Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into tamram22-0719

Author: tamram

articles/active-directory/app-provisioning/on-premises-scim-provisioning.md

@@ -7,7 +7,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 07/05/2022
+ms.date: 08/25/2022
 ms.author: billmath
 ms.reviewer: arvinh
 ---
@@ -22,6 +22,7 @@ The Azure Active Directory (Azure AD) provisioning service supports a [SCIM 2.0]
 - An Azure AD tenant with Azure AD Premium P1 or Premium P2 (or EMS E3 or E5). [!INCLUDE [active-directory-p1-license.md](../../../includes/active-directory-p1-license.md)]
 - Administrator role for installing the agent. This task is a one-time effort and should be an Azure account that's either a hybrid administrator or a global administrator. 
 - Administrator role for configuring the application in the cloud (application administrator, cloud application administrator, global administrator, or a custom role with permissions).
+- A computer with at least 3 GB of RAM, to host a provisioning agent. The computer should have Windows Server 2016 or a later version of Windows Server, with connectivity to the target application, and with outbound connectivity to login.microsoftonline.com, other Microsoft Online Services and Azure domains. An example is a Windows Server 2016 virtual machine hosted in Azure IaaS or behind a proxy.
 
 ## Deploying Azure AD provisioning agent
 The Azure AD Provisioning agent can be deployed on the same server hosting a SCIM enabled application, or a seperate server, providing it has line of sight to the application's SCIM endpoint. A single agent also supports provision to multiple applications hosted locally on the same server or seperate hosts, again as long as each SCIM endpoint is reachable by the agent.  
@@ -49,6 +50,9 @@ Once the agent is installed, no further configuration is necesary on-prem, and a
  12.  Go to the **Provisioning** pane, and select **Start provisioning**.
  13.  Monitor using the [provisioning logs](../../active-directory/reports-monitoring/concept-provisioning-logs.md).
 
+The following video provides an overview of on-premises provisoning.
+> [!VIDEO https://www.youtube.com/embed/QdfdpaFolys]
+
 ## Additional requirements
 * Ensure your [SCIM](https://techcommunity.microsoft.com/t5/identity-standards-blog/provisioning-with-scim-getting-started/ba-p/880010) implementation meets the [Azure AD SCIM requirements](use-scim-to-provision-users-and-groups.md).
 

articles/active-directory/verifiable-credentials/verifiable-credentials-configure-verifier.md

@@ -127,7 +127,7 @@ Now you are ready to present and verify your first verified credential expert ca
 1. From Visual Studio Code, run the *Verifiable_credentials_DotNet* project. Or from the command shell, run the following commands:
 
     ```bash
-    cd active-directory-verifiable-credentials-dotnet/1. asp-net-core-api-idtokenhint
+    cd active-directory-verifiable-credentials-dotnet/1-asp-net-core-api-idtokenhint
     dotnet build "asp-net-core-api-idtokenhint.csproj" -c Debug -o .\bin\Debug\netcoreapp3.1  
     dotnet run
     ```

articles/applied-ai-services/form-recognizer/includes/input-requirements.md

@@ -3,19 +3,37 @@ author: laujan
 ms.service: applied-ai-services
 ms.subservice: forms-recognizer
 ms.topic: include
-ms.date: 07/27/2022
+ms.date: 08/25/2022
 ms.author: lajanuar
-ms.custom: ignite-fall-2021
 ---
 <!-- markdownlint-disable MD041 -->
 
 * For best results, provide one clear photo or high-quality scan per document.
-* Supported file formats: JPEG/JPG, PNG, BMP, TIFF, and PDF (text-embedded or scanned). Text-embedded PDFs are best to eliminate the possibility of error in character extraction and location. Additionally, only API version`2022/06/30` supports Microsoft Word (DOCX), Excel (XLS), PowerPoint (PPT), and HTML files in Read model.
+
+* Supported file formats: 
+
+    |Model | PDF |Image: </br>JPEG/JPG, PNG, BMP, and TIFF | Microsoft Office: </br> Word (DOCX), Excel (XLS), PowerPoint (PPT), and HTML|
+    |--------|:----:|:-----:|:---------------:
+    |Read            | ✔    | ✔    | &#x2731; **REST API version**</br> **`2022/06/30-preview`**
+    |Layout          | ✔  | ✔ |   |
+    |General&nbsp;Document| ✔  | ✔ |   |
+    |Prebuilt        |  ✔  | ✔ |   |
+    |Custom          |  ✔  | ✔ |   |
+
+    &#x2731; Microsoft Office files are currently not supported for other models or versions.
+
 * For PDF and TIFF, up to 2000 pages can be processed (with a free tier subscription, only the first two pages are processed).
+
 * The file size for analyzing documents must be _less than_ 500 MB for paid (S0) tier and 4 MB for free (F0) tier.
+
 * Image dimensions must be between 50 x 50 pixels and 10,000 px x 10,000 pixels.
+
 * PDF dimensions are up to 17 x 17 inches, corresponding to Legal or A3 paper size, or smaller.
+
 * If your PDFs are password-locked, you must remove the lock before submission.
+
 * The minimum height of the text to be extracted is 12 pixels for a 1024 x 768 pixel image. This dimension corresponds to about 8-point text at 150 dots per inch (DPI).
+
 * For custom model training, the maximum number of pages for training data is 500 for the custom template model and 50,000 for the custom neural model.
+
 * For custom model training, the total size of training data is 50 MB for template model and 1G-MB for the neural model.

articles/automanage/automanage-arc.md

@@ -32,7 +32,7 @@ Automanage supports the following operating systems for Azure Arc-enabled server
 |[Update Management](../automation/update-management/overview.md)    |You can use Update Management in Azure Automation to manage operating system updates for your machines. You can quickly assess the status of available updates on all agent machines and manage the process of installing required updates for servers.    |Production, Dev/Test    |
 |[Microsoft Antimalware](../security/fundamentals/antimalware.md)    |Microsoft Antimalware for Azure is a free real-time protection that helps identify and remove viruses, spyware, and other malicious software. It generates alerts when known malicious or unwanted software tries to install itself or run on your Azure systems. **Note:** Microsoft Antimalware requires that there be no other antimalware software installed, or it may fail to work. This is also only supported for Windows Server 2016 and above. |Production, Dev/Test    |
 |[Change Tracking & Inventory](../automation/change-tracking/overview.md) |Change Tracking and Inventory combines change tracking and inventory functions to allow you to track virtual machine and server infrastructure changes. The service supports change tracking across services, daemons software, registry, and files in your environment to help you diagnose unwanted changes and raise alerts. Inventory support allows you to query in-guest resources for visibility into installed applications and other configuration items.    |Production, Dev/Test    |
-|[Azure Guest Configuration](../governance/machine-configuration/overview.md)  | Guest Configuration policy is used to monitor the configuration and report on the compliance of the machine. The Automanage service will install the Azure security baseline using the Guest Configuration extension. For Arc machines, the guest configuration service will install the baseline in audit-only mode. You will be able to see where your VM is out of compliance with the baseline, but noncompliance won't be automatically remediated.    |Production, Dev/Test    |
+|[Machine Configuration](../governance/machine-configuration/overview.md)  | Machine Configuration policy is used to monitor the configuration and report on the compliance of the machine. The Automanage service will install the Azure security baseline using the Guest Configuration extension. For Arc machines, the machine configuration service will install the baseline in audit-only mode. You will be able to see where your VM is out of compliance with the baseline, but noncompliance won't be automatically remediated.    |Production, Dev/Test    |
 |[Azure Automation Account](../automation/automation-create-standalone-account.md)    |Azure Automation supports management throughout the lifecycle of your infrastructure and applications.    |Production, Dev/Test    |
 |[Log Analytics Workspace](../azure-monitor/logs/log-analytics-overview.md) |Azure Monitor stores log data in a Log Analytics workspace, which is an Azure resource and a container where data is collected, aggregated, and serves as an administrative boundary.    |Production, Dev/Test    |
 

articles/automanage/automanage-linux.md

@@ -37,7 +37,7 @@ Automanage supports the following Linux distributions and versions:
 |[Microsoft Defender for Cloud](../security-center/security-center-introduction.md)    |Microsoft Defender for Cloud is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud. Learn [more](../security-center/security-center-introduction.md).  Automanage will configure the subscription where your VM resides to the free-tier offering of Microsoft Defender for Cloud (Enhanced security off). If your subscription is already onboarded to Microsoft Defender for Cloud, then Automanage will not reconfigure it.    |Production, Dev/Test    |
 |[Update Management](../automation/update-management/overview.md)    |You can use Update Management in Azure Automation to manage operating system updates for your machines. You can quickly assess the status of available updates on all agent machines and manage the process of installing required updates for servers. Learn [more](../automation/update-management/overview.md).    |Production, Dev/Test    |
 |[Change Tracking & Inventory](../automation/change-tracking/overview.md) |Change Tracking and Inventory combines change tracking and inventory functions to allow you to track virtual machine and server infrastructure changes. The service supports change tracking across services, daemons software, registry, and files in your environment to help you diagnose unwanted changes and raise alerts. Inventory support allows you to query in-guest resources for visibility into installed applications and other configuration items.  Learn [more](../automation/change-tracking/overview.md).    |Production, Dev/Test    |
-|[Guest configuration](../governance/machine-configuration/overview.md)  | Guest configuration is used to monitor the configuration and report on the compliance of the machine. The Automanage service will install the Azure Linux baseline using the guest configuration extension. For Linux machines, the guest configuration service will install the baseline in audit-only mode. You will be able to see where your VM is out of compliance with the baseline, but noncompliance won't be automatically remediated. Learn [more](../governance/machine-configuration/overview.md).    |Production, Dev/Test    |
+|[Machine configuration](../governance/machine-configuration/overview.md)  | Machine configuration is used to monitor the configuration and report on the compliance of the machine. The Automanage service will install the Azure Linux baseline using the guest configuration extension. For Linux machines, the machine configuration service will install the baseline in audit-only mode. You will be able to see where your VM is out of compliance with the baseline, but noncompliance won't be automatically remediated. Learn [more](../governance/machine-configuration/overview.md).    |Production, Dev/Test    |
 |[Boot Diagnostics](../virtual-machines/boot-diagnostics.md)  | Boot diagnostics is a debugging feature for Azure virtual machines (VM) that allows diagnosis of VM boot failures. Boot diagnostics enables a user to observe the state of their VM as it is booting up by collecting serial log information and screenshots. This will only be enabled for machines that are using managed disks. |Production, Dev/Test    |
 |[Azure Automation Account](../automation/automation-create-standalone-account.md)    |Azure Automation supports management throughout the lifecycle of your infrastructure and applications. Learn [more](../automation/automation-intro.md).    |Production, Dev/Test    |
 |[Log Analytics Workspace](../azure-monitor/logs/log-analytics-workspace-overview.md) |Azure Monitor stores log data in a Log Analytics workspace, which is an Azure resource and a container where data is collected, aggregated, and serves as an administrative boundary. Learn [more](../azure-monitor/logs/workspace-design.md).    |Production, Dev/Test    |

articles/automanage/automanage-virtual-machines.md

@@ -5,12 +5,12 @@ author: mmccrory
 ms.service: automanage
 ms.workload: infrastructure
 ms.topic: conceptual
-ms.date: 5/12/2022
+ms.date: 8/25/2022
 ms.author: memccror
 ms.custom: references_regions
 ---
 
-# Preview: Azure Automanage for machine best practices
+# Preview: Azure Automanage machine best practices
 
 This article covers information about Azure Automanage for machine best practices, which have the following benefits:
 
@@ -31,17 +31,18 @@ Azure Automanage also automatically monitors for drift and corrects for it when
 Automanage doesn't store/process customer data outside the geography your VMs are located. In the Southeast Asia region, Automanage does not store/process data outside of Southeast Asia.
 
 > [!NOTE]
-> Automanage can be enabled on Azure virtual machines as well as Azure Arc-enabled servers. Automanage is not available in US Government Cloud at this time.
+> Automanage can be enabled on Azure virtual machines and Azure Arc-enabled servers. Automanage is not available in US Government Cloud at this time.
 
 ## Prerequisites
 
 There are several prerequisites to consider before trying to enable Azure Automanage on your virtual machines.
 
 - Supported [Windows Server versions](automanage-windows-server.md#supported-windows-server-versions) and [Linux distros](automanage-linux.md#supported-linux-distributions-and-versions)
-- VMs must be in a supported region (see below)
-- User must have correct permissions (see below)
+- Machines must be in a [supported region](#supported-regions)
+- User must have correct [permissions](#required-rbac-permissions)
+- Machines must meet the [eligibility requirements](#enabling-automanage-for-vms-in-azure-portal) 
 - Automanage does not support Sandbox subscriptions at this time
-- Automanage does not support Windows client images at this time
+- Automanage does not support [Trusted Launch VMs](../virtual-machines/trusted-launch.md)
 
 ### Supported regions
 Automanage only supports VMs located in the following regions:
@@ -61,6 +62,9 @@ Automanage only supports VMs located in the following regions:
 * AU Southeast
 * Southeast Asia
 
+> [!NOTE]
+> If the machine is connected to a log analytics workspace, the log analytics workspace must be located in one of the supported regions listed above.
+
 ### Required RBAC permissions
 To onboard, Automanage requires slightly different RBAC roles depending on whether you are enabling Automanage for the first time in a subscription.
 
@@ -97,19 +101,23 @@ In the Machine selection pane in the portal, you will notice the **Eligibility**
 - Machine is not using one of the supported images: [Windows Server versions](automanage-windows-server.md#supported-windows-server-versions) and [Linux distros](automanage-linux.md#supported-linux-distributions-and-versions)
 - Machine is not located in a supported [region](#supported-regions)
 - Machine's log analytics workspace is not located in a supported [region](#supported-regions)
-- User does not have permissions to the log analytics workspace's subscription. Check out the [required permissions](#required-rbac-permissions)
-- The Automanage resource provider is not registered on the subscription. Check out [how to register a Resource Provider](../azure-resource-manager/management/resource-providers-and-types.md#register-resource-provider-1) with the Automanage resource provider: *Microsoft.Automanage*
+- User does not have sufficient permissions to the log analytics workspace or to the machine. Check out the [required permissions](#required-rbac-permissions)
 - Machine does not have necessary VM agents installed which the Automanage service requires. Check out the [Windows agent installation](../virtual-machines/extensions/agent-windows.md) and the [Linux agent installation](../virtual-machines/extensions/agent-linux.md)
 - Arc machine is not connected. Learn more about the [Arc agent status](../azure-arc/servers/overview.md#agent-status) and [how to connect](../azure-arc/servers/deployment-options.md#agent-installation-details)
 
+> [!NOTE]
+> If the machine is powered off, you can still onboard the machine to Automanage. However, Automanage will report the machine as "Unknown" in the Automanage status because Automanage needs the machine to be powered on to assess if the machine is configured to the profile. Once you power on your machine, Automanage will try to onboard the machine to the selected configuration profile.
+
 Once you have selected your eligible machines, Click **Enable**, and you're done.
 
 The only time you might need to interact with this machine to manage these services is in the event we attempted to remediate your VM, but failed to do so. If we successfully remediate your VM, we will bring it back into compliance without even alerting you. For more details, see [Status of VMs](#status-of-vms).
 
 ## Enabling Automanage for VMs using Azure Policy
 You can also enable Automanage on VMs at scale using the built-in Azure Policy. The policy has a DeployIfNotExists effect, which means that all eligible VMs located within the scope of the policy will be automatically onboarded to Automanage VM Best Practices.
 
-A direct link to the policy is [here](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Ff889cab7-da27-4c41-a3b0-de1f6f87c55).
+A direct link to the policy using the built-in profiles is [here](https://portal.azure.com/#view/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Ff889cab7-da27-4c41-a3b0-de1f6f87c550).
+
+A direct link to the policy using a custom configuration profile is [here](https://portal.azure.com/#view/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fb025cfb4-3702-47c2-9110-87fe0cfcc99b).
 
 For more information, check out how to enable the [Automanage built-in policy](virtual-machines-policy-enable.md). 
 
@@ -150,11 +158,12 @@ In the Azure portal, go to the **Automanage – Azure machine best practices** p
 For each listed machine, the following details are displayed: Name, Configuration profile, Status, Resource type, Resource group, Subscription.
 
 The **Status** column can display the following states:
-- *In progress* - the VM was just enabled and is being configured
+- *In progress* - the VM is being configured
 - *Conformant* - the VM is configured and no drift is detected
-- *Not conformant* - the VM has drifted and we were unable to remediate or the machine is powered off and Automanage will attempt to onboard or remediate the VM when it is next running
+- *Not conformant* - the VM has drifted and Automanage was unable to correct one or more services to the assigned configuration profile 
 - *Needs upgrade* - the VM is onboarded to an earlier version of Automanage and needs to be [upgraded](automanage-upgrade.md) to the latest version
-- *Error* - the Automanage service is unable to monitor one or more resources
+- *Unknown* - the Automanage service is unable to determine the desired configuration of the machine. This is usually because the VM agent is not installed or the machine is not running. It can also indicate that the Automanage service does not have the necessary permissions that it needs to determine the desired configuration
+- *Error* - the Automanage service encountered an error while attempting to determine if the machine conforms with the desired configuration
 
 If you see the **Status** as *Not conformant* or *Error*, you can troubleshoot by clicking on the status in the portal and using the troubleshooting links provided