Merge pull request #197480 from MicrosoftDocs/main

Merge master to live Sunday at 4 PM

Author: LJSpiller

articles/active-directory/fundamentals/custom-security-attributes-overview.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: fundamentals
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 03/28/2022
+ms.date: 05/09/2022
 ms.collection: M365-identity-device-management
 ---
 
@@ -149,8 +149,9 @@ Here are some of the limits and constraints for custom security attributes.
 > | Predefined values per attribute definition | 100 |  |
 > | Attribute value length | 64 | Unicode characters |
 > | Attribute values assigned per object | 50 | Values can be distributed across single and multi-valued attributes.<br/>Example: 5 attributes with 10 values each or 50 attributes with 1 value each |
-> | Characters not allowed for:<br/>Attribute set name<br/>Attribute name | ``<space> ` ~ ! @ # $ % ^ & * ( ) _ - + = { [ } ] \| \ : ; " ' < , > . ? /`` | Attribute set name and attribute name cannot start with a number |
-> | Characters not allowed for:<br/>Attribute values | `# % & * + \ : " / < > ?` |  |
+> | Special characters **not** allowed for:<br/>Attribute set name<br/>Attribute name | ``<space> ` ~ ! @ # $ % ^ & * ( ) _ - + = { [ } ] \| \ : ; " ' < , > . ? /`` | Attribute set name and attribute name cannot start with a number |
+> | Special characters allowed for attribute values | All special characters |  |
+> | Special characters allowed for attribute values when used with blob index tags | `<space> + - . : = _ /` | If you plan to use [attribute values with blob index tags](../../role-based-access-control/conditions-custom-security-attributes.md), these are the only special characters allowed for blob index tags. For more information, see [Setting blob index tags](../../storage/blobs/storage-manage-find-blobs.md#setting-blob-index-tags). |
 
 ## Custom security attribute roles
 

articles/active-directory/governance/TOC.yml

@@ -134,6 +134,8 @@
 
     - name: Groups and apps
       items:
+      - name: Prepare for an app access review
+        href: access-reviews-application-preparation.md
       - name: Create an access review
         href: create-access-review.md
       - name: Review access

articles/active-directory/governance/access-reviews-application-preparation.md

@@ -37,6 +37,8 @@ This article describes how to create one or more access reviews for group member
 
 For more information, see [License requirements](access-reviews-overview.md#license-requirements).
 
+If you are reviewing access to an application, then before creating the review, see the article on how to [prepare for an access review of users' access to an application](access-reviews-application-preparation.md) to ensure the application is integrated with Azure AD.
+
 ## Create a single-stage access review
 
 ### Scope

articles/active-directory/governance/create-access-review.md

@@ -319,7 +319,9 @@ To create access reviews for an application, set the **User assignment required?
 
  ![Screenshot that shows planning app assignments.](./media/deploy-access-review/6-plan-applications-assignment-required.png)
 
-Then [assign the users and groups](../manage-apps/assign-user-or-group-access-portal.md) that you want to have access.
+Then [assign the users and groups](../manage-apps/assign-user-or-group-access-portal.md) whose access you want to have reviewed.
+
+Read more about how to [prepare for an access review of users' access to an application](access-reviews-application-preparation.md).
 
 ### Reviewers for an application
 

articles/active-directory/governance/deploy-access-reviews.md

@@ -30,6 +30,8 @@ With Azure Active Directory (Azure AD), you can easily ensure that users have ap
 
 For more information, see [License requirements](access-reviews-overview.md#license-requirements).
 
+If you are reviewing access to an application, then before creating the review, see the article on how to [prepare for an access review of users' access to an application](access-reviews-application-preparation.md) to ensure the application is integrated with Azure AD.
+
 ## Create and perform an access review
 
 You can have one or more users as reviewers in an access review.  
@@ -38,7 +40,7 @@ You can have one or more users as reviewers in an access review.
 
 2. Decide whether to have each user review their own access or to have one or more users review everyone's access.
 
-3. In one of the following roles: a global administrator, user administrator, or (Preview) a M365 or AAD Security Group owner of the group to be reviewed, go to the [Identity Governance page](https://portal.azure.com/#blade/Microsoft_AAD_ERM/DashboardBlade/).
+3. In one of the following roles: a global administrator, user administrator, or (Preview) an owner of a Microsoft 365 group or Azure AD security group to be reviewed, go to the [Identity Governance page](https://portal.azure.com/#blade/Microsoft_AAD_ERM/DashboardBlade/).
 
 4. Create the access review. For more information, see [Create an access review of groups or applications](create-access-review.md).
 

articles/active-directory/governance/manage-user-access-with-access-reviews.md

@@ -61,6 +61,7 @@ The following Azure services support managed identities for Azure resources:
 | Azure Resource Mover            | [Move resources across regions (from resource group)](../../resource-mover/move-region-within-resource-group.md)
 | Azure Site Recovery             | [Replicate machines with private endpoints](../../site-recovery/azure-to-azure-how-to-enable-replication-private-endpoints.md#enable-the-managed-identity-for-the-vault)                                  |
 | Azure Search                    | [Set up an indexer connection to a data source using a managed identity](../../search/search-howto-managed-identities-data-sources.md)                                                                                            |
+| Azure Service Bus               | [Authenticate a managed identity with Azure Active Directory to access Azure Service Bus resources](../../service-bus-messaging/service-bus-managed-service-identity.md)                                                                                                        |
 | Azure Service Fabric            | [Using Managed identities for Azure with Service Fabric](../../service-fabric/concepts-managed-identity.md)                                                                                                        |
 | Azure SignalR Service           | [Managed identities for Azure SignalR Service](../../azure-signalr/howto-use-managed-identity.md)                                                                                                     |
 | Azure Spring Cloud              | [How to enable system-assigned managed identity for Azure Spring Cloud application](../../spring-cloud/how-to-enable-system-assigned-managed-identity.md) |

articles/active-directory/governance/media/access-reviews-application-preparation/app-integration-patterns-flowchart.png

@@ -1152,6 +1152,8 @@
           href: cassandra/lwt-cassandra-api.md
         - name: Cassandra API extensions overview
           href: cassandra/cassandra-driver-extensions.md
+        - name: Monitor and debug with insights in Cassandra API
+          href: cassandra/cassandra-monitor-insights.md
     - name: Reference
       items:
         - name: REST resource provider

articles/active-directory/managed-identities-azure-resources/managed-identities-status.md

@@ -0,0 +1,99 @@
+---
+title: Monitor and debug with insights in Azure Cosmos DB Cassandra API
+description: Learn how to debug and monitor your Azure Cosmos DB Cassandra API account using insights
+author: iriaosara
+ms.author: iriaosara
+ms.service: cosmos-db
+ms.subservice: cosmosdb-cassandra
+ms.topic: how-to
+ms.date: 05/02/2022
+ms.custom: template-how-to 
+---
+
+# Monitor and debug with insights in Azure Cosmos DB Cassandra API
+[!INCLUDE[appliesto-cassandra-api](../includes/appliesto-cassandra-api.md)]
+
+Azure Cosmos DB helps provide insights into your application’s performance using the Azure Monitor API.  Azure Monitor for Azure Cosmos DB provides metrics view to monitor your Cassandra API Account and create dashboards.
+
+This article walks through some common use cases  and how best to use Azure Cosmos DB insights to analyze and debug your Cassandra API account.
+> [!NOTE]
+> The Azure Cosmos DB metrics are collected by default, this feature does not require you to enable or configure anything.
+
+
+## Availability
+The availability shows the percentage of successful requests over the total requests per hour. Monitor service availability for a specified Cassandra API account. 
+
+:::image type="content" source="./media/cassandra-monitor-insights/service-availability-min.png" alt-text=" Screenshot for service availability for an Azure Cosmos DB Cassandra API account.":::
+
+
+## Latency
+These charts below show the read and write latency observed by your Cassandra API account in the region where your account is operating. You can visualize latency across regions for a geo-replicated account. This metric doesn't represent the end-to-end request latency. Use diagnostic log for cases where you experience high latency for query operations.
+
+The server side latency (Avg) by region also displays a sudden latency spike on the server. It can help a customer differentiate between a client side latency spike and a server-side latency spike.
+
+:::image type="content" source="./media/cassandra-monitor-insights/avg-server-side-latency-by-region.png" alt-text="Diagram showing the average server side latency by region.":::
+
+Also view server-side latency by different operations in a specific keyspace.
+
+:::image type="content" source="./media/cassandra-monitor-insights/avg-ss-latency-keyspace-operation.png" alt-text="Screenshot showing the average server side latency for a specific keyspace based on operation.":::
+
+
+:::image type="content" source="./media/cassandra-monitor-insights/avg-ss-latency-region-keyspace.png" alt-text="Screenshot showing the average server side latency by region and keyspace.":::
+
+
+Is your application experiencing any throttling? The chart below shows the total number of requests failed with a 429-response code. 
+Exceeding provisioned throughput could be one of the reasons. Enable [Server Side Retry](./prevent-rate-limiting-errors.md) when your application experiences high throttling due to higher consumption of request units than what is allocated.
+
+:::image type="content" source="./media/cassandra-monitor-insights/throttled-requests.png" alt-text="Screenshot of graph showing throttled request with a defined time frame.":::
+
+
+
+## System and management operations
+The system view helps show metadata requests count by primary partition. It also helps identify throttled requests. The management operation shows the account activities such as creation, deletion, key, network and replication settings. Request volume per status code over a time period.
+
+:::image type="content" source="./media/cassandra-monitor-insights/metadata-requests-status-code.png" alt-text="Screenshot showing request status code based on metadata.":::
+
+- Metric chart for account diagnostic, network and replication settings over a specified period and filtered based on a Keyspace.
+
+:::image type="content" source="./media/cassandra-monitor-insights/diagnostic-network-replication.png" alt-text="Screenshot of diagnostic network replication for a Cassandra API account.":::
+
+
+- Metric chart to view account key rotation.
+
+You can view changes to primary or secondary password for your Cassandra API account.
+
+:::image type="content" source="./media/cassandra-monitor-insights/cosmos-db-account-key.png" alt-text="Screenshot showing Cosmos DB rotation key for a Cassandra API account.":::
+
+
+## Storage
+Storage distribution for raw and index storage. Also a count of documents in the Cassandra API account.
+
+:::image type="content" source="./media/cassandra-monitor-insights/data-index-usage.png" alt-text="Diagram showing the document count within a Cassandra API account.":::
+
+Maximum request units consumption for an account over a defined time period.
+
+:::image type="content" source="./media/cassandra-monitor-insights/normalized-ru-consumption.png" alt-text="Diagram showing the maximum request unit consumption.":::
+
+
+## Throughput and requests
+The Total Request Units metric displays the requests unit   usage based on operation types. 
+
+These operations can be analyzed within a given time interval, defined keyspace or table.
+
+:::image type="content" source="./media/cassandra-monitor-insights/total-cassandra-requests.png" alt-text="Screenshot image of a graph showing the total Cassandra requests for an account.":::
+
+:::image type="content" source="./media/cassandra-monitor-insights/total-request-units.png" alt-text="Screenshot image of a graph showing the total request units for a Cassandra account.":::
+
+The Normalized RU Consumption metric is a metric between 0% to 100% that is used to help measure the utilization of provisioned throughput on a database or container. The metric can also be used to view the utilization of individual partition key ranges on a database or container. One of the main factors of a scalable application is having a good cardinality of partition keys.
+The chart below shows if your application’s high RU consumption is because of hot partition.
+
+:::image type="content" source="./media/cassandra-monitor-insights/normalized-ru-pk-rangeid.png" alt-text="Screenshot showing normalized request unit consumption by partition key range ID.":::
+
+The chart below shows a breakdown of requests by different status code. Understand the meaning of the different codes for your  [Cassandra API codes](./error-codes-solution.md).
+
+:::image type="content" source="./media/cassandra-monitor-insights/total-request-by-status-code.png" alt-text="Screenshot image of a graph showing the total request by status code for a cassandra api account.":::
+
+
+## Next steps
+- [Monitor and debug with insights in Azure Cosmos DB](../use-metrics.md)
+- [Create alerts for Azure Cosmos DB using Azure Monitor](../create-alerts.md)