-ddos-protection
 ms.topic: concept-article
-ms.date: 07/17/2024
+ms.date: 01/21/2025
 ms.author: abell
 ---
-# Types of attacks Azure DDoS Protection mitigates
+# Types of attacks Azure DDoS Protection mitigate
 
 Azure DDoS Protection can mitigate the following types of attacks:
 
-- **Volumetric attacks**: These attacks flood the network layer with a substantial amount of seemingly legitimate traffic. They include UDP floods, amplification floods, and other spoofed-packet floods. DDoS Protection mitigates these potential multi-gigabyte attacks by absorbing and scrubbing them, with Azure's global network scale, automatically.
-- **Protocol attacks**: These attacks render a target inaccessible, by exploiting a weakness in the layer 3 and layer 4 protocol stack. They include SYN flood attacks, reflection attacks, and other protocol attacks. DDoS Protection mitigates these attacks, differentiating between malicious and legitimate traffic, by interacting with the client, and blocking malicious traffic. 
-- **Resource (application) layer attacks**: These attacks target web application packets, to disrupt the transmission of data between hosts. They include HTTP protocol violations, SQL injection, cross-site scripting, and other layer 7 attacks. Use a Web Application Firewall, such as the Azure [Application Gateway web application firewall](../web-application-firewall/ag/ag-overview.md?toc=%2fazure%2fvirtual-network%2ftoc.json), as well as DDoS Protection to provide defense against these attacks. There are also third-party web application firewall offerings available in the [Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps?page=1&search=web%20application%20firewall).
+- **Volumetric attacks**: These attacks flood the network layer with a substantial amount of seemingly legitimate traffic. They include UDP floods, amplification floods, and other spoofed-packet floods. DDoS Protection mitigates these potential multi-gigabyte attacks by absorbing and scrubbing them, with Azure's global network scale, automatically. Common attack types are listed in the following table.
 
-## Azure DDoS Protection
+    | **Attack Type**                | **Description**                                                                 |
+    |--------------------------------|---------------------------------------------------------------------------------|
+    | **ICMP Flood**                 | Overwhelms the target with ICMP Echo Request (ping) packets, causing disruption. |
+    | **IP/ICMP Fragmentation**      | Exploits IP packet fragmentation to overwhelm the target with fragmented packets.|
+    | **IPsec Flood**                | Floods the target with IPsec packets, overwhelming the processing capability.    |
+    | **UDP Flood**                  | Sends a large number of UDP packets to random ports, causing resource exhaustion.|
+    | **Reflection Amplification Attack** | Uses a third-party server to amplify the attack traffic towards the target.    |
+
+- **Protocol attacks**: These attacks render a target inaccessible, by exploiting a weakness in the layer 3 and layer 4 protocol stack. They include SYN flood attacks, reflection attacks, and other protocol attacks. DDoS Protection mitigates these attacks, differentiating between malicious and legitimate traffic, by interacting with the client, and blocking malicious traffic. Common attack types are listed in the following table.
+
+    | **Attack Type**                | **Description**                                                                 |
+    |--------------------------------|---------------------------------------------------------------------------------|
+    | **SYN Flood**                  | Exploits the TCP handshake process to overwhelm the target with connection requests. |
+    | **Fragmented Packet Attack**   | Sends fragmented packets to the target, causing resource exhaustion during reassembly. |
+    | **Ping of Death**              | Sends malformed or oversized packets to crash or destabilize the target system. |
+    | **Smurf Attack**               | Uses ICMP echo requests to flood the target with traffic by exploiting network devices. |
+
+- **Resource (application) layer attacks**: These attacks target web application packets, to disrupt the transmission of data between hosts. They include HTTP protocol violations, SQL injection, cross-site scripting, and other layer 7 attacks. Use a Web Application Firewall, such as the Azure [Application Gateway web application firewall](../web-application-firewall/ag/ag-overview.md?toc=%2fazure%2fvirtual-network%2ftoc.json), and DDoS Protection to provide defense against these attacks. There are also third-party web application firewall offerings available in the [Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps?page=1&search=web%20application%20firewall). Common attacks types are listed in the following table.
+
+
+    | **Attack Type**                | **Description**                                                                 |
+    |--------------------------------|---------------------------------------------------------------------------------|
+    | **BGP Hijacking**              | Involves taking control of a group of IP addresses by corrupting Internet routing tables. |
+    | **Slowloris**                  | Keeps many connections to the target web server open and holds them open as long as possible. |
+    | **Slow Post**                  | Sends HTTP POST headers that are incomplete, causing the server to wait for the rest of the data. |
+    | **Slow Read**                  | Reads responses from the server slowly, causing the server to keep the connection open. |
+    | **HTTP(/s) Flooding**          | Floods the target with HTTP requests, overwhelming the server's ability to respond. |
+    | **Low and Slow attack**        | Uses a few connections to slowly send or request data, evading detection. |
+    | **Large Payload POST**         | Sends large payloads in HTTP POST requests to exhaust server resources. |
 
-Azure DDoS Protection protects resources in a virtual network including public IP addresses associated with virtual machines, load balancers, and application gateways. When coupled with the Application Gateway web application firewall, or a third-party web application firewall deployed in a virtual network with a public IP, Azure DDoS Protection can provide full layer 3 to layer 7 mitigation capability.
 
 ## Next steps
 

articles/batch/media/batch-account-create-portal/key-vault-access-policy.png

@@ -1,10 +1,11 @@
 ---
 title: Azure Communication Services - Email events
 description: This article describes how to use Azure Communication Services as an Event Grid event source for Email Events.
-ms.topic: conceptual
-ms.date: 09/30/2022
+ms.topic: concept-article
+ms.date: 01/21/2025
 author: anmolbohra97
 ms.author: anmolbohra
+# Customer intent: I want to learn about what email events from Azure Communication Servics are supported through Azure Event Grid. 
 ---
 
 # Azure Communication Services - Email events
@@ -13,7 +14,7 @@ This article provides the properties and schema for communication services email
 
 ## Events types
 
-Azure Communication Services emits the following telephony and SMS event types:
+Azure Communication Services emits the following telephony and Short Message Service (SMS) event types:
 
 | Event type                                                  | Description                                                                                    |
 | ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------- |
@@ -54,7 +55,7 @@ This section contains an example of what that data would look like for each even
 > Possible values for `Status` are:
 > - `Delivered`: The message was successfully handed over to the intended destination (recipient Mail Transfer Agent).
 > - `Suppressed`: The recipient email had hard bounced previously, and all subsequent emails to this recipient are being temporarily suppressed as a result.
-> - `Bounced`: The email hard bounced, which may have happened because the email address does not exist or the domain is invalid.
+> - `Bounced`: The email hard bounced, which might happen because the email address doesn't exist or the domain is invalid.
 > - `Quarantined`: The message was quarantined (as spam, bulk mail, or phishing).
 > - `FilteredSpam`: The message was identified as spam, and was rejected or blocked (not quarantined).
 > - `Expanded`: A distribution group recipient was expanded before delivery to the individual members of the group.