Merge pull request #167094 from MicrosoftDocs/master

7/27 PM Publish

Author: huypub

.openpublishing.redirection.json

@@ -38441,6 +38441,26 @@
       "redirect_url": "/azure/iot-develop/quickstart-devkit-mxchip-az3166-iot-hub",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/iot-hub/quickstart-control-device-dotnet.md",
+      "redirect_url": "/azure/iot-hub/quickstart-control-device?pivots=programming-language-csharp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/iot-hub/quickstart-control-device-node.md",
+      "redirect_url": "/azure/iot-hub/quickstart-control-device?pivots=programming-language-nodejs",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/iot-hub/quickstart-control-device-python.md",
+      "redirect_url": "/azure/iot-hub/quickstart-control-device?pivots=programming-language-python",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/iot-hub/quickstart-control-device-java.md",
+      "redirect_url": "/azure/iot-hub/quickstart-control-device?pivots=programming-language-java",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/iot-suite/iot-suite-connected-factory-publisher.md",
       "redirect_url": "https://github.com/Azure/iot-edge-opc-publisher/blob/master/README.md",

articles/active-directory/privileged-identity-management/pim-how-to-activate-role.md

@@ -24,6 +24,9 @@ If you have been made *eligible* for an administrative role, then you must *acti
 
 This article is for administrators who need to activate their Azure AD role in Privileged Identity Management.
 
+> [!TIP]
+> You can use the shortcut URL [AKA.MS/PIM](https://aka.ms/PIM) to jump straight to the Azure AD roles selection page.
+
 # [New version](#tab/new)
 
 ## Activate a role for new version

articles/active-directory/privileged-identity-management/pim-how-to-change-default-settings.md

@@ -97,7 +97,7 @@ If setting multiple approvers, approval completes as soon as one of them approve
 
     ![Select a user or group pane to select approvers](./media/pim-resource-roles-configure-role-settings/resources-role-settings-select-approvers.png)
 
-1. Select at least one user and then click **Select**. Select at least one approver. There are no default approvers.
+1. Select at least one user and then click **Select**. Select at least one approver. If no specific approvers are selected, privileged role administrators/global administrators will become the default approvers.
 
     Your selections will appear in the list of selected approvers.
 

articles/active-directory/verifiable-credentials/introduction-to-verifiable-credentials-architecture.md

@@ -26,7 +26,7 @@ This architectural overview introduces the capabilities and components of the Az
 
 ## Approaches to identity
 
-Today most organizations use centralized identity systems to provide employees credentials. They also use use various methods to bring customers, partners, vendors, and relying parties into the organization’s trust boundaries. These methods include federation, creating and managing guest accounts with systems like Azure AD B2B, and creating explicit trusts with relying parties. Most business relationships have a digital component, so enabling some form of trust between organizations requires significant effort. 
+Today most organizations use centralized identity systems to provide employees credentials. They also use various methods to bring customers, partners, vendors, and relying parties into the organization’s trust boundaries. These methods include federation, creating and managing guest accounts with systems like Azure AD B2B, and creating explicit trusts with relying parties. Most business relationships have a digital component, so enabling some form of trust between organizations requires significant effort. 
 
 ### Centralized identity systems
 
@@ -78,7 +78,7 @@ Terminology for verifiable credentials (VCs) might be confusing if you're not fa
 
  “A ***decentralized identifier document***, also referred to as a ***DID document***, is a document that is accessible using a verifiable data registry and contains information related to a specific decentralized identifier, such as the associated repository and public key information.” 
 
-* In the scenario above, both the issuer and verifier have a DID, and a DID document. The DID document contains the public key, and the list of DNS web domains associated with DID (also known as linked domains).
+* In the scenario above, both the issuer and verifier have a DID, and a DID document. The DID document contains the public key, and the list of DNS web domains associated with the DID (also known as linked domains).
 
 * Woodgrove (issuer) signs their employees’ VCs with its public key; similarly, Proseware (verifier) signs requests to present a VC using its key, which is also associated with its DID.
 
@@ -129,7 +129,7 @@ These use cases demonstrate how centralized identities and decentralized identit
 
  **Awareness**: Alice is interested in working for Woodgrove, Inc. and visits Woodgrove’s career website. 
 
-**Activation**: The Woodgrove site presents Alice with a method to prove their identity by promptinthem with a QR code or a deep link to visit its trusted identity proofing partner, Adatum.
+**Activation**: The Woodgrove site presents Alice with a method to prove their identity by prompting them with a QR code or a deep link to visit its trusted identity proofing partner, Adatum.
 
 **Request and upload**: Adatum requests proof of identity from Alice. Alice takes a selfie and a driver’s license picture and uploads them to Adatum. 
 
@@ -166,7 +166,7 @@ By combining centralized and decentralized identity architectures for onboarding
 
 As an employee, Alice is operating inside of the trust boundary of Woodgrove. Woodgrove acts as the identity provider (IDP) and maintains complete control of the identity and the configuration of the apps Alice uses to interact within the Woodgrove trust boundary. To use resources in the Azure AD trust boundary, Alice provides potentially multiple forms of proof of identification to log on to Woodgrove’s trust boundary and access the resources inside of Woodgrove’s technology environment. This is a typical scenario that is well served using a centralized identity architecture. 
 
-* Woodgrove manages the trust boundary, and using good security practices provides the least-privileged level of access to Alice based on the job performed. To maintain a strong security posture, and potentially for compliance reasons, Woodgrove must also be able to track employees’ permissions and access to resources and must be able to revoke permissions when the employment is terminated.
+* Woodgrove manages the trust boundary and using good security practices provides the least-privileged level of access to Alice based on the job performed. To maintain a strong security posture, and potentially for compliance reasons, Woodgrove must also be able to track employees’ permissions and access to resources and must be able to revoke permissions when the employment is terminated.
 
 * Alice only uses the credential that Woodgrove maintains to access Woodgrove resources. Alice has no need to track when the credential is used since the credential is managed by Woodgrove and only used with Woodgrove resources. The identity is only valid inside of the Woodgrove trust boundary when access to Woodgrove resources is necessary, so Alice has no need to possess the credential. 
 
@@ -272,7 +272,7 @@ In this flow, a holder interacts with a relying party (RP) to present a VC as pa
 
 1. The wallet downloads the request from the link. The request includes:
 
-   * a [standards based request for credentials](https://identity.foundation/presentation-exchange/) of a schema or credentialType. 
+   * a [standards based request for credentials](https://identity.foundation/presentation-exchange/) of a schema or credential type. 
 
    * the DID of the RP, which the wallet looks up in ION.
 

articles/active-directory/verifiable-credentials/plan-issuance-solution.md

@@ -54,7 +54,7 @@ Each issuer has a single key set used for signing, updating, and recovery. This
 
 * Rules are an issuer-defined model that describes the required inputs of a verifiable credential, the trusted sources of the inputs, and the mapping of input claims to output claims. 
 
-   * Input – Are a subset of the model in the rules file for client consumption. The subset must describe the set of inputs, where to obtain the inputs and the endpoint to call to obtain a verifiable credential.
+   * **Input** – Are a subset of the model in the rules file for client consumption. The subset must describe the set of inputs, where to obtain the inputs and the endpoint to call to obtain a verifiable credential.
 
 * Rules and display files for different credentials can be configured to use different containers, subscriptions, and storage. For example, you can delegate permissions to different teams that own management of specific VCs. 
 
@@ -122,7 +122,7 @@ With Azure AD Verifiable Credentials, the most common credential use cases are:
 
 * a user’s selfie 
 
-* verification of liveness.
+* verification of liveness
 
 This kind of credential is a good fit for identity onboarding scenarios of new employees, partners, service providers, students, and other instances where identity verification is essential.
 
@@ -150,7 +150,7 @@ In addition to the industry-specific standards and schemas that might be applica
 
 * **Minimize private information**: Meet the use cases with the minimal amount of private information necessary. For example, a VC used for e-commerce websites that offers discounts to employees and alumni can be fulfilled by presenting the credential with just the first and last name claims. Additional information such as hiring date, title, department, etc. are not needed.
 
-* **Favor abstract claims**: Each claim should meet the need while minimizing the detail. For example, a claim called “ageOver” with discrete values such as “13”,”21”,”60”, is more abstract than a date of birth claim.
+* **Favor abstract claims**: Each claim should meet the need while minimizing the detail. For example, a claim named “ageOver” with discrete values such as “13”,”21”,”60”, is more abstract than a date of birth claim.
 
 * **Plan for revocability**: We recommend you define an index claim to enable mechanisms to find and revoke credentials. You are limited to defining one index claim per contract. It is important to note that values for indexed claims are not stored in the backend, only a hash of the claim value. For more information, see [Revoke a previously issued verifiable credential](../verifiable-credentials/how-to-issuer-revoke.md).
 

articles/app-service/quickstart-custom-container.md

@@ -203,7 +203,7 @@ Create a container registry by following the instructions in [Quickstart: Create
 
     ![sign in to Azure](./media/quickstart-docker/sign-in.png)
 
-1. In the [Status Bar](https://code.visualstudio.com/docs/getstarted/userinterface) at the bottom, verify that your Azure account email address. In the **APP SERVICE** explorer, your subscription should be displayed.
+1. In the [Status Bar](https://code.visualstudio.com/docs/getstarted/userinterface) at the bottom, verify your Azure account email address. In the **APP SERVICE** explorer, your subscription should be displayed.
 
 1. In the Activity Bar, select the **Docker** logo. In the **REGISTRIES** explorer, verify that the container registry you created appears.
 
@@ -286,7 +286,7 @@ In this Dockerfile, the parent image is one of the built-in Java containers of A
 
 3. In the image tag box, specify the tag you want in the following format: `<acr-name>.azurecr.io/<image-name>/<tag>`, where `<acr-name>` is the name of the container registry you created. Press **Enter**.
 
-4. When the image finishes building, click **Refresh** at the top of the **IMAGES** explorer and verify the image is built successfully.
+4. When the image finishes building, click **Refresh** at the top of the **IMAGES** explorer and verify that the image is built successfully.
 
     ![Screenshot shows the built image with tag.](./media/quickstart-docker/built-image.png)
 
@@ -295,7 +295,7 @@ In this Dockerfile, the parent image is one of the built-in Java containers of A
 1. In the Activity Bar, click the **Docker** icon. In the **IMAGES** explorer, find the image you just built.
 1. Expand the image, right-click on the tag you want, and click **Push**.
 1. Make sure the image tag begins with `<acr-name>.azurecr.io` and press **Enter**.
-1. When Visual Studio Code finishes pushing the image to your container registry, click **Refresh** at the top of the **REGISTRIES** explorer and verify the image is pushed successfully.
+1. When Visual Studio Code finishes pushing the image to your container registry, click **Refresh** at the top of the **REGISTRIES** explorer and verify that the image is pushed successfully.
 
     ![Screenshot shows the image deployed to Azure container registry.](./media/quickstart-docker/image-in-registry.png)
 

articles/automation/whats-new.md

@@ -4,7 +4,7 @@ description: Significant updates to Azure Automation updated each month.
 services: automation
 ms.subservice: 
 ms.topic: overview
-ms.date: 06/09/2021
+ms.date: 07/27/2021
 ms.custom: references_regions
 ---
 
@@ -18,6 +18,22 @@ Azure Automation receives improvements on an ongoing basis. To stay up to date w
 
 This page is updated monthly, so revisit it regularly.
 
+## July 2021
+
+### Preview Support for User Assigned Managed Identities
+
+**Type:** New feature
+
+Azure Automation now supports [User Assigned Managed Identities](automation-secure-asset-encryption.md) for cloud jobs in Azure public , Gov & China regions. Read the [announcement](https://azure.microsoft.com/updates/azure-automation-user-assigned-identities/) for more information.
+
+### General Availability of customer-managed keys for Azure Automation
+
+**Type:** New feature
+
+Customers can manage and secure encryption of Azure Automation assets using their own managed keys. With the introduction of customer-managed keys you can supplement default encryption with an additional encryption layer using keys that you create and manage in Azure Key Vault. This additional encryption should help you meet your organization’s regulatory or compliance needs.
+
+For more information, see [Use of customer-managed keys](automation-secure-asset-encryption.md#use-of-customer-managed-keys-for-an-automation-account).
+
 ## June 2021
 
 ### Security update for Log Analytics Contributor role

articles/azure-functions/functions-overview.md

@@ -41,7 +41,7 @@ The following are a common, _but by no means exhaustive_, set of scenarios for A
 | **Process file uploads** | Run code when a file is uploaded or changed in [blob storage](./functions-bindings-storage-blob.md) |
 | **Build a serverless workflow** | Chain a series of functions together using [durable functions](./durable/durable-functions-overview.md) |
 | **Respond to database changes** | Run custom logic when a document is created or updated in [Cosmos DB](./functions-bindings-cosmosdb-v2.md) |
-| **Run scheduled tasks** | Execute code at [set times](./functions-bindings-timer.md) |
+| **Run scheduled tasks** | Execute code on [pre-defined timed intervals](./functions-bindings-timer.md) |
 | **Create reliable message queue systems** | Process message queues using [Queue Storage](./functions-bindings-storage-queue.md), [Service Bus](./functions-bindings-service-bus.md), or [Event Hubs](./functions-bindings-event-hubs.md) |
 | **Analyze IoT data streams** | Collect and process [data from IoT devices](./functions-bindings-event-iot.md) |
 | **Process data in real time** | Use [Functions and SignalR](./functions-bindings-signalr-service.md) to respond to data in the moment |

articles/azure-maps/tutorial-creator-indoor-maps.md

@@ -85,7 +85,7 @@ To upload the Drawing package:
 
 To check the status of the drawing package and retrieve its unique ID (`udid`):
 
-1. In the Postman app, select **New**..
+1. In the Postman app, select **New**.
 
 2. In the **Create New** window, select **HTTP Request**.
 
@@ -113,7 +113,7 @@ You can retrieve metadata from the Drawing package resource. The metadata contai
 
 To retrieve content metadata:
 
-1. In the Postman app, select **New**..
+1. In the Postman app, select **New**.
 
 2. In the **Create New** window, select **HTTP Request**.
 
@@ -148,7 +148,7 @@ Now that the Drawing package is uploaded, we'll use the `udid` for the uploaded
 
 To convert a Drawing package:
 
-1. In the Postman app, select **New**..
+1. In the Postman app, select **New**.
 
 2. In the **Create New** window, select **HTTP Request**.
 
@@ -176,7 +176,7 @@ After the conversion operation completes, it returns a `conversionId`. We can ac
 
 To check the status of the conversion process and retrieve the `conversionId`:
 
-1. In the Postman app, select **New**..
+1. In the Postman app, select **New**.
 
 2. In the **Create New** window, select **HTTP Request**.
 
@@ -233,7 +233,7 @@ A dataset is a collection of map features, such as buildings, levels, and rooms.
 
 To create a dataset:
 
-1. In the Postman app, select **New**..
+1. In the Postman app, select **New**.
 
 2. In the **Create New** window, select **HTTP Request**.
 
@@ -259,7 +259,7 @@ To create a dataset:
 
 To check the status of the dataset creation process and retrieve the `datasetId`:
 
-1. In the Postman app, select **New**..
+1. In the Postman app, select **New**.
 
 2. In the **Create New** window, select **HTTP Request**.
 
@@ -287,7 +287,7 @@ A tileset is a set of vector tiles that render on the map. Tilesets are created
 
 To create a tileset:
 
-1. In the Postman app, select **New**..
+1. In the Postman app, select **New**.
 
 2. In the **Create New** window, select **HTTP Request**.
 
@@ -313,7 +313,7 @@ To create a tileset:
 
 To check the status of the dataset creation process and retrieve the `tilesetId`:
 
-1. In the Postman app, select **New**..
+1. In the Postman app, select **New**.
 
 2. In the **Create New** window, select **HTTP Request**.
 
@@ -341,7 +341,7 @@ Datasets can be queried using [WFS API](/rest/api/maps/v2/wfs). You can use the
 
 To query the all collections in your dataset:
 
-1. In the Postman app, select **New**..
+1. In the Postman app, select **New**.
 
 2. In the **Create New** window, select **HTTP Request**.
 
@@ -391,7 +391,7 @@ In this section, we'll query [WFS API](/rest/api/maps/v2/wfs) for the `unit` fea
 
 To query the unit collection in your dataset:
 
-1. In the Postman app, select **New**..
+1. In the Postman app, select **New**.
 
 2. In the **Create New** window, select **HTTP Request**.
 
@@ -445,7 +445,7 @@ Feature statesets define dynamic properties and values on specific features that
 
 To create a stateset:
 
-1. In the Postman app, select **New**..
+1. In the Postman app, select **New**.
 
 2. In the **Create New** window, select **HTTP Request**.
 
@@ -500,7 +500,7 @@ To create a stateset:
 
 To update the `occupied` state of the unit with feature `id` "UNIT26":
 
-1. In the Postman app, select **New**..
+1. In the Postman app, select **New**.
 
 2. In the **Create New** window, select **HTTP Request**.
 

articles/azure-resource-manager/bicep/toc.yml

@@ -32,6 +32,7 @@
       items:
       - name: Resource declaration
         href: resource-declaration.md
+        displayName: existing
       - name: Conditional deployment
         href: conditional-resource-deployment.md
         displayName: runtime