Merge pull request #195003 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: huypub

articles/cosmos-db/sql/tutorial-sql-api-dotnet-bulk-import.md

@@ -125,6 +125,9 @@ Inside the `Main` method, add the following code to initialize the CosmosClient
 
 [!code-csharp[Main](~/cosmos-dotnet-bulk-import/src/Program.cs?name=CreateClient)]
 
+> [!Note]
+> Once bulk execution is specified in the [CosmosClientOptions](/dotnet/api/microsoft.azure.cosmos.cosmosclientoptions), they are effectively immutable for the lifetime of the CosmosClient. Changing the values will have no effect.
+
 After the bulk execution is enabled, the CosmosClient internally groups concurrent operations into single service calls. This way it optimizes the throughput utilization by distributing service calls across partitions, and finally assigning individual results to the original callers.
 
 You can then create a container to store all our items.  Define `/pk` as the partition key, 50000 RU/s as provisioned throughput, and a custom indexing policy that will exclude all fields to optimize the write throughput. Add the following code after the CosmosClient initialization statement:

articles/machine-learning/how-to-assign-roles.md

@@ -427,10 +427,11 @@ Allows you to define a role scoped only to labeling data:
     "Actions": [
         "Microsoft.MachineLearningServices/workspaces/read",
         "Microsoft.MachineLearningServices/workspaces/labeling/projects/read",
-        "Microsoft.MachineLearningServices/workspaces/labeling/labels/write"
+        "Microsoft.MachineLearningServices/workspaces/labeling/projects/summary/read",
+        "Microsoft.MachineLearningServices/workspaces/labeling/labels/read",
+        "Microsoft.MachineLearningServices/workspaces/labeling/labels/write"   
     ],
-    "NotActions": [
-        "Microsoft.MachineLearningServices/workspaces/labeling/projects/summary/read"
+    "NotActions": [        
     ],
     "AssignableScopes": [
         "/subscriptions/<subscription_id>"

articles/machine-learning/how-to-train-cli.md

@@ -326,7 +326,7 @@ And run it:
 
 :::code language="azurecli" source="~/azureml-examples-main/cli/train.sh" id="sklearn_iris":::
 
-To register a model, you can download the outputs and create a model from the local directory:
+To register a model, you can upload the model files from the run to the model registry:
 
 :::code language="azurecli" source="~/azureml-examples-main/cli/train.sh" id="sklearn_download_register_model":::
 

articles/purview/register-scan-power-bi-tenant.md

@@ -150,7 +150,7 @@ This section describes how to register a Power BI tenant in Azure Purview for sa
 
 #### Scan same tenant using Azure IR and Managed Identity
 
-This is a suitable scenario, if both Azure Purview and Power PI tenant are configured to allow public access in the network settings. 
+This is a suitable scenario, if both Azure Purview and Power BI tenant are configured to allow public access in the network settings. 
 
 To create and run a new scan, do the following:
 
@@ -186,7 +186,7 @@ To create and run a new scan, do the following:
 
 #### Scan same tenant using Self-hosted IR and Delegated authentication
 
-This scenario can be used when Azure Purview and Power PI tenant or both, are configured to use private endpoint and deny public access. Additionally, this option is also applicable if Azure Purview and Power PI tenant are configured to allow public access.
+This scenario can be used when Azure Purview and Power BI tenant or both, are configured to use private endpoint and deny public access. Additionally, this option is also applicable if Azure Purview and Power BI tenant are configured to allow public access.
 
 > [!IMPORTANT]
 > Additional configuration may be required for your Power BI tenant and Azure Purview account, if you are planning to scan Power BI tenant through private network where either Azure Purview account, Power BI tenant or both are configured with private endpoint with public access denied.

includes/active-directory-service-limits-include.md

@@ -24,4 +24,4 @@ Here are the usage constraints and other service limits for the Azure AD service
 | Access Panel |There's no limit to the number of applications per user that can be displayed in the Access Panel, regardless of the number of assigned licenses.  |
 | Reports | A maximum of 1,000 rows can be viewed or downloaded in any report. Any additional data is truncated. |
 | Administrative units | <ul><li>An Azure AD resource can be a member of no more than 30 administrative units.</li><li>An Azure AD organization can have a maximum of 5,000 dynamic groups and dynamic administrative units combined.</li></ul> |
-| Azure AD roles and permissions | <ul><li>A maximum of 30 [Azure AD custom roles](/azure/active-directory//users-groups-roles/roles-custom-overview?context=azure%2factive-directory%2fusers-groups-roles%2fcontext%2fugr-context) can be created in an Azure AD organization.</li><li>A maximum of 100 Azure AD custom role assignments for a single principal at tenant scope.</li><li>A maximum of 100 Azure AD built-in role assignments for a single principal at non-tenant scope (such as an administrative unit or Azure AD object). There is no limit to Azure AD built-in role assignments at tenant scope.</li><li>A group can't be added as a [group owner](../articles/active-directory/fundamentals/users-default-permissions.md?context=azure%2factive-directory%2fusers-groups-roles%2fcontext%2fugr-context#object-ownership).</li><li>A user's ability to read other users' tenant information can be restricted only by the Azure AD organization-wide switch to disable all non-admin users' access to all tenant information (not recommended). For more information, see [To restrict the default permissions for member users](../articles/active-directory/fundamentals/users-default-permissions.md?context=azure%2factive-directory%2fusers-groups-roles%2fcontext%2fugr-context#restrict-member-users-default-permissions).</li><li>It might take up to 15 minutes or you might have to sign out and sign back in before admin role membership additions and revocations take effect.</li></ul> |
+| Azure AD roles and permissions | <ul><li>A maximum of 30 [Azure AD custom roles](/azure/active-directory//users-groups-roles/roles-custom-overview?context=azure%2factive-directory%2fusers-groups-roles%2fcontext%2fugr-context) can be created in an Azure AD organization.</li><li>A maximum of 150 Azure AD custom role assignments for a single principal at any scope.</li><li>A maximum of 100 Azure AD built-in role assignments for a single principal at non-tenant scope (such as an administrative unit or Azure AD object). There is no limit to Azure AD built-in role assignments at tenant scope.</li><li>A group can't be added as a [group owner](../articles/active-directory/fundamentals/users-default-permissions.md?context=azure%2factive-directory%2fusers-groups-roles%2fcontext%2fugr-context#object-ownership).</li><li>A user's ability to read other users' tenant information can be restricted only by the Azure AD organization-wide switch to disable all non-admin users' access to all tenant information (not recommended). For more information, see [To restrict the default permissions for member users](../articles/active-directory/fundamentals/users-default-permissions.md?context=azure%2factive-directory%2fusers-groups-roles%2fcontext%2fugr-context#restrict-member-users-default-permissions).</li><li>It might take up to 15 minutes or you might have to sign out and sign back in before admin role membership additions and revocations take effect.</li></ul> |