Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr

Author: shlipsey3

articles/azure-maps/authentication-best-practices.md

@@ -28,7 +28,7 @@ When creating publicly facing client applications with Azure Maps, you must ensu
 
 Subscription key-based authentication (Shared Key) can be used in either client side applications or web services, however it's the least secure approach to securing your application or web service. The reason is the key is easily obtained from an HTTP request and grants access to all Azure Maps REST API available in the SKU (Pricing Tier). If you do use subscription keys, be sure to [rotate them regularly] and keep in mind that Shared Key doesn't allow for configurable lifetime, it must be done manually. You should also consider using [Shared Key authentication with Azure Key Vault], which enables you to securely store your secret in Azure.
 
-If using [Azure Active Directory (Azure AD) authentication] or [Shared Access Signature (SAS) Token authentication] (preview), access to Azure Maps REST APIs is authorized using [role-based access control (RBAC)]. RBAC enables you to control what access is given to the issued tokens. You should consider how long access should be granted for the tokens. Unlike Shared Key authentication, the lifetime of these tokens is configurable.
+If using [Azure Active Directory (Azure AD) authentication] or [Shared Access Signature (SAS) Token authentication], access to Azure Maps REST APIs is authorized using [role-based access control (RBAC)]. RBAC enables you to control what access is given to the issued tokens. You should consider how long access should be granted for the tokens. Unlike Shared Key authentication, the lifetime of these tokens is configurable.
 
 > [!TIP]
 >

articles/azure-maps/azure-maps-authentication.md

@@ -4,7 +4,7 @@ titleSuffix: Azure Maps
 description: "Learn about two ways of authenticating requests in Azure Maps: shared key authentication and Azure Active Directory (Azure AD) authentication."
 author: eriklindeman
 ms.author: eriklind
-ms.date: 05/25/2021
+ms.date: 07/05/2023
 ms.topic: conceptual
 ms.service: azure-maps
 services: azure-maps
@@ -112,11 +112,12 @@ When you configure Azure RBAC, you choose a security principal and apply it to a
 The following role definition types exist to support application scenarios.
 
 | Azure Role Definition                    | Description                                                                                                    |
-| :--------------------------------------- | :------------------------------------------------------------------------------------------------------------- |
+| :--------------------------------------- | :------------------------------------------------- |
 | Azure Maps Search and Render Data Reader | Provides access to only search and render Azure Maps REST APIs to limit access to basic web browser use cases. |
-| Azure Maps Data Reader                   | Provides access to immutable Azure Maps REST APIs.                                                             |
-| Azure Maps Data Contributor              | Provides access to mutable Azure Maps REST APIs. Mutability, defined by the actions: write and delete.         |
-| Custom Role Definition                   | Create a crafted role to enable flexible restricted access to Azure Maps REST APIs.                            |
+| Azure Maps Data Reader                   | Provides access to immutable Azure Maps REST APIs. |
+| Azure Maps Data Contributor              | Provides access to mutable Azure Maps REST APIs. Mutability, defined by the actions: write and delete. |
+| Azure Maps Data Read and Batch Role      |  This role can be used to assign read and batch actions on Azure Maps. |
+| Custom Role Definition                   | Create a crafted role to enable flexible restricted access to Azure Maps REST APIs. |
 
 Some Azure Maps services may require elevated privileges to perform write or delete actions on Azure Maps REST APIs. Azure Maps Data Contributor role is required for services, which provide write or delete actions. The following table describes what services Azure Maps Data Contributor is applicable when using write or delete actions. When only read actions are required, the Azure Maps Data Reader role can be used in place of the Azure Maps Data Contributor role.
 
@@ -169,10 +170,6 @@ Disabling local authentication doesn't take effect immediately. Allow a few minu
 
 ## Shared access signature token authentication
 
-[!INCLUDE [preview features callout](./includes/preview-callout.md)]
-
-Shared Access Signature token authentication is in preview.
-
 Shared access signature (SAS) tokens are authentication tokens created using the JSON Web token (JWT) format and are cryptographically signed to prove authentication for an application to the Azure Maps REST API. A SAS token, created by integrating a [user-assigned managed identity] with an Azure Maps account in your Azure subscription. The user-assigned managed identity is given authorization to the Azure Maps account through Azure RBAC using either built-in or custom role definitions.
 
 Functional key differences of SAS token from Azure AD Access tokens:

articles/azure-maps/geographic-scope.md

@@ -47,7 +47,7 @@ GET https://eu.atlas.microsoft.com/search/address/{format}?api-version=1.0&query
 
 ## Additional information
 
-For information on limiting what regions a SAS token can use in see [Authentication with Azure Maps]
+For information on limiting what regions a SAS token can use in, see [Authentication with Azure Maps].
 
 - [Azure geographies]
 - [Azure Government cloud support]

articles/azure-maps/how-to-secure-sas-app.md

@@ -12,7 +12,7 @@ manager: philema
 ms.custom: subject-rbac-steps, kr2b-contr-experiment, devx-track-azurecli
 ---
 
-# Secure an Azure Maps account with a SAS token (preview)
+# Secure an Azure Maps account with a SAS token
 
 This article describes how to create an Azure Maps account with a securely stored SAS token you can use to call the Azure Maps REST API.
 
@@ -305,7 +305,7 @@ The following steps describe how to create and configure an Azure Maps account w
             {
                 "name": "[parameters('accountName')]",
                 "type": "Microsoft.Maps/accounts",
-                "apiVersion": "2021-12-01-preview",
+                "apiVersion": "2023-06-01",
                 "location": "[parameters('location')]",
                 "sku": {
                     "name": "[parameters('pricingTier')]"
@@ -353,7 +353,7 @@ The following steps describe how to create and configure an Azure Maps account w
                     "expiry" : "[variables('sasParameters').expiry]"
                 },
                 "properties": {
-                    "value": "[listSas(variables('accountId'), '2021-12-01-preview', variables('sasParameters')).accountSasToken]"
+                    "value": "[listSas(variables('accountId'), '2023-06-01', variables('sasParameters')).accountSasToken]"
                 }
             }
         ]

articles/chaos-studio/chaos-studio-limitations.md

@@ -15,17 +15,18 @@ During the public preview of Azure Chaos Studio, there are a few limitations and
 
 ## Limitations
 
-* The target resources must be in [one of the regions supported by the Azure Chaos Studio Preview](https://azure.microsoft.com/global-infrastructure/services/?products=chaos-studio).
-* Azure Chaos Studio tracked resources (for example, Experiments) currently do NOT support Resource Move. Experiments can be easily copied (by copying Experiment JSON) for use in other subscriptions, resource groups, or regions. Experiments can also already target resources across regions. Extension resources (Targets and Capabilities) do support Resource Move. 
-* For agent-based faults, the virtual machine must have outbound network access to the Chaos Studio agent service:
-    * Regional endpoints to allowlist are listed in [Permissions and security in Azure Chaos Studio](chaos-studio-permissions-security.md#network-security).
-    * If you're sending telemetry data to Application Insights, the IPs in [IP addresses used by Azure Monitor](../azure-monitor/app/ip-addresses.md) are also required.
-* If you run an experiment that makes use of the Chaos Studio agent, the virtual machine must run one of the following operating systems:
-
-    * Windows Server 2019, Windows Server 2016, Windows Server 2012, and Windows Server 2012 R2
-    * Red Hat Enterprise Linux 8.2, SUSE Enterprise Linux 15 SP2, CentOS 8.2, Debian 10 Buster (with unzip installation required), Oracle Linux 7.8, Ubuntu Server 16.04 LTS, and Ubuntu Server 18.04 LTS
-* The Chaos Studio agent isn't tested against custom Linux distributions or hardened Linux distributions (for example, FIPS or SELinux).
-* The Chaos Studio portal experience has only been tested on the following browsers:
+- **Supported regions** - The target resources must be in [one of the regions supported by the Azure Chaos Studio Preview](https://azure.microsoft.com/global-infrastructure/services/?products=chaos-studio).
+- **Resource Move not supported** - Azure Chaos Studio tracked resources (for example, Experiments) currently do NOT support Resource Move. Experiments can be easily copied (by copying Experiment JSON) for use in other subscriptions, resource groups, or regions. Experiments can also already target resources across regions. Extension resources (Targets and Capabilities) do support Resource Move. 
+- **VMs require network access to Chaos studio** - For agent-based faults, the virtual machine must have outbound network access to the Chaos Studio agent service:
+    - Regional endpoints to allowlist are listed in [Permissions and security in Azure Chaos Studio](chaos-studio-permissions-security.md#network-security).
+    - If you're sending telemetry data to Application Insights, the IPs in [IP addresses used by Azure Monitor](../azure-monitor/app/ip-addresses.md) are also required.
+
+- **Supported VM operating systems** - If you run an experiment that makes use of the Chaos Studio agent, the virtual machine must run one of the following operating systems:
+
+    - Windows Server 2019, Windows Server 2016, Windows Server 2012, and Windows Server 2012 R2
+    - Red Hat Enterprise Linux 8.2, SUSE Enterprise Linux 15 SP2, CentOS 8.2, Debian 10 Buster (with unzip installation required), Oracle Linux 7.8, Ubuntu Server 16.04 LTS, and Ubuntu Server 18.04 LTS
+- **Hardened Linux untested** -  The Chaos Studio agent isn't tested against custom Linux distributions or hardened Linux distributions (for example, FIPS or SELinux).
+- **Supported browsers** The Chaos Studio portal experience has only been tested on the following browsers:
     * **Windows:** Microsoft Edge, Google Chrome, and Firefox
     * **MacOS:** Safari, Google Chrome, and Firefox
 

articles/cognitive-services/Computer-vision/how-to/shelf-modify-images.md

@@ -8,8 +8,8 @@ manager: nitinme
 ms.service: cognitive-services
 ms.subservice: computer-vision
 ms.topic: how-to
-ms.date: 04/26/2023
-ms.author: pafarley
+ms.date: 07/10/2023
+ms.author: ginle
 ms.custom: references_regions, build-2023
 ---
 
@@ -45,7 +45,7 @@ To run the image stitching operation on a set of images, follow these steps:
 1. Copy the following `curl` command into a text editor.
 
     ```bash
-    curl.exe -H "Ocp-Apim-Subscription-Key: <subscriptionKey>" -H "Content-Type: application/json" "https://<endpoint>/vision/v4.0-preview.1/operations/shelfanalysis-productunderstanding:stitch" --output <your_filename> -d "{
+    curl.exe -H "Ocp-Apim-Subscription-Key: <subscriptionKey>" -H "Content-Type: application/json" "<endpoint>/computervision/imagecomposition:stitch?api-version=2023-04-01-preview" --output <your_filename> -d "{
         'images': [
             {
             'url':'<your_url_string>'
@@ -84,7 +84,7 @@ To correct the perspective distortion in the composite image, follow these steps
 1. Copy the following `curl` command into a text editor.
 
     ```bash
-    curl.exe -H "Ocp-Apim-Subscription-Key: <subscriptionKey>" -H "Content-Type: application/json" "https://<endpoint>/vision/v4.0-preview.1/operations/shelfanalysis-productunderstanding:rectify" --output <your_filename> -d "{
+    curl.exe -H "Ocp-Apim-Subscription-Key: <subscriptionKey>" -H "Content-Type: application/json" "<endpoint>/computervision/imagecomposition:rectify?api-version=2023-04-01-preview" --output <your_filename> -d "{
       'url': '<your_url_string>',
       'controlPoints': {
         'topLeft': {

articles/cosmos-db/hierarchical-partition-keys.md

@@ -289,6 +289,7 @@ PaymentEvent item = new PaymentEvent()
 PartitionKey partitionKey = new PartitionKeyBuilder()
             .Add(item.TenantId)
             .Add(item.UserId)
+            .Add(item.SessionId)
             .Build();
 
 // Create the item in the container

articles/cosmos-db/throughput-serverless.md

@@ -25,11 +25,11 @@ Azure Cosmos DB is available in two different capacity modes: [provisioned throu
 | Best suited for | Workloads with sustained traffic requiring predictable performance | Workloads with intermittent or unpredictable traffic and low average-to-peak traffic ratio |
 | How it works | For each of your containers, you configure some amount of provisioned throughput expressed in [Request Units (RUs)](request-units.md) per second. Every second, this quantity of Request Units is available for your database operations. Provisioned throughput can be updated manually or adjusted automatically with [autoscale](provision-throughput-autoscale.md). | You run your database operations against your containers without having to configure any previously provisioned capacity. |
 | Geo-distribution | Available (unlimited number of Azure regions) | Unavailable (serverless accounts can only run in a single Azure region) |
-| Maximum storage per container | Unlimited | 50 GB<sup>1</sup> |
+| Maximum storage per container | Unlimited | 1 TB<sup>1</sup> |
 | Performance | < 10-ms latency for point-reads and writes covered by SLA | < 10-ms latency for point-reads and < 30 ms for writes covered by SLO |
 | Billing model | Billing is done on a per-hour basis for the RU/s provisioned, regardless of how many RUs were consumed. | Billing is done on a per-hour basis for the number of RUs consumed by your database operations. |
 
-<sup>1</sup> Serverless containers up to 1 TB are currently in preview with Azure Cosmos DB. To try the new feature, register the *"Azure Cosmos DB Serverless 1 TB Container Preview"* [preview feature in your Azure subscription](../azure-resource-manager/management/preview-features.md).
+<sup>1</sup> Serverless containers up to 1 TB is GA. Maximum RU/sec availability is dependent on data stored in the container. See, [Serverless Performance](serverless-performance.md)
 
 ## Estimating your expected consumption
 

articles/event-grid/receive-events.md

@@ -26,7 +26,7 @@ SDKs for other languages are available via the [Publish SDKs](./sdk-overview.md#
 
 ## Endpoint validation
 
-The first thing you want to do is handle `Microsoft.EventGrid.SubscriptionValidationEvent` events. Every time someone subscribes to an event, Event Grid sends a validation event to the endpoint with a `validationCode` in the data payload. The endpoint is required to echo this back in the response body to [prove the endpoint is valid and owned by you](webhook-event-delivery.md). If you're using an [Event Grid Trigger](../azure-functions/functions-bindings-event-grid.md) rather than a WebHook triggered Function, endpoint validation is handled for you. If you use a third-party API service (like [Zapier](https://zapier.com/home) or [IFTTT](https://ifttt.com/)), you might not be able to programmatically echo the validation code. For those services, you can manually validate the subscription by using a validation URL that is sent in the subscription validation event. Copy that URL in the `validationUrl` property and send a GET request either through a REST client or your web browser.
+The first thing you want to do is handle `Microsoft.EventGrid.SubscriptionValidationEvent` events. Every time someone subscribes to an event, Event Grid sends a validation event to the endpoint with a `validationCode` in the data payload. The endpoint is required to echo this back in the response body to [prove the endpoint is valid and owned by you](webhook-event-delivery.md). If you're using an [Event Grid Trigger](../azure-functions/functions-bindings-event-grid.md) rather than a WebHook triggered Function, endpoint validation is handled for you. If you use a third-party API service (like [Zapier](https://zapier.com/) or [IFTTT](https://ifttt.com/)), you might not be able to programmatically echo the validation code. For those services, you can manually validate the subscription by using a validation URL that is sent in the subscription validation event. Copy that URL in the `validationUrl` property and send a GET request either through a REST client or your web browser.
 
 In C#, the `ParseMany()` method is used to deserialize a `BinaryData` instance containing 1 or more events into an array of `EventGridEvent`. If you knew ahead of time that you are deserializing only a single event, you could use the `Parse` method instead.
 

articles/external-attack-surface-management/what-is-discovery.md

@@ -37,7 +37,7 @@ For example, to discover Contoso’s infrastructure, you might use the domain, c
 | Data source | Example |
 |--|--|
 | WhoIs records | Other domain names registered to the same contact email or registrant org used to register contoso.com likely also belong to Contoso |
-| WhoIs records | All domain names registered to any @contoso.com email address likely also belong to Microsoft |
+| WhoIs records | All domain names registered to any @contoso.com email address likely also belong to Contoso |
 | Whois records | Other domains associated with the same name server as contoso.com may also belong to Contoso |
 | DNS records | We can assume that Contoso also owns all observed hosts on the domains it owns and any websites that are associated with those hosts |
 | DNS records | Domains with other hosts resolving to the same IP blocks might also belong to Contoso if the organization owns the IP block |