Merge pull request #189336 from MicrosoftDocs/main

2/22 AM Publish

Author: huypub

.openpublishing.redirection.defender-for-iot.json

@@ -1,10 +1,5 @@
 {
     "redirections": [
-        {
-            "source_path_from_root": "/articles/defender-for-iot/organizations/how-to-configure-with-sentinel.md",
-            "redirect_url": "/azure/sentinel/iot-solution",
-            "redirect_document_id": false
-        },
         {
             "source_path_from_root": "/articles/defender-for-iot/device-builders/quickstart-building-the-defender-micro-agent-from-source.md",
             "redirect_url": "/azure/defender-for-iot/device-builders/overview",
@@ -240,11 +235,6 @@
             "redirect_url": "/azure/defender-for-iot/organizations/how-to-track-sensor-activity",
             "redirect_document_id": false
         },
-        {
-            "source_path_from_root": "/articles/defender-for-iot/how-to-configure-with-sentinel.md",
-            "redirect_url": "/azure/defender-for-iot/organizations/how-to-configure-with-sentinel",
-            "redirect_document_id": false
-        },
         {
             "source_path_from_root": "/articles/defender-for-iot/how-to-troubleshoot-the-sensor-and-on-premises-management-console.md",
             "redirect_url": "/azure/defender-for-iot/organizations/how-to-troubleshoot-the-sensor-and-on-premises-management-console",
@@ -574,6 +564,29 @@
             "source_path_from_root": "/articles/defender-for-iot/organizations/references-horizon-sdk.md",
             "redirect_url": "/azure/defender-for-iot/organizations",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/device-builders/how-to-configure-with-sentinel.md",
+            "redirect_url": "/azure/sentinel/iot-solution?toc=%2Fazure%2Fdefender-for-iot%2Forganizations%2Ftoc.json&bc=%2Fazure%2Fdefender-for-iot%2Fbreadcrumb%2Ftoc.json&tabs=use-out-of-the-box-analytics-rules-recommended",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/defender-for-iot/organizations/how-to-configure-with-sentinel.md",
+            "redirect_url": "/azure/sentinel/iot-solution?toc=%2Fazure%2Fdefender-for-iot%2Forganizations%2Ftoc.json&bc=%2Fazure%2Fdefender-for-iot%2Fbreadcrumb%2Ftoc.json&tabs=use-out-of-the-box-analytics-rules-recommended",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/defender-for-iot/how-to-configure-with-sentinel.md",
+            "redirect_url": "/azure/sentinel/iot-solution?toc=%2Fazure%2Fdefender-for-iot%2Forganizations%2Ftoc.json&bc=%2Fazure%2Fdefender-for-iot%2Fbreadcrumb%2Ftoc.json&tabs=use-out-of-the-box-analytics-rules-recommended",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/defender-for-iot/device-builders/concept-security-agent-authentication.md",
+            "redirect_url": "/azure/defender-for-iot/device-builders/tutorial-standalone-agent-binary-installation",
+            "redirect_document_id": false
         }
     ]
-}
+}
+
+
+

articles/active-directory/authentication/how-to-certificate-based-authentication.md

@@ -69,6 +69,36 @@ Only one CRL Distribution Point (CDP) for a trusted CA is supported. The CDP can
 
 [!INCLUDE [New-AzureAD](../../../includes/active-directory-authentication-new-trusted-azuread.md)]
 
+**AuthorityType**
+- Use 0 to indicate that this is a Root Certificate Authority
+- Use 1 to indicate that this is an Intermediate or Issuing Certificate Authority
+
+**crlDistributionPoint**
+
+You can validate the crlDistributionPoint value you provide in the above PowerShell example are valid for the Certificate Authority being added by downloading the CRL and comparing the CA certificate and the CRL Information.
+
+The below table and graphic indicate how to map information from the CA Certificate to the attributes of the downloaded CRL.
+
+| CA Certificate Info | |Downloaded CRL Info|
+|----|:-:|----|
+|Subject |=|Issuer |
+|Subject Key Identifier |=|Authority Key Identifier (KeyID) |
+
+:::image type="content" border="false" source="./media/how-to-certificate-based-authentication/certificate-crl-compare.png" alt-text="Compare CA Certificate with CRL Information.":::
+
+>[!TIP]
+>The value for crlDistributionPoint in the above is the http location for the CA’s Certificate Revocation List (CRL). This can be found in a few places.
+>
+>- In the CRL Distribution Point (CDP) attribute of a certificate issued from the CA
+>
+>If Issuing CA is Windows Server
+>
+>- On the [Properties](/windows-server/networking/core-network-guide/cncg/server-certs/configure-the-cdp-and-aia-extensions-on-ca1#to-configure-the-cdp-and-aia-extensions-on-ca1)
+ of the CA in the Certificate Authority Microsoft Management Console (MMC)
+>- On the CA running [certutil](/windows-server/administration/windows-commands/certutil#-cainfo) -cainfo cdp
+
+For additional details see: [Understanding the certificate revocation process](./concept-certificate-based-authentication-technical-deep-dive.md#understanding-the-certificate-revocation-process).
+
 ### Remove
 
 [!INCLUDE [Remove-AzureAD](../../../includes/active-directory-authentication-remove-trusted-azuread.md)]

articles/active-directory/authentication/media/how-to-certificate-based-authentication/certificate-crl-compare.png

@@ -165,7 +165,25 @@ To require attributes for access requests:
 
 ### Add a resource to a catalog programmatically
 
-You can also add a resource to a catalog by using Microsoft Graph. A user in an appropriate role, or a catalog and resource owner, with an application that has the delegated `EntitlementManagement.ReadWrite.All` permission can call the API to [create an accessPackageResourceRequest](/graph/api/entitlementmanagement-post-accesspackageresourcerequests?view=graph-rest-beta&preserve-view=true). An application with application permissions can't yet programmatically add a resource without a user context at the time of the request, however.
+You can also add a resource to a catalog by using Microsoft Graph. A user in an appropriate role, or a catalog and resource owner, with an application that has the delegated `EntitlementManagement.ReadWrite.All` permission can call the API to [create an accessPackageResourceRequest](/graph/api/entitlementmanagement-post-accesspackageresourcerequests?view=graph-rest-beta&preserve-view=true). An application with the application permission `EntitlementManagement.ReadWrite.All` and permissions to change resources, such as `Group.ReadWrite.All`, can also add resources to the catalog.
+
+### Add a resource to a catalog with PowerShell
+
+You can also add a resource to a catalog in PowerShell with the `New-MgEntitlementManagementAccessPackageResourceRequest` cmdlet from the [Microsoft Graph PowerShell cmdlets for Identity Governance](https://www.powershellgallery.com/packages/Microsoft.Graph.Identity.Governance/) module version 1.6.0 or later.  The following example shows how to add a group to a catalog as a resource.
+
+```powershell
+Connect-MgGraph -Scopes "EntitlementManagement.ReadWrite.All,Group.ReadWrite.All"
+Select-MgProfile -Name "beta"
+$g = Get-MgGroup -Filter "displayName eq 'Marketing'"
+Import-Module Microsoft.Graph.Identity.Governance
+$catalog = Get-MgEntitlementManagementAccessPackageCatalog -Filter "displayName eq 'Marketing'"
+$nr = New-Object Microsoft.Graph.PowerShell.Models.MicrosoftGraphAccessPackageResource
+$nr.OriginId = $g.Id
+$nr.OriginSystem = "AadGroup"
+$rr = New-MgEntitlementManagementAccessPackageResourceRequest -CatalogId $catalog.Id -AccessPackageResource $nr
+$ar = Get-MgEntitlementManagementAccessPackageCatalog -AccessPackageCatalogId $catalog.Id -ExpandProperty accessPackageResources
+$ar.AccessPackageResources
+```
 
 ## Remove resources from a catalog
 

articles/active-directory/governance/entitlement-management-catalog-create.md

@@ -168,7 +168,7 @@ Azure Active Directory (Azure AD) pod-managed identities use AKS primitives to a
     kubectl apply -f secretproviderclass.yaml
     ```
 
-1. Create a pod by using the following YAML, using the name of your identity:
+1. Create a pod by using the following YAML:
 
     ```yml
     # This is a sample pod definition for using SecretProviderClass and the user-assigned identity to access your key vault
@@ -270,7 +270,7 @@ Azure Active Directory (Azure AD) pod-managed identities use AKS primitives to a
     kubectl apply -f secretproviderclass.yaml
     ```
 
-1. Create a pod by using the following YAML, using the name of your identity:
+1. Create a pod by using the following YAML:
 
     ```yml
     # This is a sample pod definition for using SecretProviderClass and system-assigned identity to access your key vault

articles/aks/csi-secrets-store-identity-access.md

@@ -193,7 +193,7 @@ To learn more, see [Scheduling a triggered WebJob](webjobs-dotnet-deploy-vs.md#s
 
 You can manage the running state individual WebJobs running in your site in the [Azure portal](https://portal.azure.com). Just go to **Settings** > **WebJobs**, choose the WebJob, and you can start and stop the WebJob. You can also view and modify the password of the webhook that runs the WebJob.  
 
-You can also [add an application setting](configure-common.md#configure-app-settings) named `WEBJOB_STOPPED` with a value of `1` to stop all WebJobs running on your site. This can be handy as a way to prevent conflicting WebJobs from running both in staging and production slots. You can similarly use a value of `1` for the `WEBJOBS_DISABLE_SCHEDULE` setting to disable triggered WebJobs in the site or a staging slot. For slots, remember to enable the **Deployment slot setting** option so that the setting itself doesn't get swapped.    
+You can also [add an application setting](configure-common.md#configure-app-settings) named `WEBJOBS_STOPPED` with a value of `1` to stop all WebJobs running on your site. This can be handy as a way to prevent conflicting WebJobs from running both in staging and production slots. You can similarly use a value of `1` for the `WEBJOBS_DISABLE_SCHEDULE` setting to disable triggered WebJobs in the site or a staging slot. For slots, remember to enable the **Deployment slot setting** option so that the setting itself doesn't get swapped.    
 
 ## <a name="ViewJobHistory"></a> View the job history
 

articles/app-service/webjobs-create.md

@@ -351,25 +351,25 @@ First, the function.json file must be updated to include a `route` in the HTTP t
 
 ```json
 {
-"scriptFile": "__init__.py",
-"bindings": [
-  {
-  "authLevel": "anonymous",
-  "type": "httpTrigger",
-  "direction": "in",
-  "name": "req",
-  "methods": [
-  "get",
-  "post"
-  ],
-  "route": "/{*route}"
-  },
-  {
-  "type": "http",
-  "direction": "out",
-  "name": "$return"
-  }
-]
+  "scriptFile": "__init__.py",
+  "bindings": [
+    {
+       "authLevel": "anonymous",
+       "type": "httpTrigger",
+       "direction": "in",
+       "name": "req",
+       "methods": [
+           "get",
+           "post"
+       ],
+       "route": "/{*route}"
+    },
+    {
+       "type": "http",
+       "direction": "out",
+       "name": "$return"
+    }
+  ]
 }
 ```
 

articles/azure-functions/functions-reference-python.md

@@ -373,14 +373,17 @@ Any alert instance describes the resource that was affected and the cause of the
 ```json
 {
   "alertContext": {
-    "properties": null,
+    "properties": {
+      "name1": "value1",
+      "name2": "value2"
+    },
     "conditionType": "LogQueryCriteria",
     "condition": {
       "windowSize": "PT10M",
       "allOf": [
         {
           "searchQuery": "Heartbeat",
-          "metricMeasure": null,
+          "metricMeasureColumn": "CounterValue",
           "targetResourceTypes": "['Microsoft.Compute/virtualMachines']",
           "operator": "LowerThan",
           "threshold": "1",

articles/azure-monitor/alerts/alerts-common-schema-definitions.md

@@ -4,7 +4,7 @@ description: Learn how to switch to the log alerts management to ScheduledQueryR
 author: yanivlavi
 ms.author: yalavi
 ms.topic: conceptual
-ms.date: 01/25/2022
+ms.date: 02/22/2022
 ---
 # Upgrade legacy rules management to the current Log Alerts API from legacy Log Analytics Alert API
 
@@ -57,6 +57,12 @@ $switchJSON = '{"scheduledQueryRulesEnabled": true}'
 armclient PUT /subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.OperationalInsights/workspaces/<workspaceName>/alertsversion?api-version=2017-04-26-preview $switchJSON
 ```
 
+You can also use [Azure CLI](/cli/azure/reference-index#az-rest) tool:
+
+```bash
+az rest --method post --url /subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.OperationalInsights/workspaces/<workspaceName>/alertsversion?api-version=2017-04-26-preview --body '{"scheduledQueryRulesEnabled": true}'
+```
+
 If the switch is successful, the response is:
 
 ```json
@@ -80,6 +86,12 @@ You can also use [ARMClient](https://github.com/projectkudu/ARMClient) tool:
 armclient GET /subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.OperationalInsights/workspaces/<workspaceName>/alertsversion?api-version=2017-04-26-preview
 ```
 
+You can also use [Azure CLI](/cli/azure/reference-index#az-rest) tool:
+
+```bash
+az rest --method get --url /subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.OperationalInsights/workspaces/<workspaceName>/alertsversion?api-version=2017-04-26-preview
+```
+
 If the Log Analytics workspace was switched to [scheduledQueryRules API](/rest/api/monitor/scheduledqueryrule-2021-08-01/scheduled-query-rules), the response is:
 
 ```json
@@ -102,4 +114,4 @@ If the Log Analytics workspace wasn't switched, the response is:
 - Learn about the [Azure Monitor - Log Alerts](./alerts-unified-log.md).
 - Learn how to [manage your log alerts using the API](alerts-log-create-templates.md).
 - Learn how to [manage log alerts using PowerShell](./alerts-manage-alerts-previous-version.md#manage-log-alerts-using-powershell).
-- Learn more about the [Azure Alerts experience](./alerts-overview.md).
+- Learn more about the [Azure Alerts experience](./alerts-overview.md).