Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into vnet-old-review

Author: asudbring

articles/active-directory/manage-apps/migrate-adfs-apps-to-azure.md

@@ -2096,7 +2096,7 @@ Users with this role have global read-only access on security-related feature, i
 In | Can do
 --- | ---
 [Microsoft 365 Defender portal](/microsoft-365/security/defender/microsoft-365-defender-portal) | View security-related policies across Microsoft 365 services<br>View security threats and alerts<br>View reports
-[Identity Protection](../identity-protection/overview-identity-protection.md) | Read all security reports and settings information for security features<br><ul><li>Anti-spam<li>Encryption<li>Data loss prevention<li>Anti-malware<li>Advanced threat protection<li>Anti-phishing<li>Mail flow rules
+[Identity Protection](../identity-protection/overview-identity-protection.md) | View all Identity Protection reports and Overview
 [Privileged Identity Management](../privileged-identity-management/pim-configure.md) | Has read-only access to all information surfaced in Azure AD Privileged Identity Management: Policies and reports for Azure AD role assignments and security reviews.<br>**Cannot** sign up for Azure AD Privileged Identity Management or make any changes to it. In the Privileged Identity Management portal or via PowerShell, someone in this role can activate additional roles (for example, Global Administrator or Privileged Role Administrator), if the user is eligible for them.
 [Microsoft Purview compliance portal](/microsoft-365/compliance/microsoft-365-compliance-center) | View security policies<br>View and investigate security threats<br>View reports
 [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/prepare-deployment) | View and investigate alerts<br/>When you turn on role-based access control in Microsoft Defender for Endpoint, users with read-only permissions such as the Security Reader role lose access until they are assigned a Microsoft Defender for Endpoint role.

articles/active-directory/roles/permissions-reference.md

@@ -396,7 +396,7 @@ spec:
 
 ### Create the ingress
 
-The Web Application Routing add-on creates an Ingress class on the cluster called `webapprouting.kubernetes.azure.com `. When you create an ingress object with this class, this activates the add-on. To obtain the certificate URI to use in the Ingress from Azure Key Vault, run the following command.
+The Web Application Routing add-on creates an Ingress class on the cluster called `webapprouting.kubernetes.azure.com `. When you create an ingress object with this class, this activates the add-on. The `kubernetes.azure.com/use-osm-mtls: "true"` annotation on the Ingress object creates an Open Service Mesh (OSM) [IngressBackend](https://release-v1-2.docs.openservicemesh.io/docs/guides/traffic_management/ingress/#ingressbackend-api) to configure a backend service to accept ingress traffic from trusted sources. OSM issues a certificate that Nginx will use as the client certificate to proxy HTTPS connections to TLS backends. The client certificate and CA certificate are stored in a Kubernetes secret that Nginx will use to authenticate service mesh backends. For more information, see [Open Service Mesh: Ingress with Kubernetes Nginx Ingress Controller](https://release-v1-2.docs.openservicemesh.io/docs/demos/ingress_k8s_nginx/). To obtain the certificate URI to use in the Ingress from Azure Key Vault, run the following command.
 
 ```azurecli-interactive
 az keyvault certificate show --vault-name <KeyVaultName> -n <KeyVaultCertificateName> --query "id" --output tsv
@@ -441,34 +441,6 @@ spec:
     secretName: keyvault-aks-helloworld
 ```
 
-### Create the ingress backend 
-
-Open Service Mesh (OSM) uses its [IngressBackend API](https://release-v1-2.docs.openservicemesh.io/docs/guides/traffic_management/ingress/#ingressbackend-api) to configure a backend service to accept ingress traffic from trusted sources. To proxy connections to HTTPS backends, you configure the Ingress and IngressBackend configurations to use https as the backend protocol. OSM issues a certificate that Nginx will use as the client certificate to proxy HTTPS connections to TLS backends. The client certificate and CA certificate are stored in a Kubernetes secret that Nginx will use to authenticate service mesh backends. For more information, see [Open Service Mesh: Ingress with Kubernetes Nginx Ingress Controller](https://release-v1-2.docs.openservicemesh.io/docs/demos/ingress_k8s_nginx/).
-
-Create a file named **ingressbackend.yaml** and copy in the following YAML.
-
-```yaml
-apiVersion: policy.openservicemesh.io/v1alpha1
-kind: IngressBackend
-metadata:
-  name: aks-helloworld
-  namespace: hello-web-app-routing
-spec:
-  backends:
-  - name: aks-helloworld
-    port:
-      number: 80
-      protocol: https
-    tls:
-      skipClientCertValidation: false
-  sources:
-  - kind: Service
-    name: nginx
-    namespace: app-routing-system
-  - kind: AuthenticatedPrincipal
-    name: ingress-nginx.ingress.cluster.local
-```
-
 ### Create the resources on the cluster
 
 Use the [kubectl apply][kubectl-apply] command to create the resources.

articles/aks/web-app-routing.md

@@ -178,6 +178,10 @@ You now have a Durable Functions app that can be run locally and deployed to Azu
 
 ::: zone pivot="python-mode-decorators" 
 
+> [!NOTE]
+> Using [Extension Bundles](../functions-bindings-register.md#extension-bundles) is not currently supported when trying out the Python V2 programming model with Durable Functions, so you will need to manage your extensions manually.
+> To do this, remove the `extensionBundle` section of your `host.json` as described [here](../functions-run-local.md#install-extensions) and run `func extensions install --package Microsoft.Azure.WebJobs.Extensions.DurableTask --version 2.9.1` on your terminal. This will install the Durable Functions extension for your app and will allow you to try out the new experience.
+
 To create a basic Durable Functions app using these 3 function types, replace the contents of `function_app.py` with the following Python code.
 
 ```Python

articles/azure-functions/durable/quickstart-python-vscode.md

@@ -36,22 +36,28 @@
     href: telemetry.md
 - name: Concepts
   items:
-  - name: Types of attacks
-    href: types-of-attacks.md
-  - name: Fundamental best practices
-    href: fundamental-best-practices.md
   - name: Azure DDoS Protection features
     href: ddos-protection-features.md
-  - name: Components of a DDoS response strategy
-    href: ddos-response-strategy.md
   - name: Reference architectures
     href: ddos-protection-reference-architectures.md
+  - name: Monitoring Azure DDoS Protection 
+    href: monitor-ddos-protection-reference.md
   - name: Business continuity
     href: ddos-disaster-recovery-guidance.md
+  - name: Fundamental best practices
+    href: fundamental-best-practices.md
+  - name: Components of a DDoS response strategy
+    href: ddos-response-strategy.md
   - name: Security baseline
     href: /security/benchmark/azure/baselines/azure-ddos-protection-security-baseline?toc=%2fazure%2fddos-protection%2ftoc.json?toc=/azure/ddos-protection/TOC.json
-  - name: Monitoring Azure DDoS Protection 
-    href: monitor-ddos-protection-reference.md
+  - name: Types of attacks
+    href: types-of-attacks.md
+  - name: Inline L7 DDoS protection with Gateway Load Balancer and partner NVAs
+    href: inline-protection-glb.md
+  - name: Onboard partners
+    href: ddos-protection-partner-onboarding.md
+  - name: Manage permissions and restrictions
+    href: manage-permissions.md   
 - name: How-to guides
   items:
     - name: Configure Monitoring and Logging
@@ -62,7 +68,7 @@
           href: alerts.md  
         - name: Configure diagnostic logging alerts
           href: ddos-diagnostic-alert-templates.md
-        - name: Configure DDoS diagnostic logging
+        - name: Configure diagnostic logging
           href: diagnostic-logging.md    
     - name: View Monitoring and Logging
       items: 
@@ -72,14 +78,8 @@
           href: ddos-view-diagnostic-logs.md
     - name: Test with simulation partners
       href: test-through-simulations.md
-    - name: Manage permissions and restrictions
-      href: manage-permissions.md
     - name: Engage DDoS Rapid Response (DRR)
       href: ddos-rapid-response.md
-    - name: Inline L7 DDoS protection with Gateway Load Balancer and partner NVAs
-      href: inline-protection-glb.md
-    - name: Onboard partners
-      href: ddos-protection-partner-onboarding.md
 - name: Reference
   items:
   - name: Azure Policy built-ins

articles/ddos-protection/TOC.yml

@@ -126,9 +126,5 @@ You can keep your resources for the next tutorial. If no longer needed, delete t
 1. Select the alerts created in this tutorial, then select **Delete**. 
 ## Next steps
 
-In this article, you learned how to configure metric alerts through Azure Monitor.
-
-To learn how to test and simulate a DDoS attack, see the simulation testing guide:
-
-> [!div class="nextstepaction"]
-> [Test through simulations](test-through-simulations.md)
+* [Test through simulations](test-through-simulations.md)
+* [View alerts in Microsoft Defender for Cloud](ddos-view-alerts-defender-for-cloud.md)

articles/ddos-protection/alerts.md

@@ -63,9 +63,4 @@ For more information, see [Log Analytics workspace overview](../azure-monitor/lo
 
 ## Next steps
 
-In this article, you learned how to configure a Log Analytics workspace for Azure DDoS Protection.
-
-To learn how to configure diagnostic logging, see the diagnostic logging guide:
-
-> [!div class="nextstepaction"]
-> [Test through simulations](test-through-simulations.md)
+* [configure diagnostic logging alerts](ddos-diagnostic-alert-templates.md)

articles/ddos-protection/ddos-configure-log-analytics-workspace.md

@@ -94,9 +94,5 @@ You can keep your resources for the next guide. If no longer needed, delete the
 
 ## Next steps
 
-In this article, you learned how to configure diagnostic logging alerts through Azure Monitor.
-
-To learn how to test and simulate a DDoS attack, see the simulation testing guide:
-
-> [!div class="nextstepaction"]
-> [Test through simulations](test-through-simulations.md)
+* [Test through simulations](test-through-simulations.md)
+* [View alerts in Microsoft Defender for Cloud](ddos-view-alerts-defender-for-cloud.md)

articles/ddos-protection/ddos-diagnostic-alert-templates.md

@@ -43,4 +43,4 @@ To create a virtual network, see [Create a virtual network](../virtual-network/m
 
 ## Next steps
 
-- Learn how to [create a DDoS protection plan](manage-ddos-protection.md).
+- Learn how to [configure diagnostic logging](diagnostic-logging.md).

articles/ddos-protection/ddos-disaster-recovery-guidance.md

@@ -80,4 +80,4 @@ Learn how your services will respond to an attack by [testing through simulation
 
 ## Next steps
 
-- Learn how to [create an Azure DDoS Protection plan](manage-ddos-protection.md).
+- Learn more about [reference architectures](ddos-protection-reference-architectures.md).