Merge pull request #244666 from MicrosoftDocs/repo_sync_working_branch

Taojunshen · web-flow · commit e46409ddaf35 · 2023-07-13T00:44:48.000+08:00
Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)
diff --git a/articles/active-directory-b2c/partner-xid.md b/articles/active-directory-b2c/partner-xid.md
@@ -182,8 +182,8 @@ Get the custom policy starter packs from GitHub, then update the XML files in th
         </InputClaims>
         <OutputClaims>
           <!-- Claims parsed from your REST API -->
-          <OutputClaim ClaimTypeReferenceId="last_name" PartnerClaimType="givenName" />
-          <OutputClaim ClaimTypeReferenceId="first_name" PartnerClaimType="surname" />
+          <OutputClaim ClaimTypeReferenceId="last_name" />
+          <OutputClaim ClaimTypeReferenceId="first_name" />
           <OutputClaim ClaimTypeReferenceId="previous_name" />
           <OutputClaim ClaimTypeReferenceId="year" />
           <OutputClaim ClaimTypeReferenceId="month" />
diff --git a/articles/active-directory/authentication/tutorial-enable-sspr.md b/articles/active-directory/authentication/tutorial-enable-sspr.md
@@ -94,6 +94,9 @@ An administrator can manually provide this contact information, or users can go
 
 1. To apply the registration settings, select **Save**.
 
+> [!NOTE]
+> The interruption to request to register contact information during signing in, will only occur, if the conditions configured on the settings are met, and will only apply to users and admin accounts that are enabled to reset passwords using Azure Active Directory self-service password reset. 
+
 ## Set up notifications and customizations
 
 To keep users informed about account activity, you can set up Azure AD to send email notifications when an SSPR event happens. These notifications can cover both regular user accounts and admin accounts. For admin accounts, this notification provides another layer of awareness when a privileged administrator account password is reset using SSPR. Azure AD will notify all global admins when someone uses SSPR on an admin account.
diff --git a/articles/active-directory/hybrid/connect/how-to-connect-install-prerequisites.md b/articles/active-directory/hybrid/connect/how-to-connect-install-prerequisites.md
@@ -57,8 +57,8 @@ To read more about securing your Active Directory environment, see [Best practic
 
 #### Installation prerequisites
 
-- Azure AD Connect must be installed on a domain-joined Windows Server 2016 or later. You can deploy Azure AD Connect on Windows Server 2016 but since Windows Server 2016 is in extended support, you may require [a paid support program](/lifecycle/policies/fixed#extended-support) if you require support for this configuration. We recommend the usage of domain joined Windows Server 2022.
-- The minimum .NET Framework version required is 4.6.2, and newer versions of .NET are also supported.
+- Azure AD Connect must be installed on a domain-joined Windows Server 2016 or later. We recommend using domain-joined Windows Server 2022. You can deploy Azure AD Connect on Windows Server 2016 but since Windows Server 2016 is in extended support, you may require [a paid support program](/lifecycle/policies/fixed#extended-support) if you require support for this configuration.
+- The minimum .NET Framework version required is 4.6.2, and newer versions of .NET are also supported.  .NET version 4.8 and greater offers the best accessibility compliance.
 - Azure AD Connect can't be installed on Small Business Server or Windows Server Essentials before 2019 (Windows Server Essentials 2019 is supported). The server must be using Windows Server standard or better. 
 - The Azure AD Connect server must have a full GUI installed. Installing Azure AD Connect on Windows Server Core isn't supported. 
 - The Azure AD Connect server must not have PowerShell Transcription Group Policy enabled if you use the Azure AD Connect wizard to manage Active Directory Federation Services (AD FS) configuration. You can enable PowerShell transcription if you use the Azure AD Connect wizard to manage sync configuration. 
diff --git a/articles/active-directory/hybrid/connect/whatis-azure-ad-connect-v2.md b/articles/active-directory/hybrid/connect/whatis-azure-ad-connect-v2.md
@@ -27,7 +27,7 @@ Azure AD Connect cloud sync is the future of synchronization for Microsoft.  It
 
 > [!VIDEO https://www.youtube.com/embed/9T6lKEloq0Q]
 
-Before moving the Azure AD Connect V2.0, you should consider moving to cloud sync.  You can see if cloud sync is right for you, by accessing the [Check sync tool](https://aka.ms/M365Wizard) from the portal or via the link provided.
+Before moving the Azure AD Connect V2.0, you should consider moving to cloud sync.  You can see if cloud sync is right for you, by accessing the [Check sync tool](https://aka.ms/EvaluateSyncOptions) from the portal or via the link provided.
 
 For more information, see [What is cloud sync?](../cloud-sync/what-is-cloud-sync.md)
 
diff --git a/articles/aks/concepts-storage.md b/articles/aks/concepts-storage.md
@@ -154,8 +154,7 @@ For clusters using the [Container Storage Interface (CSI) drivers][csi-storage-d
 |---|---|
 | `managed-csi` | Uses Azure StandardSSD locally redundant storage (LRS) to create a Managed Disk. The reclaim policy ensures that the underlying Azure Disk is deleted when the persistent volume that used it's deleted. The storage class also configures the persistent volumes to be expandable, you just need to edit the persistent volume claim with the new size. |
 | `managed-csi-premium` | Uses Azure Premium locally redundant storage (LRS) to create a Managed Disk. The reclaim policy again ensures that the underlying Azure Disk is deleted when the persistent volume that used it's deleted. Similarly, this storage class allows for persistent volumes to be expanded. |
-| `azurefile-csi` | Uses Azure Standard storage to create an Azure file share. The reclaim policy ensures that the underlying Azure file share is deleted when the persistent volume that used it
-s deleted. |
+| `azurefile-csi` | Uses Azure Standard storage to create an Azure file share. The reclaim policy ensures that the underlying Azure file share is deleted when the persistent volume that used it is deleted. |
 | `azurefile-csi-premium` | Uses Azure Premium storage to create an Azure file share. The reclaim policy ensures that the underlying Azure file share is deleted when the persistent volume that used it's deleted.|
 | `azureblob-nfs-premium` | Uses Azure Premium storage to create an Azure Blob storage container and connect using the NFS v3 protocol. The reclaim policy ensures that the underlying Azure Blob storage container is deleted when the persistent volume that used it's deleted. |
 | `azureblob-fuse-premium` | Uses Azure Premium storage to create an Azure Blob storage container and connect using BlobFuse. The reclaim policy ensures that the underlying Azure Blob storage container is deleted when the persistent volume that used it's deleted. |
@@ -292,4 +291,4 @@ For more information on core Kubernetes and AKS concepts, see the following arti
 [azure-blob-csi]: azure-blob-csi.md
 [general-purpose-machine-sizes]: ../virtual-machines/sizes-general.md
 [azure-files-azure-netapp-comparison]: ../storage/files/storage-files-netapp-comparison.md
-[azure-disk-customer-managed-key]: azure-disk-customer-managed-keys.md
+[azure-disk-customer-managed-key]: azure-disk-customer-managed-keys.md
diff --git a/articles/aks/workload-identity-deploy-cluster.md b/articles/aks/workload-identity-deploy-cluster.md
@@ -132,11 +132,11 @@ apiVersion: v1
 kind: Pod
 metadata:
   name: quick-start
-  namespace: SERVICE_ACCOUNT_NAMESPACE
+  namespace: "${SERVICE_ACCOUNT_NAMESPACE}"
   labels:
     azure.workload.identity/use: "true"
 spec:
-  serviceAccountName: workload-identity-sa
+  serviceAccountName: "${SERVICE_ACCOUNT_NAME}"
 EOF
 ```
 
diff --git a/articles/api-management/api-management-howto-app-insights.md b/articles/api-management/api-management-howto-app-insights.md
@@ -174,6 +174,11 @@ To improve performance issues, skip:
 >
 >
 
+## Troubleshooting
+
+Addressing the issue of telemetry data flow from API Management to Application Insights:
++ Investigate whether a linked Azure Monitor Private Link Scope (AMPLS) resource exists within the VNet where the API Management resource is connected. AMPLS resources have a global scope across subscriptions and are responsible for managing data query and ingestion for all Azure Monitor resources. It's possible that the AMPLS has been configured with a Private-Only access mode specifically for data ingestion. In such instances, include the Application Insights resource and its associated Log Analytics resource in the AMPLS. Once this addition is made, the API Management data will be successfully ingested into the Application Insights resource, resolving the telemetry data transmission issue.
+
 ## Next steps
 
 + Learn more about [Azure Application Insights](/azure/application-insights/).
diff --git a/articles/attestation/quickstart-powershell.md b/articles/attestation/quickstart-powershell.md
@@ -76,21 +76,21 @@ New-AzAttestation creates an attestation provider.
 
 ```powershell
 $attestationProvider = "<attestation provider name>" 
-New-AzAttestation -Name $attestationProvider -ResourceGroupName $attestationResourceGroup -Location $location
+New-AzAttestationProvider -Name $attestationProvider -ResourceGroupName $attestationResourceGroup -Location $location
 ```
 
 PolicySignerCertificateFile is a file specifying a set of trusted signing keys. If a filename is specified for the PolicySignerCertificateFile parameter, attestation provider can be configured only with policies in signed JWT format. Else policy can be configured in text or an unsigned JWT format.
 
 ```powershell
-New-AzAttestation -Name $attestationProvider -ResourceGroupName $attestationResourceGroup -Location $location -PolicySignersCertificateFile "C:\test\policySignersCertificates.pem"
+New-AzAttestationProvider -Name $attestationProvider -ResourceGroupName $attestationResourceGroup -Location $location -PolicySignersCertificateFile "C:\test\policySignersCertificates.pem"
 ```
 
 For PolicySignersCertificateFile sample, see [examples of policy signer certificate](policy-signer-examples.md).
 
 Get-AzAttestation retrieves the attestation provider properties like status and AttestURI. Take a note of AttestURI, as it will be needed later.
 
 ```azurepowershell
-Get-AzAttestation -Name $attestationProvider -ResourceGroupName $attestationResourceGroup  
+Get-AzAttestationProvider -Name $attestationProvider -ResourceGroupName $attestationResourceGroup  
 ```
 
 The above command should produce output in this format: 
@@ -110,7 +110,7 @@ TagsTable:
 Attestation providers can be deleted using the Remove-AzAttestation cmdlet.  
 
 ```powershell
-Remove-AzAttestation -Name $attestationProvider -ResourceGroupName $attestationResourceGroup
+Remove-AzAttestationProvider -Name $attestationProvider -ResourceGroupName $attestationResourceGroup
 ```
 
 ## Policy management
diff --git a/articles/azure-monitor/alerts/media/tutorial-log-alert/alert-rule-condition-2.png b/articles/azure-monitor/alerts/media/tutorial-log-alert/alert-rule-condition-2.png
diff --git a/articles/azure-monitor/alerts/tutorial-log-alert.md b/articles/azure-monitor/alerts/tutorial-log-alert.md
@@ -65,6 +65,9 @@ On the **Condition** tab, the **Log query** will already be filled in. The **Mea
 
 :::image type="content" source="media/tutorial-log-alert/alert-rule-dimensions.png" lightbox="media/tutorial-log-alert/alert-rule-dimensions.png"alt-text="Alert rule dimensions":::
 
+If you need a certain dimension(s) included in the alert notification email, you can specify a dimension (e.g. "Computer"), the alert notification email will include the computer name that triggered the alert. The alerting engine uses the alert query to determine the available dimensions. If you do not see the dimension you want in the drop-down list for the "Dimension name", it is because the alert query does not expose that column in the results. You can easily add the dimensions you want by adding a Project line to your query that includes the columns you want to use. You can also use the Summarize line to add additional columns to the query results. 
+
+:::image type="content" source="media/tutorial-log-alert/alert-rule-condition-2.png" lightbox="media/tutorial-log-alert/alert-rule-condition-2.png" alt-text="Screenshot showing the Alert rule dimensions with a dimension called Computer set.":::
 
 ## Configure alert logic
 In the alert logic, configure the **Operator** and **Threshold value** to compare to the value returned from the measurement.  An alert is created when this value is true. Select a value for **Frequency of evaluation** which defines how often the log query is run and evaluated. The cost for the alert rule increases with a lower frequency. When you select a frequency, the estimated monthly cost is displayed in addition to a preview of the query results over a time period.
diff --git a/articles/azure-monitor/best-practices-data-collection.md b/articles/azure-monitor/best-practices-data-collection.md
@@ -91,12 +91,10 @@ Azure Monitor monitors your custom applications by using [Application Insights](
 
 Application Insights is the feature of Azure Monitor for monitoring your cloud native and hybrid applications.
 
-You must create a resource in Application Insights for each application that you're going to monitor. Log data collected by Application Insights is stored in Azure Monitor Logs for a workspace-based application. Log data for classic applications is stored separately from your Log Analytics workspace as described in [Data structure](logs/log-analytics-workspace-overview.md#data-structure).
+You may create a resource in Application Insights for each application that you're going to monitor or a single application resource for multiple applications. Whether to use separate or a single application resource for multiple applications is a fundamental decision of your monitoring strategy. Separate resources can save costs and prevent mixing data from different applications, but a single resource can simplify your monitoring by keeping all relevant telemetry together. See [How many Application Insights resources should I deploy](app/separate-resources.md) for criteria to help you make this design decision. 
 
- When you create the application, you must select whether to use classic or workspace based. See [Create an Application Insights resource](/previous-versions/azure/azure-monitor/app/create-new-resource) to create a classic application.
-See [Workspace-based Application Insights resources (preview)](app/create-workspace-resource.md) to create a workspace-based application.
-
- A fundamental design decision is whether to use separate or a single application resource for multiple applications. Separate resources can save costs and prevent mixing data from different applications, but a single resource can simplify your monitoring by keeping all relevant telemetry together. See [How many Application Insights resources should I deploy](app/separate-resources.md) for criteria to help you make this design decision.
+When you create the application resource, you must select whether to use classic or workspace based. See [Create an Application Insights resource](/previous-versions/azure/azure-monitor/app/create-new-resource) to create a classic application.
+See [Workspace-based Application Insights resources](app/create-workspace-resource.md) to create a workspace-based application. Log data collected by Application Insights is stored in Azure Monitor Logs for a workspace-based application. Log data for classic applications is stored separately from your Log Analytics workspace as described in [Data structure](logs/log-analytics-workspace-overview.md#data-structure).
 
 ### Configure codeless or code-based monitoring
 
diff --git a/articles/azure-monitor/essentials/prometheus-metrics-enable.md b/articles/azure-monitor/essentials/prometheus-metrics-enable.md
@@ -381,7 +381,7 @@ Deploy the template with the parameter file by using any valid method for deploy
 
 - Ensure that you update the `kube-state metrics` annotations and labels list with proper formatting. There's a limitation in the ARM template deployments that require exact values in the `kube-state` metrics pods. If the Kubernetes pod has any issues with malformed parameters and isn't running, the feature might not as expected.
 - A data collection rule and data collection endpoint are created with the name `MSProm-\<short-cluster-region\>-\<cluster-name\>`. Currently, these names can't be modified.
-- You must get the existing Azure Monitor workspace integrations for a Grafana intance and update the ARM template with it. Otherwise, the ARM deployment gets over-written, which removes existing integrations.
+- You must get the existing Azure Monitor workspace integrations for a Grafana instance and update the ARM template with it. Otherwise, the ARM deployment gets over-written, which removes existing integrations.
 ---
 
 ## Enable Windows metrics collection
@@ -506,7 +506,7 @@ The following table lists the firewall configuration required for Azure monitor
 | `*.handler.control.monitor.azure.us` | For querying data collection rules  | 443 |
 
 ## Uninstall the metrics add-on
-Currently, the Azure CLI is the only option to remove the metrics add-on and stop sending Prometheus metrics to Azure Monitor managed service for Prometheus. Use the following command to remove the agent from the cluster nodes and delete the recording rules created for that cluster. This will also delete the data collection endpoint (DCE), data collection dule (DCR), DCRA and recording rules groups created as part of onboarding. . This action doesn't remove any existing data stored in your Azure Monitor workspace.
+Currently, the Azure CLI is the only option to remove the metrics add-on and stop sending Prometheus metrics to Azure Monitor managed service for Prometheus. Use the following command to remove the agent from the cluster nodes and delete the recording rules created for that cluster. This will also delete the data collection endpoint (DCE), data collection rule (DCR), DCRA and recording rules groups created as part of onboarding. . This action doesn't remove any existing data stored in your Azure Monitor workspace.
 
 ```azurecli
 az aks update --disable-azure-monitor-metrics -n <cluster-name> -g <cluster-resource-group>
diff --git a/articles/azure-monitor/logs/cost-logs.md b/articles/azure-monitor/logs/cost-logs.md
@@ -67,7 +67,7 @@ Azure Commitment Discounts, such as discounts received from [Microsoft Enterpris
 
 ## Dedicated clusters
 
-An [Azure Monitor Logs dedicated cluster](logs-dedicated-clusters.md) is a collection of workspaces in a single managed Azure Data Explorer cluster. Dedicated clusters support advanced features, such as [customer-managed keys](customer-managed-keys.md), and use the same commitment-tier pricing model as workspaces, although they must have a commitment level of at least 500 GB per day. Any usage above the commitment level (overage) is billed at that same price per GB as provided by the current commitment tier. There's no pay-as-you-go option for clusters.
+An [Azure Monitor Logs dedicated cluster](logs-dedicated-clusters.md) is a collection of workspaces in a single managed Azure Data Explorer cluster. Dedicated clusters support advanced features, such as [customer-managed keys](customer-managed-keys.md), and use the same commitment-tier pricing model as workspaces, although they must have a commitment level of at least 100 GB per day. Any usage above the commitment level (overage) is billed at that same price per GB as provided by the current commitment tier. There's no pay-as-you-go option for clusters.
 
 The cluster commitment tier has a 31-day commitment period after the commitment level is increased. During the commitment period, the commitment tier level can't be reduced, but it can be increased at any time. When workspaces are associated to a cluster, the data ingestion billing for those workspaces is done at the cluster level by using the configured commitment tier level.
 
diff --git a/articles/azure-resource-manager/bicep/bicep-functions-parameters-file.md b/articles/azure-resource-manager/bicep/bicep-functions-parameters-file.md
@@ -8,7 +8,7 @@ ms.date: 06/05/2023
 
 # Parameters file function for Bicep
 
-Bicep provides a function called `readEnvironmentVariable()` that allows you to retrieve values from environment variables. It also offers the flexibility to set a default value if the environment variable does not exist. This function can only be using in the `.bicepparam` files. For more information, see [Bicep parameters file](./parameter-files.md).
+Bicep provides a function called `readEnvironmentVariable()` that allows you to retrieve values from environment variables. It also offers the flexibility to set a default value if the environment variable does not exist. This function can only be used in the `.bicepparam` files. For more information, see [Bicep parameters file](./parameter-files.md).
 
 ## readEnvironmentVariable()
 
diff --git a/articles/bastion/connect-vm-native-client-linux.md b/articles/bastion/connect-vm-native-client-linux.md
@@ -34,7 +34,7 @@ Verify that the following roles and ports are configured in order to connect to
 
 ## <a name="ssh"></a>Connect to a Linux VM
 
-The steps in the following sections help you connect to a Linux VM from a Linux native client using the **az network bastion** command.  This extension can be installed by running, `az extension add --name ssh`.
+The steps in the following sections help you connect to a Linux VM from a Linux native client using the **az network bastion** command.  This extension can be installed by running, `az extension add --name bastion`.
 
 When you connect using this command, file transfers aren't supported. If you want to upload files, connect using the [az network bastion tunnel](#tunnel) command instead.
 
diff --git a/articles/postgresql/flexible-server/concepts-business-continuity.md b/articles/postgresql/flexible-server/concepts-business-continuity.md
diff --git a/articles/postgresql/single-server/concepts-audit.md b/articles/postgresql/single-server/concepts-audit.md
diff --git a/articles/storage/common/storage-use-azcopy-files.md b/articles/storage/common/storage-use-azcopy-files.md
diff --git a/articles/synapse-analytics/migration-guides/oracle/1-design-performance-migration.md b/articles/synapse-analytics/migration-guides/oracle/1-design-performance-migration.md

Original file line number	Diff line number	Diff line change
`@@ -174,6 +174,11 @@ To improve performance issues, skip:`
`174`	`174`	`>`
`175`	`175`	`>`
`176`	`176`
	`177`	`+## Troubleshooting`
	`178`	`+`
	`179`	`+Addressing the issue of telemetry data flow from API Management to Application Insights:`
	`180`	++ Investigate whether a linked Azure Monitor Private Link Scope (AMPLS) resource exists within the VNet where the API Management resource is connected. AMPLS resources have a global scope across subscriptions and are responsible for managing data query and ingestion for all Azure Monitor resources. It's possible that the AMPLS has been configured with a Private-Only access mode specifically for data ingestion. In such instances, include the Application Insights resource and its associated Log Analytics resource in the AMPLS. Once this addition is made, the API Management data will be successfully ingested into the Application Insights resource, resolving the telemetry data transmission issue.
	`181`	`+`
`177`	`182`	`## Next steps`
`178`	`183`
`179`	`184`	`+ Learn more about [Azure Application Insights](/azure/application-insights/).`