Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into cosmo-db

Author: ElazarK

articles/data-factory/tutorial-managed-virtual-network-on-premise-sql-server.md

@@ -212,15 +212,11 @@ the page.
 
 ## Creating Forwarding Rule to Endpoint
 
-1. Login and download the port forwarding script [ip_fwd.sh](https://github.com/sajitsasi/az-ip-fwd/blob/main/ip_fwd.sh) to your backend server VMs. 
+1. Login and copy script [ip_fwd.sh](https://github.com/sajitsasi/az-ip-fwd/blob/main/ip_fwd.sh) to your backend server VMs. 
 2. Run the script on with the following options:<br/>
-    **sudo chmod +x ip_fwd.sh**<br/>
     **sudo ./ip_fwd.sh -i eth0 -f 1433 -a <FQDN/IP> -b 1433**<br/>
     <FQDN/IP> is your target SQL Server IP.<br/>
 
-    > [!Note] 
-    > The above script runs only once. In order to ensure that that port forwarding is enabled every time the machine starts, it should be configured as a startup service.
-    
     > [!Note] 
     > FQDN doesn't work for on-premises SQL Server unless you add a record in Azure DNS zone.
     
@@ -269,6 +265,9 @@ data factory from the resources list.
 
     :::image type="content" source="./media/tutorial-managed-virtual-network/linked-service-3.png" alt-text="Screenshot that shows the SQL server linked service creation page.":::
 
+> [!Note] 
+> If you have more than one SQL Server and need to define multiple load balancer rules and IP table records with different ports, make sure you explicitly add the port name after the FQDN when you edit Linked Service. The NAT VM will handle the port translation. If it's not explicitly specified, the connection will always time-out.
+
 ## Troubleshooting
 
 Go to the backend server VM, confirm telnet the SQL Server works: **telnet **<**FQDN**>** 1433**.

articles/defender-for-cloud/TOC.yml

@@ -41,7 +41,7 @@
     - name: Connect AWS accounts
       displayName: hybrid, multicloud, multi-cloud, amazon, arc
       href: quickstart-onboard-aws.md
-    - name: Connect GCP accounts
+    - name: Connect GCP projects
       displayName: hybrid, multicloud, multi-cloud, google
       href: quickstart-onboard-gcp.md
   - name: 4. Configure auto provisioning
@@ -318,7 +318,7 @@
       - name: Export to a SIEM, SOAR, or ITSM
         displayName: continuous, SIEM, SOAR, Splunk, QRadar, ServiceNow, ArcSight, Monitor, Graph, Sentinel,
         href: export-to-siem.md
-      - name: Export to a Log Analytics workspace or Azure Event Hub
+      - name: Export to a Log Analytics workspace or Azure Event Hubs
         displayName: continuous
         href: continuous-export.md
       - name: Download a CSV report of all alerts

articles/defender-for-cloud/alerts-reference.md

@@ -258,7 +258,7 @@ At the bottom of this page, there's a table describing the Microsoft Defender fo
 | **An IP that connected to your Azure App Service FTP Interface was found in Threat Intelligence**<br>(AppServices_IncomingTiClientIpFtp) | Azure App Service FTP log indicates a connection from a source address that was found in the threat intelligence feed. During this connection, a user accessed the pages listed.<br>(Applies to: App Service on Windows and App Service on Linux)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | Initial Access                                                     | Medium   |
 | **Attempt to run high privilege command detected**<br>(AppServices_HighPrivilegeCommand)                                                 | Analysis of App Service processes detected an attempt to run a command that requires high privileges.<br>The command ran in the web application context. While this behavior can be legitimate, in web applications this behavior is also observed in malicious activities.<br>(Applies to: App Service on Windows)                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | -                                                                  | Medium   |
 | **Communication with suspicious domain identified by threat intelligence**<br>(AzureDNS_ThreatIntelSuspectDomain) | Communication with suspicious domain was detected by analyzing DNS transactions from your resource and comparing against known malicious domains identified by threat intelligence feeds. Communication to malicious domains is frequently performed by attackers and could imply that your resource is compromised.                                                                            | Initial Access, Persistence, Execution, Command And Control, Exploitation              | Medium   |
-| **Connection to web page from anomalous IP address detected**<br>(AppServices_AnomalousPageAccess)                                       | Azure App Service activity log indicates an anomalous connection to a sensitive web page from the listed source IP address. This might indicate that someone is attempting a brute force attack into your web app administration pages. It might also be the result of a new IP address being used by a legitimate user. If the source IP address is trusted, you can safely suppress this alert for this resource. To learn how to suppress security alerts, see [Suppress alerts from Microsoft Defender for Cloud](alerts-suppression-rules.md). <br>(Applies to: App Service on Windows and App Service on Linux)                                                                                                                                                                        | Initial Access                                                     | Medium   |
+| **Connection to web page from anomalous IP address detected**<br>(AppServices_AnomalousPageAccess)                                       | Azure App Service activity log indicates an anomalous connection to a sensitive web page from the listed source IP address. This might indicate that someone is attempting a brute force attack into your web app administration pages. It might also be the result of a new IP address being used by a legitimate user. If the source IP address is trusted, you can safely suppress this alert for this resource. To learn how to suppress security alerts, see [Suppress alerts from Microsoft Defender for Cloud](alerts-suppression-rules.md). <br>(Applies to: App Service on Windows and App Service on Linux)                                                                                                                                                                        | Initial Access                                                     | Low   |
 | **Dangling DNS record for an App Service resource detected**<br>(AppServices_DanglingDomain)                                             | A DNS record that points to a recently deleted App Service resource (also known as "dangling DNS" entry) has been detected. This leaves you susceptible to a subdomain takeover. Subdomain takeovers enable malicious actors to redirect traffic intended for an organization’s domain to a site performing malicious activity.<br>(Applies to: App Service on Windows and App Service on Linux)                                                                                                                                                                                                                                                                                                                                                                                             | -                                                                  | High     |
 | **Detected encoded executable in command line data**<br>(AppServices_Base64EncodedExecutableInCommandLineParams)                         | Analysis of host data on {Compromised host} detected a base-64 encoded executable. This has previously been associated with attackers attempting to construct executables on-the-fly through a sequence of commands, and attempting to evade intrusion detection systems by ensuring that no individual command would trigger an alert. This could be legitimate activity, or an indication of a compromised host.<br>(Applies to: App Service on Windows)                                                                                                                                                                                                                                                                                                                                   | Defense Evasion, Execution                                         | High     |
 | **Detected file download from a known malicious source**<br>(AppServices_SuspectDownload)                                                | Analysis of host data has detected the download of a file from a known malware source on your host.<br>(Applies to: App Service on Linux)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | Privilege Escalation, Execution, Exfiltration, Command and Control | Medium   |

articles/defender-for-cloud/quickstart-onboard-machines.md

@@ -2,7 +2,7 @@
 title: Connect your non-Azure machines to Microsoft Defender for Cloud
 description: Learn how to connect your non-Azure machines to Microsoft Defender for Cloud
 ms.topic: quickstart
-ms.date: 11/09/2021
+ms.date: 02/27/2022
 zone_pivot_groups: non-azure-machines
 ms.custom: mode-other
 ---
@@ -20,7 +20,7 @@ You can connect your non-Azure computers in any of the following ways:
 Each of these is described on this page.
 
 > [!TIP]
-> If you're connecting machines from other cloud providers, see [Connect your AWS accounts](quickstart-onboard-aws.md) or [Connect your GCP accounts](quickstart-onboard-gcp.md).
+> If you're connecting machines from other cloud providers, see [Connect your AWS accounts](quickstart-onboard-aws.md) or [Connect your GCP projects](quickstart-onboard-gcp.md).
 
 ::: zone pivot="azure-arc"
 

articles/defender-for-cloud/release-notes-archive.md

@@ -2,7 +2,7 @@
 title: Archive of what's new in Microsoft Defender for Cloud
 description: A description of what's new and changed in Microsoft Defender for Cloud from six months ago and earlier.
 ms.topic: reference
-ms.date: 02/17/2022
+ms.date: 02/27/2022
 ---
 # Archive for what's new in Defender for Cloud?
 
@@ -523,7 +523,7 @@ A new filter offers the option to refine the list according to the cloud account
 Learn more about the multi-cloud capabilities:
 
 - [Connect your AWS accounts to Azure Security Center](quickstart-onboard-aws.md)
-- [Connect your GCP accounts to Azure Security Center](quickstart-onboard-gcp.md)
+- [Connect your GCP projects to Azure Security Center](quickstart-onboard-gcp.md)
 
 
 ## April 2021
@@ -1066,7 +1066,7 @@ With cloud workloads commonly spanning multiple cloud platforms, cloud security
 
 Azure Security Center protects workloads in Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).
 
-Connecting your AWS or GCP accounts integrates their native security tools like AWS Security Hub and GCP Security Command Center into Azure Security Center.
+Connecting your AWS or GCP projects integrates their native security tools like AWS Security Hub and GCP Security Command Center into Azure Security Center.
 
 This capability means that Security Center provides visibility and protection across all major cloud environments. Some of the benefits of this integration:
 
@@ -1085,7 +1085,7 @@ From Defender for Cloud's menu, select **Multi-cloud connectors** and you'll see
 
 Learn more in:
 - [Connect your AWS accounts to Azure Security Center](quickstart-onboard-aws.md)
-- [Connect your GCP accounts to Azure Security Center](quickstart-onboard-gcp.md)
+- [Connect your GCP projects to Azure Security Center](quickstart-onboard-gcp.md)
 
 
 ### Exempt entire recommendations from your secure score for subscriptions and management groups
@@ -1730,9 +1730,9 @@ With cloud workloads commonly spanning multiple cloud platforms, cloud security
 
 Azure Security Center now protects workloads in Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).
 
-Onboarding your AWS and GCP accounts into Security Center, integrates AWS Security Hub, GCP Security Command and Azure Security Center. 
+Onboarding your AWS and GCP projects into Security Center, integrates AWS Security Hub, GCP Security Command and Azure Security Center. 
 
-Learn more in [Connect your AWS accounts to Azure Security Center](quickstart-onboard-aws.md) and [Connect your GCP accounts to Azure Security Center](quickstart-onboard-gcp.md).
+Learn more in [Connect your AWS accounts to Azure Security Center](quickstart-onboard-aws.md) and [Connect your GCP projects to Azure Security Center](quickstart-onboard-gcp.md).
 
 
 ### Kubernetes workload protection recommendation bundle

articles/defender-for-cloud/supported-machines-endpoint-solutions-clouds.md

@@ -2,7 +2,7 @@
 title: Microsoft Defender for Cloud's features according to OS, machine type, and cloud
 description: Learn about the availability of Microsoft Defender for Cloud features according to OS, machine type, and cloud deployment.
 ms.topic: overview
-ms.date: 02/10/2022
+ms.date: 02/27/2022
 ms.custom: references_regions
 ---
 
@@ -158,7 +158,7 @@ For information about when recommendations are generated for each of these solut
 | - [Regulatory compliance dashboard & reports](./regulatory-compliance-dashboard.md) <sup>[8](#footnote8)</sup>                                                | GA             | GA                             | GA                             |
 | - [Microsoft Defender for Endpoint deployment and integrated license](./integration-defender-for-endpoint.md)                                                 | GA             | GA                             | Not Available                  |
 | - [Connect AWS account](./quickstart-onboard-aws.md)                                                                                                          | GA             | Not Available                  | Not Available                  |
-| - [Connect GCP account](./quickstart-onboard-gcp.md)                                                                                                          | GA             | Not Available                  | Not Available                  |
+| - [Connect GCP project](./quickstart-onboard-gcp.md)                                                                                                          | GA             | Not Available                  | Not Available                  |
 |                                                                                                                                                               |                |                                |                                |
 
 <sup><a name="footnote1"></a>1</sup> Partially GA: The ability to disable specific findings from vulnerability scans is in public preview.

articles/hdinsight/hdinsight-36-component-versioning.md

@@ -59,6 +59,7 @@ The OSS component versions associated with HDInsight 3.6 are listed in the follo
 - [Migrate Azure HDInsight 3.6 Hive workloads to HDInsight 4.0](interactive-query/apache-hive-migrate-workloads.md).
 - [Migrate Apache Kafka workloads to Azure HDInsight 4.0](kafka/migrate-versions.md).
 - [Migrate an Apache HBase cluster to a new version](hbase/apache-hbase-migrate-new-version.md).
+- [Migrate Azure HDInsight 3.6 Apache Storm to HDInsight 4.0 Apache Spark](storm/migrate-storm-to-spark.md).
 
 ## Next steps
 

articles/hdinsight/hdinsight-component-versioning.md

@@ -73,6 +73,7 @@ Microsoft does not encourage creating analytics pipelines or solutions on cluste
 - [Migrate Azure HDInsight 3.6 Hive workloads to HDInsight 4.0](interactive-query/apache-hive-migrate-workloads.md).
 - [Migrate Apache Kafka workloads to Azure HDInsight 4.0](kafka/migrate-versions.md).
 - [Migrate an Apache HBase cluster to a new version](hbase/apache-hbase-migrate-new-version.md).
+- [Migrate Azure HDInsight 3.6 Apache Storm to HDInsight 4.0 Apache Spark](storm/migrate-storm-to-spark.md).
 
 ## Release notes
 

articles/hdinsight/optimize-hive-ambari.md

@@ -116,6 +116,8 @@ The following additional configuration parameters increase Hive query performanc
 
     :::image type="content" source="./media/optimize-hive-ambari/hive-stats-fetch-partition-stats.png" alt-text="Hive stats set partition stats" border="true":::
 
+Refer to [Hive Cost Based Optimization](https://techcommunity.microsoft.com/t5/analytics-on-azure-blog/hive-cost-based-optimization/ba-p/3032895) blog post in [Analytics on Azure Blog](https://techcommunity.microsoft.com/t5/analytics-on-azure-blog/bg-p/AnalyticsonAzure) for further reading
+
 ## Enable intermediate compression
 
 Map tasks create intermediate files that are used by the reducer tasks. Intermediate compression shrinks the intermediate file size.