Merge pull request #169992 from MicrosoftDocs/master

Merge master to live, 4 AM

Author: ttorble

articles/active-directory-b2c/configure-authentication-sample-web-app.md

@@ -7,7 +7,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 06/11/2021
+ms.date: 08/23/2021
 ms.author: mimart
 ms.subservice: B2C
 ms.custom: "b2c-support"
@@ -89,7 +89,7 @@ Follow these steps to create the app registration:
 For web apps that request an ID token directly from Azure AD B2C, enable the implicit grant flow in the app registration.
 
 1. In the left menu, under **Manage**, select **Authentication**.
-1. Under **Implicit grant**, select the **ID tokens** check box.
+1. Under **Implicit grant**, select the **ID tokens (used for implicit and hybrid flows)**, and the **Access tokens (used for implicit flows)** check boxes.
 1. Select **Save**.
 
 ## Step 3: Get the web app sample
@@ -153,4 +153,4 @@ You can add and modify redirect URIs in your registered applications at any time
 ## Next steps
 
 * Learn more [about the code sample](https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/1-WebApp-OIDC/1-5-B2C#about-the-code)
-* Learn how to [Enable authentication in your own web application using Azure AD B2C](enable-authentication-web-application.md)
+* Learn how to [Enable authentication in your own web application using Azure AD B2C](enable-authentication-web-application.md)

articles/active-directory/develop/scenario-desktop-call-api.md

@@ -31,8 +31,16 @@ Now that you have a token, you can call a protected web API.
 ```Java
 HttpURLConnection conn = (HttpURLConnection) url.openConnection();
 
+PublicClientApplication pca = PublicClientApplication.builder(clientId)
+        .authority(authority)
+        .build();
+
+// Acquire a token, acquireTokenHelper would call publicClientApplication's acquireTokenSilently then acquireToken
+// see https://github.com/Azure-Samples/ms-identity-java-desktop for a full example
+IAuthenticationResult authenticationResult = acquireTokenHelper(pca);
+
 // Set the appropriate header fields in the request header.
-conn.setRequestProperty("Authorization", "Bearer " + accessToken);
+conn.setRequestProperty("Authorization", "Bearer " + authenticationResult.accessToken);
 conn.setRequestProperty("Accept", "application/json");
 
 String response = HttpClientHelper.getResponseStringFromConn(conn);

articles/app-service/quickstart-java.md

@@ -287,13 +287,7 @@ Be careful about the values of `<appName>` and `<resourceGroup>` (`helloworld-15
 
 ## Deploy the app
 
-The Maven plugin uses account credentials from the Azure CLI to deploy to App Services. [Sign in with the Azure CLI](/cli/azure/authenticate-azure-cli) before continuing.
-
-```azurecli-interactive
-az login
-```
-
-Then you can deploy your Java app to Azure using the following command.
+With all the configuration ready in your pom file, you can deploy your Java app to Azure with one single command.
 
 ```azurecli-interactive
 mvn package azure-webapp:deploy

articles/azure-government/compare-azure-government-global-azure.md

@@ -11,7 +11,7 @@ ms.devlang: na
 ms.topic: overview
 ms.tgt_pltfrm: na
 ms.workload: azure-government
-ms.date: 08/04/2021
+ms.date: 08/20/2021
 ---
 
 # Compare Azure Government and global Azure
@@ -178,10 +178,6 @@ The following Data Factory **features are not currently available** in Azure Gov
 
 - Mapping data flows
 
-### [Azure Databricks](/azure/databricks/scenarios/what-is-azure-databricks)
-
-For access to Azure Databricks in an Azure Government environment, contact your Microsoft or Databricks account representative.
-
 ### [HDInsight](../hdinsight/hadoop/apache-hadoop-introduction.md)
 
 The following HDInsight **features are not currently available** in Azure Government:

articles/azure-monitor/vm/monitor-virtual-machine.md

@@ -57,7 +57,7 @@ Any monitoring tool, such as Azure Monitor, requires an agent installed on a mac
 > [!NOTE]
 > The Azure Monitor agent will completely replace the Log Analytics agent, diagnostic extension, and Telegraf agent once it gains required functionality. These other agents are still required for features such as VM insights, Azure Security Center, and Azure Sentinel.
 
-- [Azure Monitor agent](../agents/agents-overview.md#log-analytics-agent): Supports virtual machines in Azure, other cloud environments, and on-premises. Sends data to Azure Monitor Metrics and Logs. When it fully supports VM insights, Azure Security Center, and Azure Sentinel, then it will completely replace the Log Analytics agent and diagnostic extension.
+- [Azure Monitor agent](../agents/agents-overview.md#azure-monitor-agent): Supports virtual machines in Azure, other cloud environments, and on-premises. Sends data to Azure Monitor Metrics and Logs. When it fully supports VM insights, Azure Security Center, and Azure Sentinel, then it will completely replace the Log Analytics agent and diagnostic extension.
 - [Log Analytics agent](../agents/agents-overview.md#log-analytics-agent): Supports virtual machines in Azure, other cloud environments, and on-premises. Sends data to Azure Monitor Logs. Supports VM insights and monitoring solutions. This agent is the same agent used for System Center Operations Manager.
 - [Dependency agent](../agents/agents-overview.md#dependency-agent): Collects data about the processes running on the virtual machine and their dependencies. Relies on the Log Analytics agent to transmit data into Azure and supports VM insights, Service Map, and Wire Data 2.0 solutions.
 - [Azure Diagnostic extension](../agents/agents-overview.md#azure-diagnostics-extension): Available for Azure Monitor virtual machines only. Can send data to Azure Event Hubs and Azure Storage.

articles/azure-sql/database/data-discovery-and-classification-overview.md

@@ -11,7 +11,7 @@ ms.topic: conceptual
 author: DavidTrigano
 ms.author: datrigan
 ms.reviewer: vanto
-ms.date: 08/16/2021
+ms.date: 08/22/2021
 tags: azure-synapse
 ---
 # Data Discovery & Classification
@@ -108,7 +108,7 @@ After the organization-wide policy has been defined, you can continue classifyin
 
 An important aspect of the classification is the ability to monitor access to sensitive data. [Azure SQL Auditing](../../azure-sql/database/auditing-overview.md) has been enhanced to include a new field in the audit log called `data_sensitivity_information`. This field logs the sensitivity classifications (labels) of the data that was returned by a query. Here's an example:
 
-![Audit log](./media/data-discovery-and-classification-overview/11_data_classification_audit_log.png)
+[ ![Audit log](./media/data-discovery-and-classification-overview/11_data_classification_audit_log.png)](./media/data-discovery-and-classification-overview/11_data_classification_audit_log.png#lightbox)
 
 ## <a id="permissions"></a>Permissions
 
@@ -120,12 +120,22 @@ These built-in roles can read the data classification of a database:
 - SQL Security Manager
 - User Access Administrator
 
+These are the required actions to read the data classification of a database are:
+
+- Microsoft.Sql/servers/databases/currentSensitivityLabels/*
+- Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
+- Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
+
 These built-in roles can modify the data classification of a database:
 
 - Owner
 - Contributor
 - SQL Security Manager
 
+This is the required action to modify the data classification of a database are:
+
+- Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
+
 Learn more about role-based permissions in [Azure RBAC](../../role-based-access-control/overview.md).
 
 ## <a id="manage-classification"></a>Manage classifications

articles/azure-sql/database/media/data-discovery-and-classification-overview/11_data_classification_audit_log.png

@@ -2,7 +2,7 @@
 title: Archive Tier support
 description: Learn about Archive Tier Support for Azure Backup
 ms.topic: conceptual
-ms.date: 08/04/2021
+ms.date: 08/23/2021
 ms.custom: devx-track-azurepowershell
 ---
 
@@ -206,7 +206,7 @@ Stop protection and delete data deletes all the recovery points. For recovery po
 
 | Workloads | Preview | Generally available |
 | --- | --- | --- |
-| SQL Server in Azure VM | East US, East US 2, Central US, South Central US, West US, West US 2, West Central US, North Central US, Brazil South, Canada East, Canada Central, West Europe, UK South, UK West, East Asia, Japan East, South India | Australia East, Central India, North Europe, South East Asia |
+| SQL Server in Azure VM | East US, South Central US, North Central US, West Europe, UK South | Australia East, Central India, North Europe, South East Asia, East Asia, Australia South East, Canada Central, Brazil South, Canada East, France Central, France South, Japan East, Japan West, Korea Central, Korea South, South India, UK West, Central US, East US 2, West US, West US 2, West Central US |
 | Azure Virtual Machines | East US, East US 2, Central US, South Central US, West US, West US 2, West Central US, North Central US, Brazil South, Canada East, Canada Central, West Europe, UK South, UK West, East Asia, Japan East, South India, South East Asia, Australia East, Central India, North Europe | None |
 
 ## Error codes and troubleshooting steps

articles/backup/archive-tier-support.md

@@ -0,0 +1,120 @@
+---
+title: Back up file data with MABS
+description: You can back up file data on server and client computers with MABS.
+ms.topic: conceptual
+ms.date: 08/19/2021
+---
+
+# Back up file data with MABS
+
+You can use Microsoft Azure Backup Server (MABS) to back up file data on server and client computers.
+
+## Before you start
+
+1. **Deploy MABS** - Verify that MABS is installed and deployed correctly. We recommend that you review the following articles:
+
+   - [Install MABS](backup-azure-microsoft-azure-backup.md)
+
+   - [What can MABS back up?](backup-mabs-protection-matrix.md)
+
+   - [What's new in MABS?](backup-mabs-whats-new-mabs.md)
+
+   - [MABS release notes](backup-mabs-release-notes-v3.md)
+
+1. **Set up storage** - You can store backed up data on disk, on tape, and in the cloud with Azure. Read more in [Prepare data storage](/system-center/dpm/plan-long-and-short-term-data-storage?view=sc-dpm-2019&preserve-view=trus).
+
+1. **Set up the MABS protection agent** - You'll need to install the MABS protection agent on every machine you want to back up. Read [Deploy the MABS protection agent](backup-azure-microsoft-azure-backup.md).
+
+## Back up file data
+
+After you have your MABS infrastructure set up you can enable protection machines that have file data you want to back up.
+
+1. To create a protection group, click **Protection** > **Actions** > **Create Protection Group** to open the **Create New Protection Group** wizard in the MABS console.
+
+1. In **Select Protection Group Type** select **Servers**.
+
+1. In **Select Group Members** you'll add the machines for which you want to back up file data to the protection group. On those machines you select the locations, shares, and folders you want to protect.  [Deploy protection groups](backup-support-matrix-mabs-dpm.md). You can select different types of folders (such as Desktop) or different file  or the entire volume. You can also exclude specific locations from protection.
+
+   >[!NOTE]
+   > If you are protecting the volume on which the deduplication is enabled, ensure that the [Data Deduplication](/windows-server/storage/data-deduplication/install-enable) server role is installed on the MABS server. See the [support matrix](backup-support-matrix-mabs-dpm.md#deduplicated-volumes-support) for detailed information on deduplication.   
+
+1. In **Select data protection method**  specify how you want to handle short and long-term backup. Short-term backup is always to disk first, with the option of backing up from the disk to the Azure cloud with Azure backup (for short or long-term). As an alternative to long-term backup to the cloud you can also configure long-term back up to a standalone tape device or tape library connected to the MABS server.
+
+1. In **Select short-term goals** specify how you want to back up to short-term storage on disk.  In **Retention range** you specify how long you want to keep the data on disk. In **Synchronization frequency** you specify how often you want to run an incremental backup to disk. If you don't want to set a backup interval, you can check **Just before a recovery point** so that MABS will run an express full backup just before each recovery point is scheduled.
+
+1. If you want to store data on tape for long-term storage in **Specify long-term goals** indicate how long you want to keep tape data (1-99 years). In Frequency of backup specify how often backups to tape should run. The frequency is based on the retention range you've specified:
+
+   - When the retention range is 1-99 years, you can select backups to occur daily, weekly, bi-weekly, monthly, quarterly, half-yearly, or yearly.
+
+   - When the retention range is 1-11 months, you can select backups to occur daily, weekly, bi-weekly, or monthly.
+
+   - When the retention range is 1-4 weeks, you can select backups to occur daily or weekly.
+
+   On a stand-alone tape drive, for a single protection group, MABS uses the same tape for daily backups until there is insufficient space on the tape. You can also co-locate data from different protection groups on tape.
+
+   On the **Select Tape and Library Details** page specify the tape/library to use, and whether data should be compressed and encrypted on tape.
+
+1. In the **Review disk allocation** page review the storage pool disk space allocated for the protection group.
+
+   **Total Data size** is the size of the data you want to back up, and **Disk space to be provisioned on MABS** is the space that MABS recommends for the protection group. MABS chooses the ideal backup volume, based on the settings. However, you can edit the backup volume choices in the **Disk allocation details**. For the workloads, select the preferred storage in the dropdown menu. Your edits change the values for **Total Storage** and **Free Storage** in the **Available Disk Storage** pane. Underprovisioned space is the amount of storage MABS suggests you add to the volume, to continue with backups smoothly in the future.
+
+1. In **Choose replica creation method** select how you want to handle the initial full data replication.  If you select to replicate over the network we recommended you choose an off-peak time. For large amounts of data or less than optimal network conditions, consider replicating the data offline using removable media.
+
+1. In **Choose consistency check options**, select how you want to automate consistency checks. You can enable a check to run only when replica data becomes inconsistent, or according to a schedule. If you don't want to configure automatic consistency checking, you can run a manual check at any time by right-clicking the protection group in the **Protection** area of the MABS console, and selecting **Perform Consistency Check**.
+
+1. If you've selected to back up to the cloud with Azure Backup, on the **Specify online protection data** page make sure the workloads you want to back up to Azure are selected.
+
+1. In **Specify online backup schedule** specify how often incremental backups to Azure should occur. You can schedule backups to run every day/week/month/year and the time/date at which they should run. Backups can occur up to twice a day. Each time a backup runs a data recovery point is created in Azure from the copy of the backed-up data stored on the MABS disk.
+
+1. In **Specify online retention policy** you can specify how the recovery points created from the daily/weekly/monthly/yearly backups are retained in Azure.
+
+1. In **Choose online replication** specify how the initial full replication of data will occur. You can replicate over the network, or do an offline backup (offline seeding). Offline backup uses the Azure Import feature. [Read more](/azure/backup/backup-azure-backup-import-export).
+
+1. On the  **Summary** page review your settings. After you click **Create Group** initial replication of the data occurs. When it finishes the protection group status will show as **OK** on the **Status** page. Backup then takes place in line with the protection group settings.
+
+## Recover backed up file data
+
+You recover data using the Recovery Wizard. When you double-click a protected volume on the **Protected data** pane in the wizard, MABS displays the data that belongs to that volume in the results pane. You can filter protected server names alphabetically by clicking **Filter**. After selecting a data source to recover in the tree view, you can select a specific recovery point by clicking the bold dates in the calendar. When you click **Recover** in the **Actions** pane, MABS starts the recovery job.
+
+## Recover data
+Recover data from the MABS console as follows:
+
+1. In MABS console  click **Recovery** on the navigation bar. and browse for the data you want to recover. In the results pane, select the data.
+
+1. Available recovery points are indicated in bold on the calendar in the recovery points section. Select the bold date for the recovery point you want to recover.
+
+1. In the **Recoverable item** pane, click to select the recoverable item you want to recover.
+
+1. In the **Actions** pane, click **Recover** to open the Recovery Wizard.
+
+1. You can recover data as follows:
+
+   1. **Recover to the original location**. Note that this doesn't work if the client computer is connected over VPN. In this case use an alternate location and then copy data from that location.
+
+   1. **Recover to an alternate location**.
+
+   1. **Copy to tape**. This option copies the volume that contains the selected data to a tape in a MABS library. You can also choose to compress or encrypt the data on tape.
+
+1. Specify your recovery options:
+
+   1. **Existing version recovery behavior**. Select **Create copy**, **Skip**, or **Overwrite**. This option is enabled only when you're recovering to the original location.
+
+   1. **Restore security**. Select **Apply settings of the destination computer** or **Apply the security settings of the recovery point version**.
+
+   1. **Network bandwidth usage throttling**. Click **Modify** to enable network bandwidth usage throttling.
+
+   1. **Enable SAN based recovery using hardware snapshots**. Select this option to use SAN-based hardware snapshots for quicker recovery.
+      
+      This option is valid only when you have a SAN where hardware snapshot functionality is enabled, the SAN has the capability to create a clone and to split a clone to make it writable, and the protected computer and the MABS server are connected to the same SAN.
+
+   1. **Notification**. Click **Send an e-mail when the recovery completes**, and specify the recipients who will receive the notification. Separate the e-mail addresses with commas.
+
+1. Click **Next** after you have made your selections for the preceding options.
+
+1. Review your recovery settings, and click **Recover**. Note that any synchronization job for the selected recovery item will be canceled while the recovery is in progress.
+
+When using Modern Backup Storage (MBS), File Server end-user recovery (EUR) is not supported. File Server EUR has a dependency on the Volume Shadow Copy Service (VSS), which Modern Backup Storage does not use. If end-user recovery is enabled, then recover data as follows:
+
+1. Navigate to the protected data file. Right-click the file name > **Properties**.
+
+1. In **Properties** > **Previous Versions** select the version that you want to recover.

articles/backup/back-up-file-data.md

@@ -2,7 +2,7 @@
 title: Azure Backup support matrix
 description: Provides a summary of support settings and limitations for the Azure Backup service.
 ms.topic: conceptual
-ms.date: 07/05/2021
+ms.date: 08/23/2021
 ms.custom: references_regions 
 ---
 
@@ -158,7 +158,7 @@ The resource health check functions in following conditions:
 |     |     |
 | --- | --- |
 | **Supported Resources** | Recovery Services vault |
-| **Supported Regions** | East US 2, East Asia, and France Central. |
+| **Supported Regions** | East US 2, Central US, North Europe, France Central, East Asia, Japan East, Japan West, Australia East, South Africa North. |
 | **For unsupported regions** | The resource health status is shown as "Unknown". |