Merge pull request #220506 from MicrosoftDocs/repo_sync_working_branch

huypub · web-flow · commit fa2f5c7d72f2 · 2022-12-06T09:49:18.000-08:00
Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)
diff --git a/articles/active-directory/conditional-access/workload-identity.md b/articles/active-directory/conditional-access/workload-identity.md
@@ -17,7 +17,7 @@ ms.collection: M365-identity-device-management
 ---
 # Conditional Access for workload identities 
 
-Conditional Access policies have histroically applied only to users when they access apps and services like SharePoint online or the Azure portal. We are now extending support for Conditional Access policies to be applied to service principals owned by the organization. We call this capability  Conditional Access for workload identities. 
+Conditional Access policies have historically applied only to users when they access apps and services like SharePoint online or the Azure portal. We are now extending support for Conditional Access policies to be applied to service principals owned by the organization. We call this capability  Conditional Access for workload identities. 
 
 A [workload identity](../develop/workload-identities-overview.md) is an identity that allows an application or service principal access to resources, sometimes in the context of a user. These workload identities differ from traditional user accounts as they:
 
diff --git a/articles/azure-functions/configure-monitoring.md b/articles/azure-functions/configure-monitoring.md
@@ -416,7 +416,7 @@ To configure these values at App settings level (and avoid redeployment on just
 | Host.json path | App setting |
 |----------------|-------------|
 | logging.logLevel.default  | AzureFunctionsJobHost__logging__logLevel__default  |
-| logging.logLevel.Host.Aggregator | AzureFunctionsJobHost__logging__logLevel__Host__Aggregator |
+| logging.logLevel.Host.Aggregator | AzureFunctionsJobHost__logging__logLevel__Host.Aggregator |
 | logging.logLevel.Function | AzureFunctionsJobHost__logging__logLevel__Function |
 | logging.logLevel.Function.Function1 | AzureFunctionsJobHost__logging__logLevel__Function.Function1 |
 | logging.logLevel.Function.Function1.User | AzureFunctionsJobHost__logging__logLevel__Function.Function1.User |
diff --git a/articles/azure-functions/functions-develop-vs-code.md b/articles/azure-functions/functions-develop-vs-code.md
@@ -113,7 +113,7 @@ The Functions extension lets you create a function app project, along with your
 
     :::image type="content" source="./media/functions-develop-vs-code/create-function-auth.png" alt-text="Screenshot for creating function authorization.":::
 
-1. From the dropdown list, select **Add to workplace**.
+1. From the dropdown list, select **Add to workspace**.
 
     :::image type="content" source="./media/functions-develop-vs-code/add-to-workplace.png" alt-text=" Screenshot for selectIng Add to workplace.":::
 
diff --git a/articles/cosmos-db/introduction.md b/articles/cosmos-db/introduction.md
@@ -45,7 +45,7 @@ You can [Try Azure Cosmos DB for Free](https://azure.microsoft.com/try/cosmosdb/
 Gain unparalleled [SLA-backed](https://azure.microsoft.com/support/legal/sla/cosmos-db) speed and throughput, fast global access, and instant elasticity.
 
 - Real-time access with fast read and write latencies globally, and throughput and consistency all backed by [SLAs](https://azure.microsoft.com/support/legal/sla/cosmos-db)
-- Multi-region writes and data distribution to any Azure region with the just a button.
+- Multi-region writes and data distribution to any Azure region with just a button.
 - Independently and elastically scale storage and throughput across any Azure region – even during unpredictable traffic bursts – for unlimited scale worldwide.
 
 ### Simplified application development
diff --git a/articles/defender-for-cloud/attack-path-reference.md b/articles/defender-for-cloud/attack-path-reference.md
@@ -32,7 +32,7 @@ Prerequisite: For a list of prerequisites see the [Availability](how-to-manage-a
 | VM has high severity vulnerabilities and read permission to a Key Vault | Virtual machine '\[MachineName]' has high severity vulnerabilities \[RCE] and \[IdentityDescription] with read permission to Key Vault '\[KVName]' |
 | VM has high severity vulnerabilities and read permission to a data store | Virtual machine '\[MachineName]' has high severity vulnerabilities \[RCE] and \[IdentityDescription] with read permission to \[DatabaseType] '\[DatabaseName]' |
 
-### AWS VMs
+### AWS Instances
 
 Prerequisite: [Enable agentless scanning](enable-vulnerability-assessment-agentless.md).
 
@@ -43,7 +43,7 @@ Prerequisite: [Enable agentless scanning](enable-vulnerability-assessment-agentl
 | Internet exposed EC2 instance has high severity vulnerabilities and read permission to S3 bucket | Option 1 <br> AWS EC2 instance '\[MachineName]' is reachable from the internet, has high severity vulnerabilities\[RCE] and has IAM role attached with '\[Rolepermission]' permission via IAM policy to S3 bucket '\[BucketName]' <br> <br> Option 2 <br> AWS EC2 instance '\[MachineName]' is reachable from the internet, has high severity vulnerabilities\[RCE] and has IAM role attached with '\[S3permission]' permission via bucket policy to S3 bucket '\[BucketName]' <br> <br> Option 3 <br> AWS EC2 instance '\[MachineName]' is reachable from the internet, has high severity vulnerabilities\[RCE] and has IAM role attached with '\[Rolepermission]' permission via IAM policy and '\[S3permission]' permission via bucket policy to S3 bucket '\[BucketName]'|
 | Internet exposed EC2 instance has high severity vulnerabilities and read permission to a S3 bucket with sensitive data | Option 1 <br> AWS EC2 instance '\[MachineName]' is reachable from the internet, has high severity vulnerabilities\[RCE] and has IAM role attached with '\[Rolepermission]' permission via IAM policy to S3 bucket '\[BucketName]' containing sensitive data <br> <br> Option 2 <br> AWS EC2 instance '\[MachineName]' is reachable from the internet, has high severity vulnerabilities\[RCE] and has IAM role attached with '\[S3permission]' permission via bucket policy to S3 bucket '\[BucketName]' containing sensitive data <br> <br> Option 3 <br> AWS EC2 instance '\[MachineName]' is reachable from the internet, has high severity vulnerabilities\[RCE] and has IAM role attached with '\[Rolepermission]' permission via IAM policy and '\[S3permission] permission via bucket policy to S3 bucket '\[BucketName]' containing sensitive data <br><br> . For more details, you can learn how to [prioritize security actions by data sensitivity](./information-protection.md).  |
 | Internet exposed EC2 instance has high severity vulnerabilities and read permission to a KMS | Option 1 <br> AWS EC2 instance '\[MachineName]' is reachable from the internet, has high severity vulnerabilities\[RCE] and has IAM role attached with '\[Rolepermission]' permission via IAM policy to AWS Key Management Service (KMS) '\[KeyName]' <br> <br> Option 2 <br> AWS EC2 instance '\[MachineName]' is reachable from the internet, has vulnerabilities allowing remote code execution and has IAM role attached with '\[Keypermission]' permission via AWS Key Management Service (KMS) policy to key '\[KeyName]' <br> <br> Option 3 <br> AWS EC2 instance '\[MachineName]' is reachable from the internet, has vulnerabilities allowing remote code execution and has IAM role attached with '\[Rolepermission]' permission via IAM policy and '\[Keypermission] permission via AWS Key Management Service (KMS) policy to key '\[KeyName]' |
-| Internet exposed EC2 instance has high severity vulnerabilities | AWS EC2 instance '\[EC2Name]' is reachable from the internet and has high severity vulnerabilities\[RCE] |
+| Internet exposed EC2 instance has high severity vulnerabilities | AWS EC2 instance '\[EC2Name]' is reachable from the internet and has high severity vulnerabilities\[RCE] | EC2 instance with high severity vulnerabilities has high privileged permissions to an account | EC2 instance '\[EC2Name]' has high severity vulnerabilities\[RCE] and has '\[Permissions]' permissions to account '\[AccountName]' | EC2 instance with high severity vulnerabilities has read permissions to a data store | Option 1 <br> EC2 instance '\[MachineName]' has high severity vulnerabilities\[RCE] and has '\[Permissions]' permissions to database '\[DatabaseName]' <br> <br> Option 2 <br> EC2 instance '\[MachineName]' has high severity vulnerabilities\[RCE] and has IAM role attached which is granted with '\[RolePermissions]' permissions through IAM policy to S3 bucket '\[BucketName]' <br><br> Option 3 <br> EC2 instance '\[MachineName]' has high severity vulnerabilities\[RCE] and has IAM role attached which is granted with '\[Permissions]' permissions through bucket policy to S3 bucket '\[BucketName]' <br><br> Option 4 <br> EC2 instance '\[MachineName]' has high severity vulnerabilities\[RCE] and has IAM role attached which is granted with '\[RolePermissions]' permissions through IAM policy and '\[Permissions]' permissions through bucket policy to S3 bucket '\[BucketName]' | EC2 instance with high severity vulnerabilities has read permissions to a data store with sensitive data | Option 1 <br> EC2 instance '\[MachineName]' has high severity vulnerabilities\[RCE] and has IAM role attached which is granted with '\[RolePermissions]' permissions through IAM policy to S3 bucket '\[BucketName]' containing sensitive data <br><br> Option 2 <br> EC2 instance '\[MachineName]' has high severity vulnerabilities\[RCE] and has IAM role attached which is granted with '\[Permissions]' permissions through bucket policy to S3 bucket '\[BucketName]' containing sensitive data <br><br> Option 3 <br> EC2 instance '\[MachineName]' has high severity vulnerabilities\[RCE] and has IAM role attached which is granted with '\[RolePermissions]' permissions through IAM policy and '\[Permissions]' permissions through bucket policy to S3 bucket '\[BucketName]' containing sensitive data | EC2 instance with high severity vulnerabilities has read permissions to a KMS key | Option 1 <br> EC2 instance '\[MachineName]' has high severity vulnerabilities\[RCE] and has IAM role attached which is granted with '\[RolePermissions]' permissions through IAM policy to AWS Key Management Service (KMS) key '\[KeyName]' <br><br> option 2 <br> EC2 instance '\[MachineName]' has vulnerabilities allowing remote code execution and has IAM role attached which is granted with '\[KeyPermissions]' permissions through AWS Key Management Service (KMS) policy to key '\[KeyName]' <br><br> Option 3 <br> EC2 instance '\[MachineName]' has vulnerabilities allowing remote code execution and has IAM role attached which is granted with '\[RolePermissions]' permissions through IAM policy and '\[KeyPermissions]' permissions through AWS Key Management Service (KMS) policy to key '\[KeyName]' |
 
 ### Azure data
 
@@ -118,4 +118,4 @@ This section  lists all of the cloud security graph components (connections & in
 For related information, see the following:
 - [What are the cloud security graph, attack path analysis, and the cloud security explorer?](concept-attack-path.md)
 - [Identify and remediate attack paths](how-to-manage-attack-path.md)
-- [Cloud security explorer](how-to-manage-cloud-security-explorer.md)
+- [Cloud security explorer](how-to-manage-cloud-security-explorer.md)
diff --git a/articles/machine-learning/migrate-to-v2-execution-pipeline.md b/articles/machine-learning/migrate-to-v2-execution-pipeline.md
@@ -155,7 +155,7 @@ This article gives a comparison of scenario(s) in SDK v1 and SDK v2. In the foll
     cluster_name = "cpu-cluster"
     print(ml_client.compute.get(cluster_name))
     
-    # Import components that are defined with python function
+    # Import components that are defined with Python function
     with open("src/components.py") as fin:
         print(fin.read())
     
@@ -173,7 +173,7 @@ This article gives a comparison of scenario(s) in SDK v1 and SDK v2. In the foll
     # define a pipeline with component
     @pipeline(default_compute=cluster_name)
     def pipeline_with_python_function_components(input_data, test_data, learning_rate):
-        """E2E dummy train-score-eval pipeline with components defined via python function components"""
+        """E2E dummy train-score-eval pipeline with components defined via Python function components"""
     
         # Call component obj as function: apply given inputs & parameters to create a node in pipeline
         train_with_sample_data = train_model(
diff --git a/articles/private-link/tutorial-private-endpoint-storage-portal.md b/articles/private-link/tutorial-private-endpoint-storage-portal.md
@@ -36,7 +36,7 @@ Create a virtual network, subnet, and bastion host. The virtual network and subn
 
 The bastion host will be used to connect securely to the virtual machine for testing the private endpoint.
 
-1. In the search box at the top of the portal, enter **Virtual network**. Select **Virtual networks** in the search results.
+1. In the search box at the top of the portal, enter **Virtual network**. Select **Virtual network** in the search results.
 
 2. Select **+ Create**.
 
