Merge pull request #195745 from MicrosoftDocs/main

4/21 AM Publish

Author: huypub

articles/active-directory/authentication/how-to-certificate-based-authentication.md

@@ -5,7 +5,7 @@ description: Topic that shows how to configure Azure AD certificate-based authen
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 02/18/2022
+ms.date: 04/21/2022
 
 ms.author: justinha
 author: justinha
@@ -160,6 +160,9 @@ The username binding policy helps determine the user in the tenant. By default,
 
 An admin can override the default and create a custom mapping. Currently, we support two certificate fields, SAN (Subject Alternate Name) Principal Name and SAN RFC822Name, to map against the user object attribute userPrincipalName and onPremisesUserPrincipalName.
 
+>[!IMPORTANT]
+>If a username binding policy uses synced attributes, such as onPremisesUserPrincipalName attribute of the user object, be aware that any user with administrative access to the Azure AD Connect server can change the sync attribute mapping, and in turn change the value of the synced attribute to their needs. The user does not need to be a cloud admin. 
+
 1. Create the username binding by selecting one of the X.509 certificate fields to bind with one of the user attributes. The username binding order represents the priority level of the binding. The first one has the highest priority and so on.
 
    :::image type="content" border="true" source="./media/how-to-certificate-based-authentication/username-binding-policy.png" alt-text="Screenshot of a username binding policy.":::

articles/active-directory/authentication/howto-authentication-passwordless-security-key-windows.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 02/22/2021
+ms.date: 04/20/2022
 
 ms.author: justinha
 author: justinha
@@ -31,7 +31,7 @@ This document focuses on enabling FIDO2 security key based passwordless authenti
 | [Hybrid Azure AD joined devices](../devices/concept-azure-ad-join-hybrid.md) require Windows 10 version 2004 or higher |   | X |
 | Fully patched Windows Server 2016/2019 Domain Controllers. |   | X |
 | [Azure AD Connect](../hybrid/how-to-connect-install-roadmap.md#install-azure-ad-connect) version 1.4.32.0 or later |   | X |
-| [Microsoft Intune](/intune/fundamentals/what-is-intune) (Optional) | X | X |
+| [Microsoft Endpoint Manager](/intune/fundamentals/what-is-intune) (Optional) | X | X |
 | Provisioning package (Optional) | X | X |
 | Group Policy (Optional) |   | X |
 
@@ -58,8 +58,8 @@ Hybrid Azure AD joined devices must run Windows 10 version 2004 or newer.
 
 Organizations may choose to use one or more of the following methods to enable the use of security keys for Windows sign-in based on their organization's requirements:
 
-- [Enable with Intune](#enable-with-intune)
-- [Targeted Intune deployment](#targeted-intune-deployment)
+- [Enable with Endpoint Manager](#enable-with-endpoint-manager)
+- [Targeted Endpoint Manager deployment](#targeted-endpoint-manager-deployment)
 - [Enable with a provisioning package](#enable-with-a-provisioning-package)
 - [Enable with Group Policy (Hybrid Azure AD joined devices only)](#enable-with-group-policy)
 
@@ -68,36 +68,34 @@ Organizations may choose to use one or more of the following methods to enable t
 >
 > Organizations with **Azure AD joined devices** must do this before their devices can authenticate to on-premises resources with FIDO2 security keys.
 
-### Enable with Intune
+### Enable with Endpoint Manager
 
-To enable the use of security keys using Intune, complete the following steps:
+To enable the use of security keys using Endpoint Manager, complete the following steps:
 
 1. Sign in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com).
 1. Browse to **Devices** > **Enroll Devices** > **Windows enrollment** > **Windows Hello for Business**.
 1. Set **Use security keys for sign-in** to **Enabled**.
 
 Configuration of security keys for sign-in isn't dependent on configuring Windows Hello for Business.
 
-### Targeted Intune deployment
+### Targeted Endpoint Manager deployment
 
-To target specific device groups to enable the credential provider, use the following custom settings via Intune:
+To target specific device groups to enable the credential provider, use the following custom settings via Endpoint Manager:
 
 1. Sign in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com).
-1. Browse to **Devices** > **Windows** > **Configuration Profiles** > **Create profile**.
+1. Browse to **Devices** > **Windows** > **Configuration profiles** > **Create profile**.
 1. Configure the new profile with the following settings:
    - Platform: Windows 10 and later
-   - Profile type: Template > Custom
+   - Profile type: Templates > Custom
    - Name: Security Keys for Windows Sign-In
    - Description: Enables FIDO Security Keys to be used during Windows Sign In
-1. Click **Add* and in **Add Row**, add the following Custom OMA-URI Settings:
+1. Click **Next** > **Add** and in **Add Row**, add the following Custom OMA-URI Settings:
       - Name: Turn on FIDO Security Keys for Windows Sign-In
       - Description: (Optional)
       - OMA-URI: ./Device/Vendor/MSFT/PassportForWork/SecurityKey/UseSecurityKeyForSignin
       - Data Type: Integer
       - Value: 1
-1. The remainder of the policy settings include assigning to specific users, devices, or groups. For more information, see [Assign user and device profiles in Microsoft Intune](/intune/device-profile-assign).
-
-![Intune custom device configuration policy creation](./media/howto-authentication-passwordless-security-key/intune-custom-profile.png)
+1. The remainder of the policy settings include assigning to specific users, devices, or groups. For more information, see [Assign user and device profiles in Microsoft Endpoint Manager](/intune/device-profile-assign).
 
 ### Enable with a provisioning package
 

articles/active-directory/saas-apps/atlassian-cloud-provisioning-tutorial.md

@@ -158,6 +158,7 @@ Once you've configured provisioning, use the following resources to monitor your
 ## Change log
 
 * 06/15/2020 - Added support for batch PATCH for groups.
+* 04/21/2021 - Added support for **Schema Discovery**.
 
 ## Additional resources
 

articles/active-directory/saas-apps/visibly-provisioning-tutorial.md

@@ -19,7 +19,7 @@ ms.author: thwimmer
 
 # Tutorial: Configure Visibly for automatic user provisioning
 
-This tutorial describes the steps you need to perform in both Visibly and Azure Active Directory (Azure AD) to configure automatic user provisioning. When configured, Azure AD automatically provisions and de-provisions users and groups to [Visibly](https://www.visibly.io/) using the Azure AD Provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Azure Active Directory](../app-provisioning/user-provisioning.md). 
+This tutorial describes the steps you need to perform in both Visibly and Azure Active Directory (Azure AD) to configure automatic user provisioning. When configured, Azure AD automatically provisions and de-provisions users and groups to [Visibly](https://visibly.io/) using the Azure AD Provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Azure Active Directory](../app-provisioning/user-provisioning.md). 
 
 
 ## Capabilities Supported
@@ -36,7 +36,7 @@ The scenario outlined in this tutorial assumes that you already have the followi
 
 * [An Azure AD tenant](../develop/quickstart-create-new-tenant.md) 
 * A user account in Azure AD with [permission](../roles/permissions-reference.md) to configure provisioning (for example, Application Administrator, Cloud Application administrator, Application Owner, or Global Administrator). 
-* A [Visibly](https://www.visibly.io/) tenant
+* A [Visibly](https://visibly.io/) tenant
 
 ## Step 1. Plan your provisioning deployment
 1. Learn about [how the provisioning service works](../app-provisioning/user-provisioning.md).
@@ -146,4 +146,4 @@ Once you've configured provisioning, use the following resources to monitor your
 
 ## Next steps
 
-* [Learn how to review logs and get reports on provisioning activity](../app-provisioning/check-status-user-account-provisioning.md)
+* [Learn how to review logs and get reports on provisioning activity](../app-provisioning/check-status-user-account-provisioning.md)

articles/app-service/configure-custom-container.md

@@ -206,12 +206,14 @@ The only exception is the `C:\home\LogFiles` directory, which is used to store t
 
 ::: zone pivot="container-linux"
 
-You can use the */home* directory in your custom container file system to persist files across restarts and share them across instances. The `/home` directory is provided to enable your custom container to access persistent storage.
+You can use the */home* directory in your custom container file system to persist files across restarts and share them across instances. The `/home` directory is provided to enable your custom container to access persistent storage. Saving data within `/home` will contribute to the [storage space quota](https://docs.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits#app-service-limits) included with your App Service Plan.
 
 When persistent storage is disabled, then writes to the `/home` directory are not persisted across app restarts or across multiple instances. When persistent storage is enabled, all writes to the `/home` directory are persisted and can be accessed by all instances of a scaled-out app. Additionally, any contents inside the `/home` directory of the container are overwritten by any existing files already present on the persistent storage when the container starts.
 
 The only exception is the `/home/LogFiles` directory, which is used to store the container and application logs. This folder will always persist upon app restarts if [application logging is enabled](troubleshoot-diagnostic-logs.md#enable-application-logging-linuxcontainer) with the **File System** option, independently of the persistent storage being enabled or disabled. In other words, enabling or disabling the persistent storage will not affect the application logging behavior.
 
+It is recommended to write data to `/home` or a [mounted azure storage path](configure-connect-to-azure-storage.md?tabs=portal&pivots=container-linux). Data written outside these paths will not be persistent during restarts and will be saved to platform-managed host disk space separate from the App Service Plans file storage quota.
+
 ::: zone-end
 
 By default, persistent storage is disabled on custom containers and the setting is exposed in the app settings. To enable it, set the `WEBSITES_ENABLE_APP_SERVICE_STORAGE` app setting value to `true` via the [Cloud Shell](https://shell.azure.com). In Bash:

articles/azure-functions/functions-app-settings.md

@@ -175,7 +175,7 @@ The tenant ID of the app registration used to access the vault where keys are st
 
 The URI of a key vault instance used to store keys. Supported in version 4.x and later versions of the Functions runtime. This is the recommended setting for using a key vault instance for key storage. Requires that `AzureWebJobsSecretStorageType` be set to `keyvault`.
 
-The `AzureWebJobsSecretStorageKeyVaultTenantId` value should be the full value of **Vault URI** displayed in the **Key Vault overview** tab, including `https://`.
+The `AzureWebJobsSecretStorageKeyVaultUri` value should be the full value of **Vault URI** displayed in the **Key Vault overview** tab, including `https://`.
 
 The vault must have an access policy corresponding to the system-assigned managed identity of the hosting resource. The access policy should grant the identity the following secret permissions: `Get`,`Set`, `List`, and `Delete`. <br/>When running locally, the developer identity is used, and settings must be in the [local.settings.json file](functions-develop-local.md#local-settings-file). 
 

articles/batch/index.yml

@@ -7,9 +7,9 @@ metadata:
   description: Azure Batch runs large-scale applications efficiently in the cloud. Schedule compute-intensive tasks and dynamically adjust resources for your solution without managing infrastructure.
   ms.service: batch 
   ms.topic: landing-page 
-  author: JnHs 
-  ms.author: jenhayes 
-  ms.date: 10/09/2020
+  author: prkannap 
+  ms.author: prkannap 
+  ms.date: 04/20/2022
 
 landingContent:
   - title: About Azure Batch

articles/batch/security-controls-policy.md

@@ -1,10 +1,10 @@
 ---
 title: Azure Policy Regulatory Compliance controls for Azure Batch
 description: Lists Azure Policy Regulatory Compliance controls available for Azure Batch. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources.
-ms.date: 03/10/2022
+ms.date: 04/20/2022
 ms.topic: sample
-author: JnHs
-ms.author: jenhayes
+author: prkannap
+ms.author: prkannap
 ms.service: batch
 ms.custom: subject-policy-compliancecontrols
 ---

articles/cognitive-services/language-service/question-answering/how-to/prebuilt.md

@@ -119,6 +119,7 @@ We see that multiple answers are received as part of the API response. Each answ
 
 ## Prebuilt API limits
 
+### API call limits
 If you need to use larger documents than the limit allows, you can break the text into smaller chunks of text before sending them to the API. In this context, a document is a defined single string of text characters.
 
 These numbers represent the **per individual API call limits**:
@@ -127,6 +128,99 @@ These numbers represent the **per individual API call limits**:
 * Maximum size of a single document: 5,120 characters.
 * Maximum three responses per document.
 
+### Language codes supported
+The following language codes are supported by Prebuilt API. These language codes are in accordance to the [ISO 639-1 codes standard](https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes).
+
+Language code|Language
+----|----
+af|Afrikaans
+am|Amharic
+ar|Arabic
+as|Assamese
+az|Azerbaijani
+ba|Bashkir
+be|Belarusian
+bg|Bulgarian
+bn|Bengali
+ca|Catalan, Valencian
+ckb|Central Kurdish
+cs|Czech
+cy|Welsh
+da|Danish
+de|German
+el|Greek, Modern (1453–)
+en|English
+eo|Esperanto
+es|Spanish, Castilian
+et|Estonian
+eu|Basque
+fa|Persian
+fi|Finnish
+fr|French
+ga|Irish
+gl|Galician
+gu|Gujarati
+he|Hebrew
+hi|Hindi
+hr|Croatian
+hu|Hungarian
+hy|Armenian
+id|Indonesian
+is|Icelandic
+it|Italian
+ja|Japanese
+ka|Georgian
+kk|Kazakh
+km|Central Khmer
+kn|Kannada
+ko|Korean
+ky|Kirghiz, Kyrgyz
+la|Latin
+lo|Lao
+lt|Lithuanian
+lv|Latvian
+mk|Macedonian
+ml|Malayalam
+mn|Mongolian
+mr|Marathi
+ms|Malay
+mt|Maltese
+my|Burmese
+ne|Nepali
+nl|Dutch, Flemish
+nn|Norwegian Nynorsk
+no|Norwegian
+or|Oriya
+pa|Punjabi, Panjabi
+pl|Polish
+ps|Pashto, Pushto
+pt|Portuguese
+ro|Romanian, Moldavian, Moldovan
+ru|Russian
+sa|Sanskrit
+sd|Sindhi
+si|Sinhala, Sinhalese
+sk|Slovak
+sl|Slovenian
+sq|Albanian
+sr|Serbian
+sv|Swedish
+sw|Swahili
+ta|Tamil
+te|Telugu
+tg|Tajik
+th|Thai
+tl|Tagalog
+tr|Turkish
+tt|Tatar
+ug|Uighur, Uyghur
+uk|Ukrainian
+ur|Urdu
+uz|Uzbek
+vi|Vietnamese
+yi|Yiddish
+zh|Chinese
+
 ## Prebuilt API reference
 
-Visit the [full prebuilt API samples](https://github.com/Azure/azure-rest-api-specs/blob/main/specification/cognitiveservices/data-plane/Language/stable/2021-10-01/examples/questionanswering/SuccessfulQueryText.json) documentation to understand the input and output parameters required for calling the API.
+Visit the [full prebuilt API samples](https://github.com/Azure/azure-rest-api-specs/blob/main/specification/cognitiveservices/data-plane/Language/stable/2021-10-01/examples/questionanswering/SuccessfulQueryText.json) documentation to understand the input and output parameters required for calling the API.

articles/cognitive-services/language-service/question-answering/includes/sdk-csharp.md

@@ -26,6 +26,7 @@ Use this quickstart for the question answering client library for .NET to:
 * The [Visual Studio IDE](https://visualstudio.microsoft.com/vs/) or current version of [.NET Core](https://dotnet.microsoft.com/download/dotnet-core).
 * Question answering, requires a [Language resource](https://portal.azure.com/?quickstart=true#create/Microsoft.CognitiveServicesTextAnalytics) with the custom question answering feature enabled to generate an API key and endpoint. <!--TODO: Change link-->
     * After your Language resource deploys, select **Go to resource**. You will need the key and endpoint from the resource you create to connect to the API. Paste your key and endpoint into the code below later in the quickstart.
+* To create a Language resource with [Azure CLI](/articles/cognitive-services/cognitive-services-apis-create-account-cli.md) provide the following additional properties during resource creation configure Custom Question Answering  with your Language resource `--api-properties qnaAzureSearchEndpointId=/subscriptions/<azure-subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.Search/searchServices/<azure-search-service-name> qnaAzureSearchEndpointKey=<azure-search-service-auth-key>`
 * An existing knowledge base to query. If you have not setup a knowledge base, you can follow the instructions in the [**Language Studio quickstart**](../quickstart/sdk.md). Or add a knowledge base that uses this [Surface User Guide URL](https://download.microsoft.com/download/7/B/1/7B10C82E-F520-4080-8516-5CF0D803EEE0/surface-book-user-guide-EN.pdf) as a data source.
 
 ## Setting up