Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into liveResizeGA

Author: roygara

articles/active-directory/governance/entitlement-management-access-package-auto-assignment-policy.md

@@ -28,6 +28,10 @@ During this preview, you can have at most one automatic assignment policy in an
 
 This article describes how to create an access package automatic assignment policy for an existing access package.
 
+## Before you begin
+
+You'll need to have attributes populated on the users who will be in scope for being assigned access.  The attributes you can use in the rules criteria of an access package assignment policy are those attributes listed in [supported properties](../enterprise-users/groups-dynamic-membership.md#supported-properties), along with [extension attributes and custom extension properties](../enterprise-users/groups-dynamic-membership.md#extension-properties-and-custom-extension-properties).  These attributes can be brought into Azure AD from [Graph](/graph/api/resources/user?view=graph-rest-beta), an HR system such as [SuccessFactors](../app-provisioning/sap-successfactors-integration-reference.md), [Azure AD Connect cloud sync](../cloud-sync/how-to-attribute-mapping.md) or [Azure AD Connect sync](../hybrid/how-to-connect-sync-feature-directory-extensions.md).
+
 ## Create an automatic assignment policy (Preview)
 
 To create a policy for an access package, you need to start from the access package's policy tab. Follow these steps to create a new policy for an access package.
@@ -45,7 +49,7 @@ To create a policy for an access package, you need to start from the access pack
 1. Provide a dynamic membership rule, using the [membership rule builder](../enterprise-users/groups-dynamic-membership.md) or by clicking **Edit** on the rule syntax text box.
 
    > [!NOTE]
-   > The rule builder might not be able to display some rules constructed in the text box. For more information, see [rule builder in the Azure portal](/enterprise-users/groups-create-rule.md#rule-builder-in-the-azure-portal).
+   > The rule builder might not be able to display some rules constructed in the text box, and validating a rule currently requires the you to be in the Global administrator role. For more information, see [rule builder in the Azure portal](/enterprise-users/groups-create-rule.md#rule-builder-in-the-azure-portal).
 
     ![Screenshot of an access package automatic assignment policy rule configuration.](./media/entitlement-management-access-package-auto-assignment-policy/auto-assignment-rule-configuration.png)
 

articles/active-directory/privileged-identity-management/groups-role-settings.md

@@ -29,6 +29,8 @@ Follow these steps to open the settings for an Azure privileged access group rol
 1. Open **Azure AD Privileged Identity Management**.
 
 1. Select **Privileged access (Preview)**.
+    >[!NOTE]
+    > Approver doesn't have to be member of the group, owner of the group or have Azure AD role assigned.
 
 1. Select the group that you want to manage.
 

articles/active-directory/privileged-identity-management/pim-resource-roles-configure-role-settings.md

@@ -30,6 +30,8 @@ Follow these steps to open the settings for an Azure resource role.
 1. Open **Azure AD Privileged Identity Management**.
 
 1. Select **Azure resources**.
+    >[!NOTE]
+    > Approver doesn't have to have any Azure or Azure AD role assigned.
 
 1. Select the resource you want to manage, such as a subscription or management group.
 

articles/advisor/advisor-performance-recommendations.md

@@ -48,7 +48,7 @@ Azure Premium Storage delivers high-performance, low-latency disk support for vi
 
 ## Remove data skew on your Azure Synapse Analytics tables to increase query performance
 
-Data skew can cause unnecessary data movement or resource bottlenecks when you run your workload. Advisor detects distribution data skew of greater than 15%. It recommends that you redistribute your data and revisit your table distribution key selections. To learn more about identifying and removing skew, see [troubleshooting skew](../synapse-analytics/sql-data-warehouse/sql-data-warehouse-tables-distribute.md#how-to-tell-if-your-distribution-column-is-a-good-choice).
+Data skew can cause unnecessary data movement or resource bottlenecks when you run your workload. Advisor detects distribution data skew of greater than 15%. It recommends that you redistribute your data and revisit your table distribution key selections. To learn more about identifying and removing skew, see [troubleshooting skew](../synapse-analytics/sql-data-warehouse/sql-data-warehouse-tables-distribute.md#how-to-tell-if-your-distribution-is-a-good-choice).
 
 ## Create or update outdated table statistics in your Azure Synapse Analytics tables to increase query performance
 
@@ -186,7 +186,7 @@ Learn more about [Azure Communication Services](../communication-services/overvi
 
 1. Sign in to the [Azure portal](https://portal.azure.com), and then open [Advisor](https://aka.ms/azureadvisordashboard).
 
-2.	On the Advisor dashboard, select the **Performance** tab.
+2.    On the Advisor dashboard, select the **Performance** tab.
 
 ## Next steps
 

articles/api-management/api-management-transformation-policies.md

@@ -262,7 +262,7 @@ or
 ```
 
 > [!NOTE]
-> Backend entities can be managed via [Azure portal](how-to-configure-service-fabric-backend.md), management [API](/rest/api/apimanagement), and [PowerShell](https://www.powershellgallery.com/packages?q=apimanagement).
+> Backend entities can be managed via [Azure portal](how-to-configure-service-fabric-backend.md), management [API](/rest/api/apimanagement), and [PowerShell](https://www.powershellgallery.com/packages?q=apimanagement). Currently, if you define a base `set-backend-service` policy using the `backend-id` attribute and inherit the base policy using `<base />` within the scope, then it can be only overridden with a policy using the `backend-id` attribute, not the `base-url` attribute.
 
 ### Example
 
@@ -844,4 +844,4 @@ OriginalUrl.
 
 -   **Policy scopes:** all scopes
 
-[!INCLUDE [api-management-policy-ref-next-steps](../../includes/api-management-policy-ref-next-steps.md)]
+[!INCLUDE [api-management-policy-ref-next-steps](../../includes/api-management-policy-ref-next-steps.md)]

articles/app-service/networking/private-endpoint.md

@@ -4,7 +4,7 @@ description: Connect privately to a Web App using Azure Private Endpoint
 author: ericgre
 ms.assetid: 2dceac28-1ba6-4904-a15d-9e91d5ee162c
 ms.topic: article
-ms.date: 03/04/2022
+ms.date: 08/23/2022
 ms.author: ericg
 ms.service: app-service
 ms.workload: web
@@ -49,7 +49,6 @@ From a security perspective:
 - By default, when you enable Private Endpoints to your Web App, you disable all public access.
 - You can enable multiple Private Endpoints in others VNets and Subnets, including VNets in other regions.
 - The IP address of the Private Endpoint NIC must be dynamic, but will remain the same until you delete the Private Endpoint.
-- The NIC of the Private Endpoint can't have an NSG associated.
 - The Subnet that hosts the Private Endpoint can have an NSG associated, but you must disable the network policies enforcement for the Private Endpoint: see [Disable network policies for private endpoints][disablesecuritype]. As a result, you can't filter by any NSG the access to your Private Endpoint.
 - By default, when you enable Private Endpoint to your Web App, the [access restrictions][accessrestrictions] configuration of the Web App isn't evaluated.
 - You can eliminate the data exfiltration risk from the VNet by removing all NSG rules where destination is tag Internet or Azure services. When you deploy a Private Endpoint for a Web App, you can only reach this specific Web App through the Private Endpoint. If you have another Web App, you must deploy another dedicated Private Endpoint for this other Web App.

articles/app-service/quickstart-python.md

@@ -2,7 +2,7 @@
 title: 'Quickstart: Deploy a Python (Django or Flask) web app to Azure'
 description: Get started with Azure App Service by deploying your first Python app to Azure App Service.
 ms.topic: quickstart
-ms.date: 03/22/2022
+ms.date: 08/23/2022
 author: mijacobs
 ms.author: mijacobs
 ms.devlang: python
@@ -17,6 +17,8 @@ To complete this quickstart, you need:
 1. An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?ref=microsoft.com&utm_source=microsoft.com&utm_medium=docs&utm_campaign=visualstudio).
 1. <a href="https://www.python.org/downloads/" target="_blank">Python 3.9 or higher</a> installed locally.
 
+>**Note**: This article contains current instructions on deploying a Python web app using Azure App Service. Python on Windows is no longer supported.
+
 ## 1 - Sample application
 
 This quickstart can be completed using either Flask or Django. A sample application in each framework is provided to help you follow along with this quickstart. Download or clone the sample application to your local workstation.

articles/azure-functions/functions-how-to-github-actions.md

@@ -6,7 +6,7 @@ ms.date: 10/07/2020
 ms.custom: "devx-track-csharp, devx-track-python, github-actions-azure"
 ---
 
-# Continuous delivery by using GitHub Action
+# Continuous delivery by using GitHub Actions
 
 Use [GitHub Actions](https://github.com/features/actions) to define a workflow to automatically build and deploy code to your function app in Azure Functions. 
 
@@ -210,7 +210,7 @@ jobs:
   build-and-deploy:
     runs-on: ubuntu-latest
     steps:
-    - name: 'Checkout GitHub Action'
+    - name: 'Checkout GitHub action'
       uses: actions/checkout@v2
 
     - name: Setup DotNet ${{ env.DOTNET_VERSION }} Environment
@@ -224,7 +224,7 @@ jobs:
         pushd './${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}'
         dotnet build --configuration Release --output ./output
         popd
-    - name: 'Run Azure Functions Action'
+    - name: 'Run Azure Functions action'
       uses: Azure/functions-action@v1
       with:
         app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }}
@@ -248,7 +248,7 @@ jobs:
   build-and-deploy:
     runs-on: windows-latest
     steps:
-    - name: 'Checkout GitHub Action'
+    - name: 'Checkout GitHub action'
       uses: actions/checkout@v2
 
     - name: Setup DotNet ${{ env.DOTNET_VERSION }} Environment
@@ -262,7 +262,7 @@ jobs:
         pushd './${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}'
         dotnet build --configuration Release --output ./output
         popd
-    - name: 'Run Azure Functions Action'
+    - name: 'Run Azure Functions action'
       uses: Azure/functions-action@v1
       with:
         app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }}
@@ -290,7 +290,7 @@ jobs:
   build-and-deploy:
     runs-on: ubuntu-latest
     steps:
-    - name: 'Checkout GitHub Action'
+    - name: 'Checkout GitHub action'
       uses: actions/checkout@v2
 
     - name: Setup Java Sdk ${{ env.JAVA_VERSION }}
@@ -305,7 +305,7 @@ jobs:
         mvn clean package
         mvn azure-functions:package
         popd
-    - name: 'Run Azure Functions Action'
+    - name: 'Run Azure Functions action'
       uses: Azure/functions-action@v1
       with:
         app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }}
@@ -331,7 +331,7 @@ jobs:
   build-and-deploy:
     runs-on: windows-latest
     steps:
-    - name: 'Checkout GitHub Action'
+    - name: 'Checkout GitHub action'
       uses: actions/checkout@v2
 
     - name: Setup Java Sdk ${{ env.JAVA_VERSION }}
@@ -346,7 +346,7 @@ jobs:
         mvn clean package
         mvn azure-functions:package
         popd
-    - name: 'Run Azure Functions Action'
+    - name: 'Run Azure Functions action'
       uses: Azure/functions-action@v1
       with:
         app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }}
@@ -373,7 +373,7 @@ jobs:
   build-and-deploy:
     runs-on: ubuntu-latest
     steps:
-    - name: 'Checkout GitHub Action'
+    - name: 'Checkout GitHub action'
       uses: actions/checkout@v2
 
     - name: Setup Node ${{ env.NODE_VERSION }} Environment
@@ -389,7 +389,7 @@ jobs:
         npm run build --if-present
         npm run test --if-present
         popd
-    - name: 'Run Azure Functions Action'
+    - name: 'Run Azure Functions action'
       uses: Azure/functions-action@v1
       with:
         app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }}
@@ -414,7 +414,7 @@ jobs:
   build-and-deploy:
     runs-on: windows-latest
     steps:
-    - name: 'Checkout GitHub Action'
+    - name: 'Checkout GitHub action'
       uses: actions/checkout@v2
 
     - name: Setup Node ${{ env.NODE_VERSION }} Environment
@@ -430,7 +430,7 @@ jobs:
         npm run build --if-present
         npm run test --if-present
         popd
-    - name: 'Run Azure Functions Action'
+    - name: 'Run Azure Functions action'
       uses: Azure/functions-action@v1
       with:
         app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }}
@@ -457,7 +457,7 @@ jobs:
   build-and-deploy:
     runs-on: ubuntu-latest
     steps:
-    - name: 'Checkout GitHub Action'
+    - name: 'Checkout GitHub action'
       uses: actions/checkout@v2
 
     - name: Setup Python ${{ env.PYTHON_VERSION }} Environment
@@ -472,7 +472,7 @@ jobs:
         python -m pip install --upgrade pip
         pip install -r requirements.txt --target=".python_packages/lib/site-packages"
         popd
-    - name: 'Run Azure Functions Action'
+    - name: 'Run Azure Functions action'
       uses: Azure/functions-action@v1
       with:
         app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }}

articles/azure-monitor/agents/agents-overview.md

@@ -201,9 +201,10 @@ The tables below provide a comparison of Azure Monitor Agent with the legacy the
 |		|	Event Hub	|		|		|	X	|
 |	**Services and features supported**	|		|		|		|		|
 |		|	Microsoft Sentinel 	|	X ([View scope](#supported-services-and-features))	|	X	|		|
-|		|	VM Insights	|		|	X (Public preview)	|		|
-|		|	Azure Automation	|		|	X	|		|
-|		|	Microsoft Defender for Cloud	|		|	X	|		|
+|		|	VM Insights	|	X (Public preview)	|	X	|		|
+|		|	Microsoft Defender for Cloud	|	X (Public preview)	|	X	|		|
+|		|	Update Management	|	X (Public preview, independent of monitoring agents)	|	X	|		|
+|		|	Change Tracking	|	|	X	|		|
 
 ### Linux agents
 
@@ -223,11 +224,11 @@ The tables below provide a comparison of Azure Monitor Agent with the legacy the
 |		|	Azure Storage	|		|		|	X	|		|
 |		|	Event Hub	|		|		|	X	|		|
 |	**Services and features supported**	|		|		|		|		|		|
-|		|	Microsoft Sentinel 	|	X ([View scope](#supported-services-and-features))	|	X	|		|		|
-|		|	VM Insights	|	X (Public preview)	|	X	|		|		|
-|		|	Container Insights	|	X (Public preview)	|	X	|		|		|
-|		|	Azure Automation	|		|	X	|		|		|
-|		|	Microsoft Defender for Cloud	|		|	X	|		|		|
+|		|	Microsoft Sentinel 	|	X ([View scope](#supported-services-and-features))	|	X	|		|
+|		|	VM Insights	|	X (Public preview)	|	X 	|		|
+|		|	Microsoft Defender for Cloud	|	X (Public preview)	|	X	|		|
+|		|	Update Management	|	X (Public preview, independent of monitoring agents)	|	X	|		|
+|		|	Change Tracking	|	|	X	|		|
 
 <sup>1</sup> To review other limitations of using Azure Monitor Metrics, see [quotas and limits](../essentials/metrics-custom-overview.md#quotas-and-limits). On Linux, using Azure Monitor Metrics as the only destination is supported in v.1.10.9.0 or higher.
 

articles/azure-monitor/app/export-telemetry.md

@@ -271,7 +271,9 @@ To migrate to diagnostic settings export:
 > [!CAUTION]
 > If you want to store diagnostic logs in a Log Analytics workspace, there are two things to consider to avoid seeing duplicate data in Application Insights:
 > * The destination can't be the same Log Analytics workspace that your Application Insights resource is based on.
-> * The Application Insights user can't have access to both the Application Insights resource and the workspace created for diagnostic logs. This can be done with [Azure role-based access control (Azure RBAC)](./resources-roles-access-control.md).
+> * The Application Insights user can't have access to both workspaces. This can be done by setting the Log Analytics [Access control mode](/azure/azure-monitor/logs/log-analytics-workspace-overview#permissions) to **Requires workspace permissions** and ensuring through [Azure role-based access control (Azure RBAC)](./resources-roles-access-control.md) that the user only has access to the Log Analytics workspace the Application Insights resource is based on.
+> 
+> These steps are necessary because Application Insights accesses telemetry across Application Insight resources (including Log Analytics workspaces) to provide complete end-to-end transaction operations and accurate application maps. Because diagnostic logs use the same table names, duplicate telemetry can be displayed if the user has access to multiple resources containing the same data.
 
 <!--Link references-->