Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Banani-Rath

.openpublishing.redirection.json

@@ -1,5 +1,10 @@
 {
   "redirections": [
+    {
+      "source_path": "articles/storage/blobs/storage-ios-how-to-use-blob-storage.md",
+      "redirect_url": "/previous-versions/azure/storage/blobs/storage-ios-how-to-use-blob-storage",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/virtual-machines/linux/login-using-aad.md",
       "redirect_url": "/previous-versions/azure/virtual-machines/linux/login-using-aad",

articles/active-directory/reports-monitoring/media/workbook-risk-analysis/time-range-filter.png

@@ -130,6 +130,8 @@
       href: workbook-conditional-access-gap-analyzer.md
     - name: Cross-tenant access activity 
       href: workbook-cross-tenant-access-activity.md
+    - name: Risk analysis
+      href: workbook-risk-analysis.md
     - name: Sensitive Operations Report 
       href: workbook-sensitive-operations-report.md
 - name: Recommendations

articles/active-directory/reports-monitoring/media/workbook-risk-analysis/workbook-category.png

@@ -0,0 +1,107 @@
+---
+
+title: Identity protection risk analysis workbook in Azure AD | Microsoft Docs
+description: Learn how to use the identity protection risk analysis workbook.
+services: active-directory
+documentationcenter: ''
+author: MarkusVi
+manager: karenho
+editor: ''
+
+ms.service: active-directory
+ms.topic: reference
+ms.workload: identity
+ms.subservice: report-monitor
+ms.date: 03/08/2022
+ms.author: markvi
+ms.reviewer: sahandle 
+
+ms.collection: M365-identity-device-management
+---
+
+# Identity protection risk analysis workbook
+
+Azure AD Identity Protection detects, remediates, and prevents compromised identities. As an IT administrator, you want to understand risk trends in your organizations and opportunities for better policy configuration. With the Identity Protection Risky Analysis Workbook, you can answer common questions about your Identity Protection implementation.
+
+This article provides you with an overview of this workbook.
+
+
+## Description
+
+![Workbook category](./media/workbook-risk-analysis/workbook-category.png)
+
+
+As an IT administrator, you need to understand trends in identity risks and gaps in your policy implementations to ensure you are best protecting your organizations from identity compromise. The identity protection risk analysis workbook helps you analyze the state of risk in your organization.
+
+**This workbook:**
+
+- Provides visualizations of where in the world risk is being detected.
+
+- Allows you to understand the trends in real time vs. Offline risk detections.
+
+- Provides insight into how effective you are at responding to risky users.
+
+
+ 
+ 
+
+## Sections
+
+This workbook has five sections:
+
+- Heatmap of risk detections
+
+- Offline vs real-time risk detections
+
+- Risk detection trends
+
+- Risky users
+
+- Summary
+
+
+
+
+ 
+
+
+## Filters
+
+
+This workbook supports setting a time range filter.
+
+
+![Set time range filter](./media/workbook-risk-analysis/time-range-filter.png)
+
+There are more filters in the risk detection trends and risky users sections. 
+
+Risk Detection Trends:
+
+- Detection timing type (real-time or offline)
+
+- Risk level (low, medium, high, or none)
+
+Risky Users:
+
+- Risk detail (which indicates what changed a user’s risk level)
+
+- Risk level (low, medium, high, or none)
+
+
+## Best practices
+
+
+- **[Enable risky sign-in policies](../identity-protection/concept-identity-protection-policies.md)** - To prompt for multi-factor authentication (MFA) on medium risk or above. Enabling the policy reduces the proportion of active real-time risk detections by allowing legitimate users to self-remediate the risk detections with MFA.
+
+- **[Enable a risky user policy](../identity-protection/howto-identity-protection-configure-risk-policies.md#user-risk-with-conditional-access)** - To enable users to securely remediate their accounts when they are high risk. Enabling the policy reduces the number of active at-risk users in your organization by returning the user’s credentials to a safe state.
+
+
+
+
+
+## Next steps
+
+- To learn more about identity protection, see [What is identity protection](../identity-protection/overview-identity-protection.md). 
+
+- For more information about Azure AD workbooks, see [How to use Azure AD workbooks](howto-use-azure-monitor-workbooks.md).
+

articles/active-directory/reports-monitoring/toc.yml

@@ -47,10 +47,10 @@
   items:
   - name: Sample Applications
     href: https://github.com/Azure-Samples/active-directory-verifiable-credentials
-  - name: Sample Issuer
-    href: https://didvc-issuer-sample.azurewebsites.net/
-  - name: Sample Verifier
-    href: https://didvc-verifier-sample.azurewebsites.net/
+#  - name: Sample Issuer
+#   href: 
+  - name: End to End Demo
+    href: https://woodgroveemployee.azurewebsites.net/
 - name: Reference
   expanded: true
   items:

articles/active-directory/reports-monitoring/workbook-risk-analysis.md

@@ -94,9 +94,9 @@ The scenario we use to explain how VCs work involves:
 
 
 
-Today, Alice provides a username and password to log onto Woodgrove’s networked environment. Woodgrove is deploying a VC solution to provide a more manageable way for Alice to prove she is an employee of Woodgrove. Proseware is using a VC solution compatible with Woodgrove's VC solution and they accept credentials issued by Woodgrove as proof of employment.
+Today, Alice provides a username and password to log onto Woodgrove’s networked environment. Woodgrove is deploying a verifiable credential solution to provide a more manageable way for Alice to prove that she is an employee of Woodgrove. Proseware accepts verifiable credentials issued by Woodgrove as proof of employment to offer corporate discounts as part of their corporate discount program.
 
-The issuer of the credential, Woodgrove Inc., creates a public key and a private key. The public key is stored on ION. When the key is added to the infrastructure, the entry is recorded in a blockchain-based decentralized ledger. The issuer provides Alice the private key that is stored in a wallet application. Each time Alice successfully uses the private key the transaction is logged in the wallet application.
+Alice requests Woodgrove Inc for a proof of employment verifiable credential. Woodgrove Inc attests Alice's identiy and issues a signed verfiable credential that Alice can accept and store in her digital wallet application. Alice can now present this verifiable credential as a proof of employement on the Proseware site. After a succesfull presentation of the credential, Prosware offers discount to Alice and the transaction is logged in Alice's wallet application so that she can track where and to whom she has presented her proof of employment verifiable credential.
 
 ![microsoft-did-overview](media/decentralized-identifier-overview/did-overview.png)
 

articles/active-directory/verifiable-credentials/TOC.yml

@@ -1,7 +1,7 @@
 ---
 title: Quickstart - Create an Azure Analysis Services server resource by using Bicep
 description: Quickstart showing how to an Azure Analysis Services server resource by using a Bicep file.
-ms.date: 03/04/2022
+ms.date: 03/08/2022
 ms.topic: quickstart
 ms.service: azure-analysis-services
 ms.author: jgao
@@ -73,18 +73,13 @@ When no longer needed, use the Azure portal, Azure CLI, or Azure PowerShell to d
 # [CLI](#tab/CLI)
 
 ```azurecli-interactive
-echo "Enter the Resource Group name:" &&
-read resourceGroupName &&
-az group delete --name $resourceGroupName &&
-echo "Press [ENTER] to continue ..."
+az group delete --name exampleRG
 ```
 
 # [PowerShell](#tab/PowerShell)
 
 ```azurepowershell-interactive
-$resourceGroupName = Read-Host -Prompt "Enter the Resource Group name"
-Remove-AzResourceGroup -Name $resourceGroupName
-Write-Host "Press [ENTER] to continue..."
+Remove-AzResourceGroup -Name exampleRG
 ```
 
 ---

articles/active-directory/verifiable-credentials/decentralized-identifier-overview.md

@@ -53,11 +53,11 @@ When an application gateway sends the original request to the backend server, it
 
 ### Modifications to the request
 
-Application gateway inserts five additional headers to all requests before it forwards the requests to the backend. These headers are x-forwarded-for, x-forwarded-proto, x-forwarded-port, x-original-host, and x-appgw-trace-id. The format for x-forwarded-for header is a comma-separated list of IP:port.
+Application gateway inserts six additional headers to all requests before it forwards the requests to the backend. These headers are x-forwarded-for, x-forwarded-port, x-forwarded-proto, x-original-host, x-original-url, and x-appgw-trace-id. The format for x-forwarded-for header is a comma-separated list of IP:port.
 
 The valid values for x-forwarded-proto are HTTP or HTTPS. X-forwarded-port specifies the port where the request reached the application gateway. X-original-host header contains the original host header with which the request arrived. This header is useful in Azure website integration, where the incoming host header is modified before traffic is routed to the backend. If session affinity is enabled as an option, then it adds a gateway-managed affinity cookie.
 
-x-appgw-trace-id is a unique guid generated by application gateway for each client request and presented in the forwarded request to the backend pool member.  The guid consists of 32 alphanumeric characters presented without dashes (for example: ac882cd65a2712a0fe1289ec2bb6aee7). This guid can be used to correlate a request received by application gateway and initiated to a backend pool member via the transactionId property in [Diagnostic Logs](application-gateway-diagnostics.md#diagnostic-logging).
+X-appgw-trace-id is a unique guid generated by application gateway for each client request and presented in the forwarded request to the backend pool member.  The guid consists of 32 alphanumeric characters presented without dashes (for example: ac882cd65a2712a0fe1289ec2bb6aee7). This guid can be used to correlate a request received by application gateway and initiated to a backend pool member via the transactionId property in [Diagnostic Logs](application-gateway-diagnostics.md#diagnostic-logging).
 
 You can configure application gateway to modify request and response headers and URL by using [Rewrite HTTP headers and URL](rewrite-http-headers-url.md) or to modify the URI path by using a path-override setting. However, unless configured to do so, all incoming requests are proxied to the backend.
 

articles/analysis-services/analysis-services-create-bicep-file.md

@@ -169,7 +169,7 @@ To recover an Automation account, ensure that the following conditions are met:
 - Before you attempt to recover a deleted Automation account, ensure that resource group for that account exists.
 
 > [!NOTE]
-> * If the resource group of the Automation account is deleted, to recover, you must recreate the resource group with the same name. After a few hours, the Automation account is repopulated in the list of deleted accounts. Then you can restore the account.
+> * If the resource group of the Automation account is deleted, to recover, you must recreate the resource group with the same name. 
 > * Though the resource group isn't present, you can see the Automation account in the deleted list. If the resource group isn't present, the account restore operation fails with the error *Account restore failed*.
 
 ### Recover a deleted Automation account