Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into rolyon-aadroles-custom-roles-app-permissions-descriptions

Author: rolyon

articles/azure-resource-manager/bicep/bicep-config-linter.md

@@ -2,7 +2,7 @@
 title: Linter settings for Bicep config
 description: Describes how to customize configuration values for the Bicep linter
 ms.topic: conceptual
-ms.date: 11/01/2022
+ms.date: 01/30/2023
 ---
 
 # Add linter settings in the Bicep config file
@@ -89,6 +89,9 @@ The following example shows the rules that are available for configuration.
         "simplify-interpolation": {
           "level": "warning"
         },
+        "use-parent-property": {
+          "level": "warning"
+        },
         "use-protectedsettings-for-commandtoexecute-secrets": {
           "level": "warning"
         },

articles/azure-resource-manager/bicep/child-resource-name-type.md

@@ -17,11 +17,11 @@ This article show different ways you can declare a child resource.
 
 ### Training resources
 
-If you would rather learn about about child resources through step-by-step guidance, see [Deploy child and extension resources by using Bicep](/training/modules/child-extension-bicep-templates).
+If you would rather learn about child resources through step-by-step guidance, see [Deploy child and extension resources by using Bicep](/training/modules/child-extension-bicep-templates).
 
 ## Name and type pattern
 
-In Bicep, you can specify the child resource either within the parent resource or outside of the parent resource. The values you provide for the resource name and resource type vary based on how you declare the child resource. However, the full name and type always resolve to the same pattern. 
+In Bicep, you can specify the child resource either within the parent resource or outside of the parent resource. The values you provide for the resource name and resource type vary based on how you declare the child resource. However, the full name and type always resolve to the same pattern.
 
 The **full name** of the child resource uses the pattern:
 
@@ -47,7 +47,7 @@ If you have more than two levels in the hierarchy, keep repeating parent resourc
 {resource-provider-namespace}/{parent-resource-type}/{child-level1-resource-type}/{child-level2-resource-type}
 ```
 
-If you count the segments between `/` characters, the number of segments in the type is always one more than the number of segments in the name. 
+If you count the segments between `/` characters, the number of segments in the type is always one more than the number of segments in the name.
 
 ## Within parent resource
 
@@ -113,7 +113,7 @@ You can also use the full resource name and type when declaring the child resour
 :::code language="bicep" source="~/azure-docs-bicep-samples/syntax-samples/child-resource-name-type/fullnamedeclaration.bicep" highlight="10,11,17,18":::
 
 > [!IMPORTANT]
-> Setting the full resource name and type isn't the recommended approach. It's not as type safe as using one of the other approaches.
+> Setting the full resource name and type isn't the recommended approach. It's not as type safe as using one of the other approaches. For more information, see [Linter rule: use parent property](./linter-rule-use-parent-property.md).
 
 ## Next steps
 

articles/azure-resource-manager/bicep/linter-rule-use-parent-property.md

@@ -0,0 +1,82 @@
+---
+title: Linter rule - use parent property
+description: Linter rule - use parent property
+ms.topic: conceptual
+ms.date: 01/30/2023
+---
+
+# Linter rule - use parent property
+
+When defined outside of the parent resource, you format name of the child resource with slashes to include the parent name. Setting the full resource name isn't the recommended approach. The syntax can be simplified by using the `parent` property. For more information, see [Full resource name outside parent](./child-resource-name-type.md#full-resource-name-outside-parent).
+
+When defined outside of the parent resource, you use slashes to include the parent name in the name of the child resource. Setting the full resource name with parent resource name is not recommended. The `parent` property can be used to simplify the syntax. See [Full resource name outside parent](./child-resource-name-type.md#full-resource-name-outside-parent).
+
+## Linter rule code
+
+Use the following value in the [Bicep configuration file](bicep-config-linter.md) to customize rule settings:
+
+`use-parent-property`
+
+## Solution
+
+The following example fails this test because of the name values for `service` and `share`:
+
+```bicep
+param location string = resourceGroup().location
+
+resource storage 'Microsoft.Storage/storageAccounts@2021-02-01' = {
+  name: 'examplestorage'
+  location: location
+  kind: 'StorageV2'
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource service 'Microsoft.Storage/storageAccounts/fileServices@2021-02-01' = {
+  name: 'examplestorage/default'
+  dependsOn: [
+    storage
+  ]
+}
+
+resource share 'Microsoft.Storage/storageAccounts/fileServices/shares@2021-02-01' = {
+  name: 'examplestorage/default/exampleshare'
+  dependsOn: [
+    service
+  ]
+}
+```
+
+You can fix the problem by using the `parent` property:
+
+```bicep
+param location string = resourceGroup().location
+
+resource storage 'Microsoft.Storage/storageAccounts@2021-02-01' = {
+  name: 'examplestorage'
+  location: location
+  kind: 'StorageV2'
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource service 'Microsoft.Storage/storageAccounts/fileServices@2021-02-01' = {
+  parent: storage
+  name: 'default'
+}
+
+resource share 'Microsoft.Storage/storageAccounts/fileServices/shares@2021-02-01' = {
+  parent: service
+  name: 'exampleshare'
+}
+```
+
+You can fix the issue automatically by selecting **Quick Fix** as shown on the following screenshot:
+
+:::image type="content" source="./media/linter-rule-use-parent-property/bicep-linter-rule-use-parent-property-quick-fix.png" alt-text="Screenshot of use parent property quick fix.":::
+
+## Next steps
+
+For more information about the linter, see [Use Bicep linter](./linter.md).

articles/azure-resource-manager/bicep/linter.md

@@ -2,7 +2,7 @@
 title: Use Bicep linter
 description: Learn how to use Bicep linter.
 ms.topic: conceptual
-ms.date: 11/01/2022
+ms.date: 01/30/2023
 ---
 
 # Use Bicep linter
@@ -39,6 +39,7 @@ The default set of linter rules is minimal and taken from [arm-ttk test cases](.
 - [secure-params-in-nested-deploy](./linter-rule-secure-params-in-nested-deploy.md)
 - [secure-secrets-in-params](./linter-rule-secure-secrets-in-parameters.md)
 - [simplify-interpolation](./linter-rule-simplify-interpolation.md)
+- [use-parent-property](./linter-rule-use-parent-property.md)
 - [use-protectedsettings-for-commandtoexecute-secrets](./linter-rule-use-protectedsettings-for-commandtoexecute-secrets.md)
 - [use-recent-api-versions](./linter-rule-use-recent-api-versions.md)
 - [use-resource-id-functions](./linter-rule-use-resource-id-functions.md)

articles/azure-resource-manager/bicep/media/linter-rule-use-parent-property/bicep-linter-rule-use-parent-property-quick-fix.png

@@ -458,6 +458,9 @@
       - name: Use explicit values for module location parameters
         displayName: linter
         href: linter-rule-explicit-values-for-loc-params.md
+      - name: Use parent property
+        displayName: linter
+        href: linter-rule-use-parent-property.md
       - name: use recent API versions
         displayName: linter
         href: linter-rule-use-recent-api-versions.md

articles/azure-resource-manager/bicep/toc.yml

@@ -11,7 +11,7 @@ ms.service: cloud-services
 ms.topic: article
 ms.tgt_pltfrm: na
 ms.workload: tbd
-ms.date: 1/19/2023
+ms.date: 1/31/2023
 ms.author: gunnarc
 ---
 # Azure Guest OS releases and SDK compatibility matrix
@@ -37,6 +37,9 @@ Unsure about how to update your Guest OS? Check [this][cloud updates] out.
 
 ## News updates
 
+###### **January 31, 2023**
+The January Guest OS has released. 
+
 ###### **January 19, 2023**
 The December Guest OS has released. 
 
@@ -205,8 +208,9 @@ The September Guest OS has released.
 
 | Configuration string | Release date | Disable date |
 | --- | --- | --- |
+|  WA-GUEST-OS-7.21_202301-011 |  January 31, 2023  |  Post 7.23  |
 |  WA-GUEST-OS-7.20_202212-01 |  January 19, 2023  |  Post 7.22  |
-|  WA-GUEST-OS-7.19_202211-01 |  December 12, 2022  |  Post 7.21  |
+|~~WA-GUEST-OS-7.19_202211-01~~|  December 12, 2022  |  January 31, 2023  |
 |~~WA-GUEST-OS-7.18_202210-02~~|  November 4, 2022  |  January 19, 2023  |
 |~~WA-GUEST-OS-7.16_202209-01~~|  September 29, 2022  |  December 12, 2022  |
 |~~WA-GUEST-OS-7.15_202208-01~~|  September 2, 2022  |  November 4, 2022 |
@@ -234,8 +238,9 @@ The September Guest OS has released.
 
 | Configuration string | Release date | Disable date |
 | --- | --- | --- |
+|  WA-GUEST-OS-6.53_202301-01 |  January 31, 2023  |  Post 6.55  |
 |  WA-GUEST-OS-6.52_202212-01 |  January 19, 2023  |  Post 6.54  |
-|  WA-GUEST-OS-6.51_202211-01 |  December 12, 2022  |  Post 6.53  |
+|~~WA-GUEST-OS-6.51_202211-01~~|  December 12, 2022  |  January 31, 2023  |
 |~~WA-GUEST-OS-6.50_202210-02~~|  November 4, 2022  |  January 19, 2023  |
 |~~WA-GUEST-OS-6.48_202209-01~~|  September 29, 2022  |  December 12, 2022  |
 |~~WA-GUEST-OS-6.47_202208-01~~|  September 2, 2022  |  November 4, 2022  |
@@ -297,8 +302,9 @@ The September Guest OS has released.
 
 | Configuration string | Release date | Disable date |
 | --- | --- | --- |
+|  WA-GUEST-OS-5.77_202301-01  |  January 31, 2023   |  Post 5.79  | 
 |  WA-GUEST-OS-5.76_202212-01  |  January 19, 2023   |  Post 5.78  | 
-|  WA-GUEST-OS-5.75_202211-01  |  December 12, 2022  |  Post 5.77  | 
+|~~WA-GUEST-OS-5.75_202211-01~~|  December 12, 2022  |  January 31, 2023  | 
 |~~WA-GUEST-OS-5.74_202210-02~~|  November 4, 2022  |  January 19, 2023  | 
 |~~WA-GUEST-OS-5.72_202209-01~~|  September 29, 2022  |  December 12, 2022  | 
 |~~WA-GUEST-OS-5.71_202208-01~~|  September 2, 2022  |  November 4, 2022  | 
@@ -357,8 +363,9 @@ The September Guest OS has released.
 
 | Configuration string | Release date | Disable date |
 | --- | --- | --- |
+|  WA-GUEST-OS-4.113_202301-01 |  January 31, 2023  |  Post 4.115  |
 |  WA-GUEST-OS-4.112_202212-01 |  January 19, 2023  |  Post 4.114  |
-|  WA-GUEST-OS-4.111_202211-01 |  December 12, 2022  |  Post 4.113  |
+|~~WA-GUEST-OS-4.111_202211-01~~|  December 12, 2022  |  January 31, 2023  |
 |~~WA-GUEST-OS-4.110_202210-02~~|  November 4, 2022  |  January 19, 2023 |
 |~~WA-GUEST-OS-4.108_202209-01~~|  September 29, 2022  |  December 12, 2022  |
 |~~WA-GUEST-OS-4.107_202208-01~~|  September 2, 2022  |  November 4, 2022  |
@@ -417,8 +424,9 @@ The September Guest OS has released.
 
 | Configuration string | Release date | Disable date |
 | --- | --- | --- |
+|  WA-GUEST-OS-3.120_202301-01  |  January 31, 2023  |  Post 3.122  |
 |  WA-GUEST-OS-3.119_202212-01  |  January 19, 2023  |  Post 3.121  |
-|  WA-GUEST-OS-3.118_202211-01  |  December 12, 2022  |  Post 3.120  |
+|~~WA-GUEST-OS-3.118_202211-01~~|  December 12, 2022  |  January 31, 2023  |
 |~~WA-GUEST-OS-3.117_202210-02~~|  November 4, 2022  |  January 19, 2023 |
 |~~WA-GUEST-OS-3.115_202209-01~~|  September 29, 2022  |  December 12, 2022  |
 |~~WA-GUEST-OS-3.114_202208-01~~|  September 2, 2022  |  November 4, 2022  |
@@ -477,8 +485,9 @@ The September Guest OS has released.
 
 | Configuration string | Release date | Disable date |
 | --- | --- | --- |
+|  WA-GUEST-OS-2.133_202301-01  |  January 31, 2023  |  Post 2.135  |
 |  WA-GUEST-OS-2.132_202212-01  |  January 19, 2023  |  Post 2.134  |
-|  WA-GUEST-OS-2.131_202211-01  |  December 12, 2022  |  Post 2.133  |
+|~~WA-GUEST-OS-2.131_202211-01~~|  December 12, 2022  |  January 31, 2023  |
 |~~WA-GUEST-OS-2.130_202210-02~~|  November 4, 2022  |  January 19, 2023  |
 |~~WA-GUEST-OS-2.128_202209-01~~|  September 29, 2022  |  December 12, 2022  |
 |~~WA-GUEST-OS-2.127_202208-01~~|  September 2, 2022  |  November 4, 2022  |

articles/cloud-services/cloud-services-guestos-update-matrix.md

@@ -76,7 +76,7 @@ An important notion is that the private links feature only *gives* access to you
 1. Open the Azure portal and open your key vault resource.
 2. In the left menu, select **Networking**.
 3. Make sure the **Firewalls and virtual networks** tab is selected on top.
-4. Make sure the option **Private endpoint and selected networks** is selected. If you find **All networks** select, that explains why external clients are still able to access the key vault.
+4. If you find **Allow public access from all networks** selected, that explains why external clients are still able to access the key vault. If you would like the Key Vault to be accessible only over Private Link, select **Disable Public Access**.
 
 The following statements also apply to firewall settings:
 

articles/key-vault/general/private-link-diagnostics.md

@@ -12,11 +12,7 @@ ms.collection:
 
 # Monitor Zero Trust (TIC 3.0) security architectures with Microsoft Sentinel
 
-[Zero Trust](/security/zero-trust/zero-trust-overview) is a security strategy for designing and implementing security principles that assumes breach, and verifies each request as though it originated from an uncontrolled network. A Zero Trust model implements the following security principles:
-
-- **Verify explicitly**: Always authenticate and authorize based on all available data points.
-- **Use least privilege access**: Limit user access with Just-In-Time and Just-Enough-Access (JIT/JEA), risk-based adaptive policies, and data protection.
-- **Assume breach**: Minimize blast radius and segment access. Verify end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defenses.
+[!INCLUDE [zero-trust-principles](../../includes/security/zero-trust-principles.md)]
 
 This article describes how to use the Microsoft Sentinel **Zero Trust (TIC 3.0)** solution, which helps governance and compliance teams monitor and respond to Zero Trust requirements according to the [TRUSTED INTERNET CONNECTIONS (TIC) 3.0](https://www.cisa.gov/tic) initiative. 
 

articles/sentinel/sentinel-solution.md

@@ -0,0 +1,15 @@
+---
+author: batamig
+ms.service: security
+ms.topic: include
+ms.date: 01/31/2023
+ms.author: bagol
+ms.collection:
+  -       zerotrust-services
+---
+
+[Zero Trust](/security/zero-trust/zero-trust-overview) is a security strategy for designing and implementing the following sets of security principles:
+
+|Verify explicitly  |Use least privilege access  |Assume breach  |
+|---------|---------|---------|
+|Always authenticate and authorize based on all available data points.     | Limit user access with Just-In-Time and Just-Enough-Access (JIT/JEA), risk-based adaptive policies, and data protection.        | Minimize blast radius and segment access. Verify end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defenses.        |