Merge branch 'MicrosoftDocs:main' into main

Author: v-shnarang

articles/backup/soft-delete-azure-backup-faq.yml

@@ -4,16 +4,16 @@ metadata:
   description: Answers to common questions about the security feature - soft delete.
   ms.topic: faq
   ms.service: azure-backup
-  ms.date: 01/05/2024
+  ms.date: 01/31/2025
   author: jyothisuri
   ms.author: jsuri
 
 title: Frequently asked questions - Soft delete
-summary: This article answers common questions about soft delete.
+summary: This article answers common questions about soft delete on vaults to perform backup operations.
 
 
 sections:
-  - name: Manage soft delete
+  - name: Commonly asked questions
     questions:
       - question: |
           Do I need to enable the soft delete feature on every vault?

articles/frontdoor/private-link.md

@@ -31,6 +31,40 @@ Once your request is approved, a private IP address gets assigned from the Azure
 
 :::image type="content" source="./media/private-link/enable-private-endpoint.png" alt-text="Screenshot of enable Private Link service checkbox from origin configuration page.":::
 
+## Supported origins
+
+Origin support for direct private endpoint connectivity is currently limited to:
+* Blob Storage
+* Web App
+* Internal load balancers, or any services that expose internal load balancers such as Azure Kubernetes Service, Azure Container Apps or Azure Red Hat OpenShift
+* Storage Static Website
+* Application Gateway (Public Preview. Don't use in production environments)
+* API Management (Public Preview. Don't use in production environments)
+* Azure Container Apps (Public Preview. Don't use in production environments)
+
+> [!NOTE]
+> * This feature isn't supported with Azure App Service Slots or Functions.
+
+## Region availability
+
+Azure Front Door private link is available in the following regions:
+
+| Americas | Europe | Africa | Asia Pacific |
+|--|--|--|--|
+| Brazil South | France Central | South Africa North | Australia East |
+| Canada Central | Germany West Central | | Central India |
+| Central US | North Europe | | Japan East |
+| East US | Norway East | | Korea Central |
+| East US 2 | UK South | | East Asia |
+| South Central US | West Europe | | South East Asia |
+| West US 2 | Sweden Central | | |
+| West US 3 | | | |
+| US Gov Arizona | | | |
+| US Gov Texas | | | |
+| US Gov Virginia | | | |
+
+The Azure Front Door Private Link feature is region agnostic but for the best latency, you should always pick an Azure region closest to your origin when choosing to enable Azure Front Door Private Link endpoint. If your origin's region is not supported in the list of regions AFD Private Link supports, pick the next nearest region. You can use [Azure network round-trip latency statistics](../networking/azure-network-latency.md) to determine the next nearest region in terms of latency.
+
 ## Association of a private endpoint with an Azure Front Door profile
 
 ### Private endpoint creation
@@ -88,41 +122,6 @@ If AFD-Profile-1 gets deleted, then the PE1 private endpoint across all the orig
     * If AFD-Profile-4 gets deleted, only PE7 is removed.
     * If AFD-Profile-5 gets deleted, only PE8 is removed.
 
-## Region availability
-
-Azure Front Door private link is available in the following regions:
-
-| Americas | Europe | Africa | Asia Pacific |
-|--|--|--|--|
-| Brazil South | France Central | South Africa North | Australia East |
-| Canada Central | Germany West Central | | Central India |
-| Central US | North Europe | | Japan East |
-| East US | Norway East | | Korea Central |
-| East US 2 | UK South | | East Asia |
-| South Central US | West Europe | | South East Asia |
-| West US 2 | Sweden Central | | |
-| West US 3 | | | |
-| US Gov Arizona | | | |
-| US Gov Texas | | | |
-| US Gov Virginia | | | |
-
-
-## Limitations
-
-Origin support for direct private endpoint connectivity is currently limited to:
-* Blob Storage
-* Web App
-* Internal load balancers, or any services that expose internal load balancers such as Azure Kubernetes Service, Azure Container Apps or Azure Red Hat OpenShift
-* Storage Static Website
-* Application Gateway (Public Preview. Don't use in production environments)
-* API Management (Public Preview. Don't use in production environments)
-* Azure Container Apps (Public Preview. Don't use in production environments)
-
-> [!NOTE]
-> * This feature isn't supported with Azure App Service Slots or Functions.
-
-The Azure Front Door Private Link feature is region agnostic but for the best latency, you should always pick an Azure region closest to your origin when choosing to enable Azure Front Door Private Link endpoint. If your origin's region is not supported in the list of regions AFD Private Link supports, pick the next nearest region. You can use [Azure network round-trip latency statistics](../networking/azure-network-latency.md) to determine the next nearest region in terms of latency.
-
 ## Next steps
 
 * Learn how to [connect Azure Front Door Premium to a Web App origin with Private Link](standard-premium/how-to-enable-private-link-web-app.md).

articles/iot/tutorial-iot-industrial-solution-architecture.md

@@ -271,7 +271,7 @@ To create an Azure Managed Grafana service, and configure it with permissions to
 
 1. To grant permission for the managed identity to access the ontologies database in Azure Data Explorer:
 
-    1. Navigate to the **Permissions** blade of the ontologies database in your Azure Data Explorer instance in the Azure portal.
+    1. Navigate to the **Permissions** blade in your Azure Data Explorer instance in the Azure portal.
     1. Select **Add > AllDatabasesViewer**.
     1. Search for and select the **Object (principal) ID** value, you made a note of previously.
 
@@ -299,7 +299,17 @@ Now you're ready to import the sample dashboard.
 
 1. Select **Upload dashboard JSON file** and select the *samplegrafanadashboard.json* file that you downloaded previously. Select **Import**.
 
-1. For each of the panels in the dashboard, select **Edit** and then select the **Data source** you setup previously.
+1. On the **OEE Station** panel, select **Edit** and then select the Azure Data Explorer **Data source** you setup previously. Then select **KQL** in the query panel and add the following query: `print round (CalculateOEEForStation('${Station}', '${Location}', '${CycleTime}', '${__from:date:iso}', '${__to:date:iso}') * 100, 2)`. Select **Apply** to apply your changes and go back to the dashboard.
+
+1. On the **OEE Line** panel, select **Edit** and then select the Azure Data Explorer **Data source** you setup previously. Then select **KQL** in the query panel and add the following query: `print round(CalculateOEEForLine('${Location}', '${CycleTime}', '${__from:date:iso}', '${__to:date:iso}') * 100, 2)`. Select **Apply** to apply your changes and go back to the dashboard.
+
+1. On the **Discarded products** panel, select **Edit** and then select the Azure Data Explorer **Data source** you setup previously. Then select **KQL** in the query panel and add the following query: `opcua_metadata_lkv| where Name contains '${Station}'| where Name contains '${Location}'| join kind=inner (opcua_telemetry| where Name == "NumberOfDiscardedProducts"| where Timestamp > todatetime('${__from:date:iso}') and Timestamp < todatetime('${__to:date:iso}')) on DataSetWriterID| extend numProd = toint(Value)| summarize max(numProd)`. Select **Apply** to apply your changes and go back to the dashboard.
+
+1. On the **Manufactured products** panel, select **Edit** and then select the Azure Data Explorer **Data source** you setup previously. Then select **KQL** in the query panel and add the following query: `opcua_metadata_lkv| where Name contains '${Station}'| where Name contains '${Location}'| join kind=inner (opcua_telemetry| where Name == "NumberOfManufacturedProducts"| where Timestamp > todatetime('${__from:date:iso}') and Timestamp < todatetime('${__to:date:iso}')) on DataSetWriterID| extend numProd = toint(Value)| summarize max(numProd)`. Select **Apply** to apply your changes and go back to the dashboard.
+
+1. On the **Energy Consumption** panel, select **Edit** and then select the Azure Data Explorer **Data source** you setup previously. Then select **KQL** in the query panel and add the following query: `opcua_metadata_lkv| where Name contains '${Station}'| where Name contains '${Location}'| join kind=inner (opcua_telemetry    | where Name == "Pressure"    | where Timestamp > todatetime('${__from:date:iso}') and Timestamp < todatetime('${__to:date:iso}')) on DataSetWriterID| extend energy = todouble(Value)| summarize avg(energy)); print round(toscalar(averageEnergyConsumption) * 1000, 2)`. Select **Apply** to apply your changes and go back to the dashboard.
+
+1. On the **Pressure** panel, select **Edit** and then select the Azure Data Explorer **Data source** you setup previously. Then select **KQL** in the query panel and add the following query: `opcua_metadata_lkv| where Name contains '${Station}'| where Name contains '${Location}'| join kind=inner (opcua_telemetry    | where Name == "Pressure"    | where Timestamp > todatetime('${__from:date:iso}') and Timestamp < todatetime('${__to:date:iso}')) on DataSetWriterID| extend NodeValue = toint(Value)| project Timestamp1, NodeValue`. Select **Apply** to apply your changes and go back to the dashboard.
 
 ### Configure alerts
 

articles/sentinel/TOC.yml

@@ -790,7 +790,7 @@
     href: connect-threat-intelligence-taxii.md
   - name: Add threat intelligence in bulk by file
     href: indicators-bulk-file-import.md
-  - name: Work with threat indicators
+  - name: Work with threat intelligence
     href: work-with-threat-indicators.md
   - name: Add entity to threat indicators
     href: add-entity-to-threat-intelligence.md

articles/sentinel/add-entity-to-threat-intelligence.md

@@ -19,7 +19,7 @@ During an investigation, you examine entities and their context as an important
 
 For example, you might discover an IP address that performs port scans across your network or functions as a command and control node by sending and/or receiving transmissions from large numbers of nodes in your network.
 
-With Microsoft Sentinel, you can flag these types of entities from within your incident investigation and add them to your threat intelligence. You can view the added indicators in **Logs** and **Threat Intelligence** and use them across your Microsoft Sentinel workspace.
+With Microsoft Sentinel, you can flag these types of entities from within your incident investigation and add them to your threat intelligence. You can view the added indicators by querying them or searching for them in the threat intelligence management interface and use them across your Microsoft Sentinel workspace.
 
 ## Add an entity to your threat intelligence
 
@@ -129,7 +129,7 @@ Whichever of the two interfaces you choose, you end up here.
 
 1. When all the fields are filled in to your satisfaction, select **Apply**. A message appears in the upper-right corner to confirm that your indicator was created.
 
-1. The entity is added as a threat indicator in your workspace. You can find it [in the list of indicators on the Threat intelligence page](work-with-threat-indicators.md#find-and-view-your-indicators-on-the-threat-intelligence-page). You can also find it [in the ThreatIntelligenceIndicators table in Logs](work-with-threat-indicators.md#find-and-view-your-indicators-in-logs).
+1. The entity is added as threat intelligence in your workspace. You can find it [in threat intelligence management interface](work-with-threat-indicators.md#view-your-threat-intelligence-in-the-management-interface). You can also query it [using the ThreatIntelligenceIndicators table](work-with-threat-indicators.md#find-and-view-your-indicators-with-queries).
 
 ## Related content
 

articles/sentinel/connect-mdti-data-connector.md

@@ -13,7 +13,7 @@ appliesto:
 ms.collection: usx-security
 
 
-#Customer intent: As a security administrator, I want to enable the data connector for Microsoft Defender Threat Intelligence so that I can ingest high fidelity indicators of compromise into my Microsoft Sentinel workspace for enhanced threat monitoring and response.
+#Customer intent: As a security administrator, I want to enable the data connector for Microsoft Defender Threat Intelligence so that I can ingest high fidelity threat intelligence into my Microsoft Sentinel workspace for enhanced threat monitoring and response.
 
 ---
 
@@ -23,7 +23,7 @@ Bring public, open-source and high-fidelity indicators of compromise (IOCs) gene
 
 > [!INCLUDE [unified-soc-preview-without-alert](includes/unified-soc-preview-without-alert.md)]
 
-For more information about the benefits of the standard and premium Defender Threat Intelligence data connectors, see [Understand threat intelligence](understand-threat-intelligence.md#add-threat-indicators-to-microsoft-sentinel-with-the-defender-threat-intelligence-data-connector).
+For more information about the benefits of the standard and premium Defender Threat Intelligence data connectors, see [Understand threat intelligence](understand-threat-intelligence.md#add-threat-intelligence-to-microsoft-sentinel-with-the-defender-threat-intelligence-data-connector).
 
 ## Prerequisites
 
@@ -35,7 +35,7 @@ For more information on how to get a premium license and explore all the differe
 
 ## Install the threat intelligence solution in Microsoft Sentinel
 
-To import threat indicators into Microsoft Sentinel from standard and premium Defender Threat Intelligence, follow these steps:
+To import threat intelligence into Microsoft Sentinel from standard and premium Defender Threat Intelligence, follow these steps:
 
 1. For Microsoft Sentinel in the [Azure portal](https://portal.azure.com), under **Content management**, select **Content hub**.
 
@@ -59,11 +59,11 @@ For more information about how to manage the solution components, see [Discover
 
     :::image type="content" source="media/connect-mdti-data-connector/premium-connect.png" alt-text="Screenshot that shows the Defender Threat Intelligence Data connector page and the Connect button." lightbox="media/connect-mdti-data-connector/premium-connect.png"::: 
 
-1. When Defender Threat Intelligence indicators start populating the Microsoft Sentinel workspace, the connector status displays **Connected**.
+1. When Defender Threat Intelligence starts populating the Microsoft Sentinel workspace, the connector status displays **Connected**.
 
-At this point, the ingested indicators are now available for use in the `TI map...` analytics rules. For more information, see [Use threat indicators in analytics rules](use-threat-indicators-in-analytics-rules.md). 
+At this point, the ingested intelligence is now available for use in the `TI map...` analytics rules. For more information, see [Use threat indicators in analytics rules](use-threat-indicators-in-analytics-rules.md). 
 
-Find the new indicators on the **Threat intelligence** pane or directly in **Logs** by querying the `ThreatIntelligenceIndicator` table. For more information, see [Work with threat indicators](work-with-threat-indicators.md).
+Find the new intelligence in the management interface or directly in **Logs** by querying the `ThreatIntelligenceIndicator` table. For more information, see [Work with threat intelligence](work-with-threat-indicators.md).
 
 ## Related content
 

articles/sentinel/connect-threat-intelligence-upload-api.md

@@ -20,7 +20,7 @@ Many organizations use threat intelligence platform (TIP) solutions to aggregate
 
 The upload API ingests threat intelligence into Microsoft Sentinel without the need for a data connector. This article describes what you need to connect. For more information on the API details, see the reference document [Microsoft Sentinel upload API](stix-objects-api.md).
 
-:::image type="content" source="media/connect-threat-intelligence-upload-api/threat-intel-stix-objects-api.png" alt-text="Screenshot that shows the threat intelligence import path.":::
+:::image type="content" source="media/connect-threat-intelligence-upload-api/threat-intel-upload-api.png" alt-text="Screenshot that shows the threat intelligence import path.":::
 
 For more information about threat intelligence, see [Threat intelligence](understand-threat-intelligence.md).
 

articles/sentinel/indicators-bulk-file-import.md

@@ -69,7 +69,7 @@ The templates provide all the fields you need to create a single valid indicator
 
 1. Drag your bulk threat intelligence file to the **Upload a file** section, or browse for the file by using the link.
 
-1. Enter a source for the threat intelligence in the **Source** text box. This value is stamped on all the indicators included in that file. View this property as the `SourceSystem` field. The source is also displayed in the **Manage file imports** pane. For more information, see [Work with threat indicators](work-with-threat-indicators.md#find-and-view-your-indicators-in-logs). 
+1. Enter a source for the threat intelligence in the **Source** text box. This value is stamped on all the indicators included in that file. View this property as the `SourceSystem` field. The source is also displayed in the **Manage file imports** pane. For more information, see [Work with threat indicators](work-with-threat-indicators.md#find-and-view-your-indicators-with-queries). 
 
 1. Choose how you want Microsoft Sentinel to handle invalid entries by selecting one of the buttons at the bottom of the **Import using a file** pane:
 
@@ -153,7 +153,7 @@ Here's an example `ipv4-addr` indicator and `attack-pattern` using the JSON file
       "name": "Sample IPv4 indicator",
       "description": "This indicator implements an observation expression.",
       "indicator_types": [
-	    "anonymization",
+        "anonymization",
         "malicious-activity"
       ],
       "kill_chain_phases": [