Merge pull request #225282 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: huypub

articles/active-directory-b2c/azure-ad-b2c-global-identity-solutions.md

@@ -122,13 +122,15 @@ The approach you choose will be based on the number of applications you host and
 
 The performance advantage of using multiple tenants, in either the regional or funnel-based configuration, will be an improvement over using a single Azure AD B2C tenant for globally operating businesses.
 
-When using the funnel-based approach, although the funnel tenant will be located in one region, but serve users globally, performance improvements will be maintained.
+When using the funnel-based approach, the funnel tenant will be located in one specific region and serve users globally. Since the funnel tenants operation utilizes a global component of the Azure AD B2C service, it will maintain a consistant level of performance regardless of where users login from.
 
 ![Screenshot shows the Azure AD B2C architecture.](./media/azure-ad-b2c-global-identity-solutions/azure-ad-b2c-architecture.png)
 
-As shown in the diagram, the Azure AD B2C tenant in the funnel-based approach will only utilize the Policy Engine to perform the redirection to regional Azure AD B2C tenants. The Azure AD B2C Policy Engine component is globally distributed. Therefore, the funnel isn't constrained from a performance perspective, regardless of where the Azure AD B2C funnel tenant is provisioned. A performance loss is encountered due to the extra redirect between funnel and regional tenants in the funnel-based approach.
+As shown in the diagram above, the Azure AD B2C tenant in the funnel-based approach will only utilize the Policy Engine to perform the redirection to regional Azure AD B2C tenants. The Azure AD B2C Policy Engine component is globally distributed. Therefore, the funnel isn't constrained from a performance perspective, regardless of where the Azure AD B2C funnel tenant is provisioned. A performance loss is encountered due to the extra redirect between funnel and regional tenants in the funnel-based approach.
 
-The regional tenants will perform directory calls into the Directory Store, which is the regionalized component.
+In the regional-based approach, since each user is directed to their most local Azure AD B2C, performance is consistant for all users logging in.
+
+The regional tenants will perform directory calls into the Directory Store, which is the only regionalized component in both the funnel-based and regional-based architectures.
 
 Additional latency is only encountered when the user has performed an authentication in a different region from which they had signed-up in. This is because, calls will be made across regions to reach the Directory Store where their profile lives to complete their authentication.
 

articles/active-directory/develop/scenario-web-app-sign-user-app-configuration.md

@@ -218,7 +218,7 @@ The initialization code differences are platform dependant. For ASP.NET Core and
 
 # [ASP.NET Core](#tab/aspnetcore)
 
-In ASP.NET Core web apps (and web APIs), the application is protected because you have a `Authorize` attribute on the controllers or the controller actions. This attribute checks that the user is authenticated. Prior to the release of .NET 6, the code initializaation wis in the *Startup.cs* file.  New ASP.NET Core projects with .NET 6 no longer contain a *Startup.cs* file.  Taking its place is the *Program.cs* file.  The rest of this tutorial pertains to .NET 5 or lower.
+In ASP.NET Core web apps (and web APIs), the application is protected because you have a `Authorize` attribute on the controllers or the controller actions. This attribute checks that the user is authenticated. Prior to the release of .NET 6, the code initialization was in the *Startup.cs* file.  New ASP.NET Core projects with .NET 6 no longer contain a *Startup.cs* file.  Taking its place is the *Program.cs* file.  The rest of this tutorial pertains to .NET 5 or lower.
 
 > [!NOTE]
 > If you want to start directly with the new ASP.NET Core templates for Microsoft identity platform, that leverage Microsoft.Identity.Web, you can download a preview NuGet package containing project templates for .NET 5.0. Then, once installed, you can directly instantiate ASP.NET Core web applications (MVC or Blazor). See [Microsoft.Identity.Web web app project templates](https://aka.ms/ms-id-web/webapp-project-templates) for details. This is the simplest approach as it will do all the steps below for you.

articles/azure-arc/kubernetes/quickstart-connect-cluster.md

@@ -63,7 +63,7 @@ For a conceptual look at connecting clusters to Azure Arc, see [Azure Arc-enable
     ```
 
 * [Log in to Azure PowerShell](/powershell/azure/authenticate-azureps) using the identity (user or service principal) that you want to use for connecting your cluster to Azure Arc.
-  * The identity used needs to at least have 'Read' and 'Write' permissions on the Azure Arc-enabled Kubernetes resource type (`Microsoft.Kubernetes/connectedClusters`).
+  * The identity used needs to at least have 'Read' and 'Write' permissions on the Azure Arc-enabled Kubernetes resource type (`Microsoft.Kubernetes/connectedClusters`) and 'Read' permission on the resource group the Azure Arc Cluster is targeting.
   * The [Kubernetes Cluster - Azure Arc Onboarding built-in role](../../role-based-access-control/built-in-roles.md#kubernetes-cluster---azure-arc-onboarding) is useful for at-scale onboarding as it has the granular permissions required to only connect clusters to Azure Arc. This role doesn't have the permissions to update, delete, or modify any other clusters or other Azure resources.
 
 * An up-and-running Kubernetes cluster. If you don't have one, you can create a cluster using one of these options:

articles/azure-monitor/essentials/diagnostic-settings.md

@@ -205,15 +205,23 @@ After a few moments, the new setting appears in your list of settings for this r
 
 # [PowerShell](#tab/powershell)
 
-Use the [Set-AzDiagnosticSetting](/powershell/module/az.monitor/set-azdiagnosticsetting) cmdlet to create a diagnostic setting with [Azure PowerShell](../powershell-samples.md). See the documentation for this cmdlet for descriptions of its parameters.
+Use the [New-AzDiagnosticSetting](/powershell/module/az.monitor/new-azdiagnosticsetting?view=azps-9.1.0&preserve-view=true) cmdlet to create a diagnostic setting with [Azure PowerShell](../powershell-samples.md). See the documentation for this cmdlet for descriptions of its parameters.
 
 > [!IMPORTANT]
 > You can't use this method for an activity log. Instead, use [Create diagnostic setting in Azure Monitor by using an Azure Resource Manager template](./resource-manager-diagnostic-settings.md) to create a Resource Manager template and deploy it with PowerShell.
 
-The following example PowerShell cmdlet creates a diagnostic setting by using all three destinations.
+The following example PowerShell cmdlet creates a diagnostic setting for all logs and metrics for a key vault by using Log Analytics Workspace.
 
 ```powershell
-Set-AzDiagnosticSetting -Name KeyVault-Diagnostics -ResourceId /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myresourcegroup/providers/Microsoft.KeyVault/vaults/mykeyvault -Category AuditEvent -MetricCategory AllMetrics -Enabled $true -StorageAccountId /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myresourcegroup/providers/Microsoft.Storage/storageAccounts/mystorageaccount -WorkspaceId /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/oi-default-east-us/providers/microsoft.operationalinsights/workspaces/myworkspace  -EventHubAuthorizationRuleId /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myresourcegroup/providers/Microsoft.EventHub/namespaces/myeventhub/authorizationrules/RootManageSharedAccessKey
+$KV= Get-AzKeyVault -ResourceGroupName <resource group name> -VaultName <key vault name>
+$Law= Get-AzOperationalInsightsWorkspace -ResourceGroupName <resource group name> -Name <workspace name>  #LAW name is case sensitive
+
+$metric = @()
+$log = @()
+$metric += New-AzDiagnosticSettingMetricSettingsObject -Enabled $true -Category AllMetrics -RetentionPolicyDay 30 -RetentionPolicyEnabled $true
+$log += New-AzDiagnosticSettingLogSettingsObject -Enabled $true -CategoryGroup allLogs -RetentionPolicyDay 30 -RetentionPolicyEnabled $true
+$log += New-AzDiagnosticSettingLogSettingsObject -Enabled $true -CategoryGroup audit -RetentionPolicyDay 30 -RetentionPolicyEnabled $true
+New-AzDiagnosticSetting -Name 'KeyVault-Diagnostics' -ResourceId $KV.ResourceId -WorkspaceId $Law.ResourceId -Log $log -Metric $metric -Verbose
 ```
 
 # [CLI](#tab/cli)
@@ -301,4 +309,4 @@ Every effort is made to ensure all log data is sent correctly to your destinatio
 
 ## Next step
 
-[Read more about Azure platform logs](./platform-logs-overview.md)
+[Read more about Azure platform logs](./platform-logs-overview.md)

articles/backup/guidance-best-practices.md

@@ -367,7 +367,7 @@ You can configure such critical alerts and route them to any preferred notificat
 
 #### Automatic Retry of Failed Backup Jobs
 
-Many of the failure errors or the outage scenarios are transient in nature, and you can remediate by setting up the right Azure role-based access control (Azure RBAC) permissions3 or re-trigger the backup/restore job. As the solution to such failures is  simple, that you don’t need tp invest time waiting for an engineer to manually trigger the job or to assign the relevant permission. Therefore, the smarter way to handle this scenario is to automate the retry of the failed jobs. This will highly minimize the time taken to recover from failures. 
+Many of the failure errors or the outage scenarios are transient in nature, and you can remediate by setting up the right Azure role-based access control (Azure RBAC) permissions or re-trigger the backup/restore job. As the solution to such failures is  simple, that you don’t need to invest time waiting for an engineer to manually trigger the job or to assign the relevant permission. Therefore, the smarter way to handle this scenario is to automate the retry of the failed jobs. This will highly minimize the time taken to recover from failures. 
 You can achieve this by retrieving relevant backup data via Azure Resource Graph (ARG) and combine it with corrective [PowerShell/CLI procedure](/azure/architecture/framework/resiliency/auto-retry). 
 
 Watch the following video to learn how to re-trigger backup for all failed jobs (across vaults, subscriptions, tenants) using ARG and PowerShell.

articles/hdinsight/hdinsight-40-component-versioning.md

@@ -28,7 +28,7 @@ The Open-source component versions associated with HDInsight 4.0 are listed in t
 | Apache Phoenix         | 5             |
 | Apache Spark           | 2.4.4         |
 | Apache Livy            | 0.5           |
-| Apache Kafka           | 2.1.1, 2.4.1  |
+| Apache Kafka           | 2.1.1         |
 | Apache Ambari          | 2.7.0         |
 | Apache Zeppelin        | 0.8.0         |
 

articles/hdinsight/hdinsight-50-component-versioning.md

@@ -16,21 +16,21 @@ Starting June 1, 2022, we have started rolling out a new version of HDInsight 5.
 
 The Open-source component versions associated with HDInsight 5.0 are listed in the following table.
 
-| Component              | HDInsight 5.0 | HDInsight 4.0 |
-|------------------------|---------------| --------------|
-|Apache Spark | 3.1.2 | 2.4.4|
-|Apache Hive | 3.1.2 | 3.1.2 |
-|Apache Kafka | - |2.1.1 and 2.4.1|
-|Apache Hadoop |3.1.1 | 3.1.1 |
-|Apache Tez |0.9.1 | 0.9.1 |
-|Apache Pig	| 0.16.1 | 0.16.1 |
-|Apache Ranger | 1.1.0 | 1.1.0 |
-|Apache Sqoop | 1.5.0 | 1.5.0 |
-|Apache Oozie | 4.3.1 | 4.3.1 |
-|Apache Zookeeper | 3.4.6 | 3.4.6 |
-|Apache Livy | 0.5 | 0.5 |
-|Apache Ambari | 2.7.0 | 2.7.0 |
-|Apache Zeppelin | 0.8.0 | 0.8.0 |
+| Component        | HDInsight 5.0 | HDInsight 4.0 |
+|------------------|---------------|---------------|
+| Apache Spark     | 3.1.2         | 2.4.4         |
+| Apache Hive      | 3.1.2         | 3.1.2         |
+| Apache Kafka     | 2.4.1         | 2.1.1         |
+| Apache Hadoop    | 3.1.1         | 3.1.1         |
+| Apache Tez       | 0.9.1         | 0.9.1         |
+| Apache Pig       | 0.16.1        | 0.16.1        |
+| Apache Ranger    | 1.1.0         | 1.1.0         |
+| Apache Sqoop     | 1.5.0         | 1.5.0         |
+| Apache Oozie     | 4.3.1         | 4.3.1         |
+| Apache Zookeeper | 3.4.6         | 3.4.6         |
+| Apache Livy      | 0.5           | 0.5           |
+| Apache Ambari    | 2.7.0         | 2.7.0         |
+| Apache Zeppelin  | 0.8.0         | 0.8.0         |
 
 This table lists certain HDInsight 4.0 cluster types that have retired or will be retired soon.
 
@@ -44,8 +44,8 @@ This table lists certain HDInsight 4.0 cluster types that have retired or will b
 
 > [!NOTE]
 > * If you are using Azure User Interface to create a Spark Cluster for HDInsight, you will see from the dropdown list an additional version Spark 3.1.(HDI 5.0) along with the older versions. This version is a renamed version of Spark 3.1.(HDI 4.0) and it is backward compatible.  
-> * This is only an UI level change, which doesn’t impact anything for the existing users and users who are already using the ARM template to build their clusters.
-> * For backward compatibility, ARM supports creating Spark 3.1 with HDI 4.0 and 5.0 versions which maps to same versions Sspark 3.1 (HDI 5.0)
+> * This is only a UI level change, which doesn’t impact anything for the existing users and users who are already using the ARM template to build their clusters.
+> * For backward compatibility, ARM supports creating Spark 3.1 with HDI 4.0 and 5.0 versions which maps to same versions Spark 3.1 (HDI 5.0)
 > * Spark 3.1 (HDI 5.0) cluster comes with HWC 2.0 which works well together with Interactive Query (HDI 5.0) cluster.
 
 ## Interactive Query
@@ -61,11 +61,11 @@ you need to select this version Interactive Query 3.1 (HDI 5.0).
 
 ## Kafka 
 
-**Known Issue –** Current ARM template supports only 4.0 even though it shows 5.0 image in portal Cluster creation may fail with the following error message if you select version 5.0 in the UI.
+Current ARM template supports HDI 5.0 for Kafka 2.4.1
 
-`HDI Version'5.0" is not supported for clusterType ''Kafka" and component Version ‘2.4'.,Cluster component version is not applicable for HDI version: 5.0 cluster type: KAFKA (Code: BadRequest)`
+`HDI Version '5.0' is supported for clusterType "Kafka" and component Version '2.4'.`
 
-We're working on this issue, and a fix will be rolled out shortly.
+We have fixed the arm templated issue.
 
 ### Upcoming version upgrades. 
 HDInsight team is working on upgrading other open-source components.

articles/hdinsight/hdinsight-apache-kafka-spark-structured-streaming.md

@@ -82,15 +82,15 @@ kafkaStreamDF.select(from_json(col("value").cast("string"), schema) as "trip")
 
 In both snippets, data is read from Kafka and written to file. The differences between the examples are:
 
-| Batch | Streaming |
-| --- | --- |
-| `read` | `readStream` |
+| Batch   | Streaming     |
+|---------|---------------|
+| `read`  | `readStream`  |
 | `write` | `writeStream` |
-| `save` | `start` |
+| `save`  | `start`       |
 
 The streaming operation also uses `awaitTermination(30000)`, which stops the stream after 30,000 ms.
 
-To use Structured Streaming with Kafka, your project must have a dependency on the `org.apache.spark : spark-sql-kafka-0-10_2.11` package. The version of this package should match the version of Spark on HDInsight. For Spark 2.2.0 (available in HDInsight 3.6), you can find the dependency information for different project types at [https://search.maven.org/#artifactdetails%7Corg.apache.spark%7Cspark-sql-kafka-0-10_2.11%7C2.2.0%7Cjar](https://search.maven.org/#artifactdetails%7Corg.apache.spark%7Cspark-sql-kafka-0-10_2.11%7C2.2.0%7Cjar).
+To use Structured Streaming with Kafka, your project must have a dependency on the `org.apache.spark : spark-sql-kafka-0-10_2.11` package. The version of this package should match the version of Spark on HDInsight. For Spark 2.4 (available in HDInsight 4.0), you can find the dependency information for different project types at [https://search.maven.org/#artifactdetails%7Corg.apache.spark%7Cspark-sql-kafka-0-10_2.11%7C2.2.0%7Cjar](https://search.maven.org/#artifactdetails%7Corg.apache.spark%7Cspark-sql-kafka-0-10_2.11%7C2.2.0%7Cjar).
 
 For the Jupyter Notebook used with this tutorial, the following cell loads this package dependency:
 
@@ -125,26 +125,26 @@ To create an Azure Virtual Network, and then create the Kafka and Spark clusters
 
     This template creates the following resources:
 
-   * A Kafka on HDInsight 3.6 cluster.
-   * A Spark 2.2.0 on HDInsight 3.6 cluster.
+   * A Kafka on HDInsight 4.0 or 5.0 cluster.
+   * A Spark 2.4 or 3.1 on HDInsight 4.0 or 5.0 cluster.
    * An Azure Virtual Network, which contains the HDInsight clusters.
 
      > [!IMPORTANT]  
-     > The structured streaming notebook used in this tutorial requires Spark 2.2.0 on HDInsight 3.6. If you use an earlier version of Spark on HDInsight, you receive errors when using the notebook.
+     > The structured streaming notebook used in this tutorial requires Spark 2.4 or 3.1 on HDInsight 4.0 or 5.0. If you use an earlier version of Spark on HDInsight, you receive errors when using the notebook.
 
 2. Use the following information to populate the entries on the **Customized template** section:
 
-    | Setting | Value |
-    | --- | --- |
-    | Subscription | Your Azure subscription |
-    | Resource group | The resource group that contains the resources. |
-    | Location | The Azure region that the resources are created in. |
-    | Spark Cluster Name | The name of the Spark cluster. The first six characters must be different than the Kafka cluster name. |
-    | Kafka Cluster Name | The name of the Kafka cluster. The first six characters must be different than the Spark cluster name. |
-    | Cluster Login User Name | The admin user name for the clusters. |
-    | Cluster Login Password | The admin user password for the clusters. |
-    | SSH User Name | The SSH user to create for the clusters. |
-    | SSH Password | The password for the SSH user. |
+    | Setting                 | Value                                                                                                  |
+    |-------------------------| ------------------------------------------------------------------------------------------------------ |
+    | Subscription            | Your Azure subscription                                                                                |
+    | Resource group          | The resource group that contains the resources.                                                        |
+    | Location                | The Azure region that the resources are created in.                                                    |
+    | Spark Cluster Name      | The name of the Spark cluster. The first six characters must be different than the Kafka cluster name. |
+    | Kafka Cluster Name      | The name of the Kafka cluster. The first six characters must be different than the Spark cluster name. |
+    | Cluster Login User Name | The admin user name for the clusters.                                                                  |
+    | Cluster Login Password  | The admin user password for the clusters.                                                              |
+    | SSH User Name           | The SSH user to create for the clusters.                                                               |
+    | SSH Password            | The password for the SSH user.                                                                         |
 
     :::image type="content" source="./media/hdinsight-apache-kafka-spark-structured-streaming/spark-kafka-template.png" alt-text="Screenshot of the customized template":::
 

articles/hdinsight/kafka/apache-kafka-get-started.md

@@ -89,7 +89,7 @@ To create an Apache Kafka cluster on HDInsight, use the following steps:
 
 1. Review the configuration for the cluster. Change any settings that are incorrect. Finally, select **Create** to create the cluster.
 
-    :::image type="content" source="./media/apache-kafka-get-started/azure-hdinsight-40-portal-cluster-review-create-kafka.png" alt-text="Screenshot showing kafka cluster configuration summary for HDI version 4.0." border="true":::
+    :::image type="content" source="./media/apache-kafka-get-started/azure-hdinsight-50-portal-cluster-review-create-kafka.png" alt-text="Screenshot showing kafka cluster configuration summary for HDI version 5.0." border="true":::
 
 
     It can take up to 20 minutes to create the cluster.