Merge pull request #205745 from MicrosoftDocs/repo_sync_working_branch

huypub · web-flow · commit dbbff4503cd0 · 2022-07-25T09:52:08.000-07:00
Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)
diff --git a/articles/active-directory/managed-identities-azure-resources/how-to-assign-app-role-managed-identity-cli.md b/articles/active-directory/managed-identities-azure-resources/how-to-assign-app-role-managed-identity-cli.md
@@ -3,7 +3,7 @@ title: Assign a managed identity to an application role using Azure CLI - Azure
 description: Step-by-step instructions for assigning a managed identity access to another application's role, using Azure CLI.
 services: active-directory
 documentationcenter: 
-author: christoc
+author: xstof
 manager:
 editor: 
 
@@ -64,7 +64,7 @@ In this article, you learn how to assign a managed identity to an application ro
 
     ```azurecli
     appName="{name for your application}"
-    serverSPOID=$(az ad sp list --filter "displayName eq 'My App'" --query '[0].objectId' -o tsv | tr -d '[:space:]')
+    serverSPOID=$(az ad sp list --filter "displayName eq '$appName'" --query '[0].id' -o tsv | tr -d '[:space:]')
     echo "object id for server service principal is: $serverSPOID"
     ```
 
@@ -75,7 +75,7 @@ In this article, you learn how to assign a managed identity to an application ro
 
     ```azurecli
     appID="{application id for your application}"
-    serverSPOID=$(az ad sp list --filter "appId eq '$appID'" --query '[0].objectId' -o tsv | tr -d '[:space:]')
+    serverSPOID=$(az ad sp list --filter "appId eq '$appID'" --query '[0].id' -o tsv | tr -d '[:space:]')
     echo "object id for server service principal is: $serverSPOID"
     ```
 
diff --git a/articles/azure-maps/tutorial-search-location.md b/articles/azure-maps/tutorial-search-location.md
@@ -140,7 +140,7 @@ The Map Control API is a convenient client library. This API allows you to easil
 
    About this code:
 
-   * A `ready` event is added to the map, which fires when the map resources finnish loading and the map is ready to be accessed.
+   * A `ready` event is added to the map, which fires when the map resources finish loading and the map is ready to be accessed.
    * In the map `ready` event handler, a data source is created to store result data.
    * A symbol layer is created and attached to the data source. This layer specifies how the result data in the data source should be rendered. In this case, the result is rendered with a dark blue round pin icon, centered over the results coordinate, that allows other icons to overlap.
    * The result layer is added to the map layers.
diff --git a/articles/azure-monitor/logs/workspace-design.md b/articles/azure-monitor/logs/workspace-design.md
@@ -106,7 +106,7 @@ While you should avoid sending duplicate data to multiple workspaces because of
 ### Data access control
 When you grant a user [access to a workspace](manage-access.md#azure-rbac), they have access to all data in that workspace. This is appropriate for a member of a central administration or security team who must access data for all resources. Access to the workspace is also determined by resource-context RBAC and table-level RBAC.
 
-Resource-context RBAC](manage-access.md#access-mode)
+[Resource-context RBAC](manage-access.md#access-mode)
 By default, if a user has read access to an Azure resource, they inherit permissions to any of that resource's monitoring data sent to the workspace. This allows users to access information about resources they manage without being granted explicit access to the workspace. If you need to block this access, you can change the [access control mode](manage-access.md#access-control-mode) to require explicit workspace permissions.
 
 - **If you want users to be able to access data for their resources**, keep the default access control mode of *Use resource or workspace permissions*.
diff --git a/articles/backup/backup-azure-file-folder-backup-faq.yml b/articles/backup/backup-azure-file-folder-backup-faq.yml
@@ -31,6 +31,11 @@ sections:
           How long are vault credentials valid?
         answer: |
           Vault credentials expire after 10 days. If the credentials file expires, download the file again from the Azure portal.
+          
+      - question: |
+          Why do I need to update my MARS agent for the vault credentials to work?
+        answer: |
+          A new parameter is added to the vault credentials file. It can be parsed correctly only with MARS agent version 2.0.9249.0 and above.
 
       - question: |
           What characters are allowed for the passphrase?
diff --git a/articles/cognitive-services/cognitive-services-apis-create-account.md b/articles/cognitive-services/cognitive-services-apis-create-account.md
@@ -38,7 +38,7 @@ The multi-service resource is named **Cognitive Services** in the portal. The mu
 * **Speech** - Speech
 * **Vision** - Computer Vision, Custom Vision, Face
 
-1. You can select this link to create an Azure Cognitive multi-service resource: [Create a Cognitive Services resource](https://ms.portal.azure.com/#create/Microsoft.CognitiveServicesAllInOne).
+1. You can select this link to create an Azure Cognitive multi-service resource: [Create a Cognitive Services resource](https://portal.azure.com/#create/Microsoft.CognitiveServicesAllInOne).
 
 1. On the **Create** page, provide the following information:
 
@@ -51,10 +51,10 @@ The multi-service resource is named **Cognitive Services** in the portal. The mu
 ### [Decision](#tab/decision)
 
 1. You can select one of these links to create a Decision resource: 
-    - [Anomaly Detector](https://ms.portal.azure.com/#create/Microsoft.CognitiveServicesAnomalyDetector)
-    - [Content Moderator](https://ms.portal.azure.com/#create/Microsoft.CognitiveServicesContentModerator)
-    - [Metrics Advisor](https://ms.portal.azure.com/#create/Microsoft.CognitiveServicesMetricsAdvisor)
-    - [Personalizer](https://ms.portal.azure.com/#create/Microsoft.CognitiveServicesPersonalizer)
+    - [Anomaly Detector](https://portal.azure.com/#create/Microsoft.CognitiveServicesAnomalyDetector)
+    - [Content Moderator](https://portal.azure.com/#create/Microsoft.CognitiveServicesContentModerator)
+    - [Metrics Advisor](https://portal.azure.com/#create/Microsoft.CognitiveServicesMetricsAdvisor)
+    - [Personalizer](https://portal.azure.com/#create/Microsoft.CognitiveServicesPersonalizer)
 
 1. On the **Create** page, provide the following information:
 
@@ -65,11 +65,11 @@ The multi-service resource is named **Cognitive Services** in the portal. The mu
 ### [Language](#tab/language)
 
 1. You can select one of these links to create a Language resource: 
-    - [Immersive reader](https://ms.portal.azure.com/#create/Microsoft.CognitiveServicesImmersiveReader)
-    - [Language Understanding (LUIS)](https://ms.portal.azure.com/#create/Microsoft.CognitiveServicesLUISAllInOne)
-    - [Language service](https://ms.portal.azure.com/#create/Microsoft.CognitiveServicesTextAnalytics)
-    - [Translator](https://ms.portal.azure.com/#create/Microsoft.CognitiveServicesTextTranslation)
-    - [QnA Maker](https://ms.portal.azure.com/#create/Microsoft.CognitiveServicesQnAMaker)
+    - [Immersive reader](https://portal.azure.com/#create/Microsoft.CognitiveServicesImmersiveReader)
+    - [Language Understanding (LUIS)](https://portal.azure.com/#create/Microsoft.CognitiveServicesLUISAllInOne)
+    - [Language service](https://portal.azure.com/#create/Microsoft.CognitiveServicesTextAnalytics)
+    - [Translator](https://portal.azure.com/#create/Microsoft.CognitiveServicesTextTranslation)
+    - [QnA Maker](https://portal.azure.com/#create/Microsoft.CognitiveServicesQnAMaker)
 
 1. On the **Create** page, provide the following information:
 
@@ -79,7 +79,7 @@ The multi-service resource is named **Cognitive Services** in the portal. The mu
 
 ### [Speech](#tab/speech)
 
-1. You can select this link to create a Speech resource: [Speech Services](https://ms.portal.azure.com/#create/Microsoft.CognitiveServicesSpeechServices)
+1. You can select this link to create a Speech resource: [Speech Services](https://portal.azure.com/#create/Microsoft.CognitiveServicesSpeechServices)
 
 1. On the **Create** page, provide the following information:
 
@@ -90,9 +90,9 @@ The multi-service resource is named **Cognitive Services** in the portal. The mu
 ### [Vision](#tab/vision)
 
 1. You can select one of these links to create a Vision resource: 
-    - [Computer vision](https://ms.portal.azure.com/#create/Microsoft.CognitiveServicesComputerVision)
-    - [Custom vision service](https://ms.portal.azure.com/#create/Microsoft.CognitiveServicesCustomVision)
-    - [Face](https://ms.portal.azure.com/#create/Microsoft.CognitiveServicesFace) 
+    - [Computer vision](https://portal.azure.com/#create/Microsoft.CognitiveServicesComputerVision)
+    - [Custom vision service](https://portal.azure.com/#create/Microsoft.CognitiveServicesCustomVision)
+    - [Face](https://portal.azure.com/#create/Microsoft.CognitiveServicesFace) 
 
 1. On the **Create** page, provide the following information:
 
@@ -112,7 +112,7 @@ The multi-service resource is named **Cognitive Services** in the portal. The mu
 
 1. From the quickstart pane that opens, you can access the resource endpoint and manage keys.
 <!--
-1. If you missed the previous steps or need to find your resource later, go to the [Azure services](https://ms.portal.azure.com/#home) home page. From here you can view recent resources, select **My resources**, or use the search box to find your resource by name.
+1. If you missed the previous steps or need to find your resource later, go to the [Azure services](https://portal.azure.com/#home) home page. From here you can view recent resources, select **My resources**, or use the search box to find your resource by name.
 
     :::image type="content" source="media/cognitive-services-apis-create-account/home-my-resources.png" alt-text="Find resource keys from home screen":::
 -->
diff --git a/articles/communication-services/concepts/troubleshooting-info.md b/articles/communication-services/concepts/troubleshooting-info.md
@@ -352,6 +352,7 @@ The Azure Communication Services SMS SDK uses the following error codes to help
 | 4006 | The Destination/To number isn't reachable| Try resending the message at a later time |
 | 4007 | The Destination/To number has opted out of receiving messages from you| Mark the Destination/To number as opted out so that no further message attempts are made to the number|
 | 4008 | You've exceeded the maximum number of messages allowed for your profile| Ensure you aren't exceeding the maximum number of messages allowed for your number or use queues to batch the messages |
+| 4009 | Message is rejected by Microsoft Entitlement System| Most often it happens if fraudulent activity is detected. Please contact support for more details |
 | 5000 | Message failed to deliver. Please reach out Microsoft support team for more details| File a support request through the Azure portal |
 | 5001 | Message failed to deliver due to temporary unavailability of application/system|  |
 | 5002 | Message Delivery Timeout|  Try resending the message |
diff --git a/articles/defender-for-cloud/integration-defender-for-endpoint.md b/articles/defender-for-cloud/integration-defender-for-endpoint.md
@@ -326,6 +326,12 @@ If you enabled the integration, but still don't see the extension running on you
 ### What are the licensing requirements for Microsoft Defender for Endpoint?
 Defender for Endpoint is included at no extra cost with **Microsoft Defender for Servers**. Alternatively, it can be purchased separately for 50 machines or more.
 
+### Do I need to buy a separate anti-malware solution to protect my machines?
+No. With MDE integration in Defender for Servers, you'll also get malware protection on your machines.
+- On Windows Server 2012 R2 with MDE unified solution integration enabled, Defender for Servers will deploy [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows) in *active mode*.
+- On newer Windows Server operating systems, Microsoft Defender Antivirus is part of the operating system and will be enabled in *active mode*.
+- On Linux, Defender for Servers will deploy MDE including the anti-malware component, and set the component in *passive mode*.
+
 ### If I already have a license for Microsoft Defender for Endpoint, can I get a discount for Microsoft Defender for Servers?
 If you already have a license for **Microsoft Defender for Endpoint for Servers** , you won't pay for that part of your [Microsoft Defender for Servers Plan 2](defender-for-servers-introduction.md#plan-2-formerly-defender-for-servers) license. Learn more about [the Microsoft 365 license](/microsoft-365/security/defender-endpoint/minimum-requirements#licensing-requirements).
 
diff --git a/articles/key-vault/general/security-features.md b/articles/key-vault/general/security-features.md
@@ -76,7 +76,7 @@ For more information about authentication to Key Vault, see [Authenticate to Azu
 
 ## Conditional access 
 
-Key Vault provides support for Azure Azure Active Directory Conditional Access policies. By using Conditional Access policies, you can apply the right access controls to Key Vault when needed to keep your organization secure and stay out of your user's way when not needed.
+Key Vault provides support for Azure Active Directory Conditional Access policies. By using Conditional Access policies, you can apply the right access controls to Key Vault when needed to keep your organization secure and stay out of your user's way when not needed.
 
 For more information, see [Conditional Access overview](../../active-directory/conditional-access/overview.md)
 
diff --git a/articles/private-link/private-link-service-overview.md b/articles/private-link/private-link-service-overview.md
@@ -42,7 +42,7 @@ After a consumer initiates a connection, the service provider can accept or reje
  
 ### Delete your service
 
-If the Private Link service is no longer in use, you can delete it. However, before your delete the service, ensure that there are no private endpoint connections associated with it. You can reject all connections and delete the service.
+If the Private Link service is no longer in use, you can delete it. However, before you delete the service, ensure that there are no private endpoint connections associated with it. You can reject all connections and delete the service.
 
 ## Properties
 
diff --git a/articles/service-fabric/service-fabric-containers-overview.md b/articles/service-fabric/service-fabric-containers-overview.md
@@ -46,8 +46,8 @@ Compared to virtual machines, containers have the following advantages:
 Service Fabric supports the deployment of Docker containers on Linux, and Windows Server containers on Windows Server 2016 and later, along with support for Hyper-V isolation mode.
 
 Container runtimes compatible with ServiceFabric:
-- Mirantis Container Runtime
-- Moby
+- Linux: Mirantis Container Runtime + Ubuntu
+- Windows: Mirantis Container Runtime + Windows Server 2019/2022
 
 #### Docker containers on Linux
 
diff --git a/articles/virtual-desktop/create-host-pools-azure-marketplace.md b/articles/virtual-desktop/create-host-pools-azure-marketplace.md
@@ -139,15 +139,16 @@ To set up your virtual machine within the Azure portal host pool setup process:
    > [!div class="mx-imgBorder"]
    > ![A screenshot of the Trusted Launch security features available to select from.](https://user-images.githubusercontent.com/62080236/146099320-24cbfdfe-c5ec-43c1-b6b9-ad02378c3709.png)
 
-6. Next, choose the image that needs to be used to create the virtual machine. You can choose either **Gallery** or **Storage blob**.
+6. Next, choose the image that needs to be used to create the virtual machine. You can choose **Gallery** for new host pool deployments with **Storage blob** no longer available.
 
-    - If you choose **Gallery**, select one of the recommended images from the drop-down menu:
+    - After choosing **Gallery**, select a Windows image that meets your requirements from the drop-down menu:
 
-      - Windows 10 Enterprise multi-session, Version 1909
-      - Windows 10 Enterprise multi-session, Version 1909 + Microsoft 365 Apps
+      - Windows 11 Enterprise multi-session (Gen2)
+      - Windows 11 Enterprise multi-session + Microsoft 365 Apps (Gen2)
+      - Windows 10 Enterprise multi-session, Version 21H2 (Gen2)
+      - Windows 10 Enterprise multi-session, Version 21H2 + Microsoft 365 Apps (Gen2)
       - Windows Server 2019 Datacenter
-      - Windows 10 Enterprise multi-session, Version 2004
-      - Windows 10 Enterprise multi-session, Version 2004 + Microsoft 365 Apps
+     
 
       If you don't see the image you want, select **See all images**, which lets you select either another image in your gallery or an image provided by Microsoft and other publishers. Make sure that the image you choose is one of the [supported OS images](prerequisites.md#operating-systems-and-licenses).
 
@@ -159,7 +160,7 @@ To set up your virtual machine within the Azure portal host pool setup process:
       > [!div class="mx-imgBorder"]
       > ![A screenshot of the My Items tab.](media/my-items.png)
 
-    - If you choose **Storage Blob**, you can use your own image build through Hyper-V or on an Azure VM. All you have to do is enter the location of the image in the storage blob as a URI.
+    - If you are adding a VM to a host pool that allows **Storage Blob**, you can use your own image build through Hyper-V or on an Azure VM. All you have to do is enter the location of the image in the storage blob as a URI.
    
    The image's location is independent of the availability option, but the image’s zone resiliency determines whether that image can be used with availability zone. If you select an availability zone while creating your image, make sure you're using an image from the gallery with zone resiliency enabled. To learn more about which zone resiliency option you should use, see [the FAQ](./faq.yml#which-availability-option-is-best-for-me-).
 
@@ -186,7 +187,7 @@ To set up your virtual machine within the Azure portal host pool setup process:
 
     If you choose **Advanced**, select an existing network security group that you've already configured.
 
-12. After that, select whether you want the virtual machines to be joined to **Active Directory** or **Azure Active Directory** (Preview).
+12. After that, select whether you want the virtual machines to be joined to **Active Directory** or **Azure Active Directory**.
 
     - For Active Directory, provide an account to join the domain and choose if you want to join a specific domain and organizational unit.
 
