Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into pauljewell-v11-samples

Author: pauljewellmsft

articles/active-directory/fundamentals/concept-secure-remote-workers.md

@@ -34,7 +34,7 @@ This guide assumes that your cloud only or hybrid identities have been establish
 
 ### Guided walkthrough
 
-For a guided walkthrough of many of the recommendations in this article, see the [Set up Azure AD](https://go.microsoft.com/fwlink/?linkid=2221308) guide.
+For a guided walkthrough of many of the recommendations in this article, see the [Set up Azure AD](https://go.microsoft.com/fwlink/?linkid=2224193) guide when signed in to the Microsoft 365 Admin Center.  To review best practices without signing in and activating automated setup features, go to the [M365 Setup portal](https://go.microsoft.com/fwlink/?linkid=2221308).
 
 ## Guidance for Azure AD Free, Office 365, or Microsoft 365 customers.
 

articles/active-directory/identity-protection/concept-identity-protection-risks.md

@@ -68,6 +68,7 @@ Premium detections are visible only to Azure AD Premium P2 customers. Customers
 | Activity from anonymous IP address | Offline | This detection is discovered by [Microsoft Defender for Cloud Apps](/cloud-app-security/anomaly-detection-policy#activity-from-anonymous-ip-addresses). This detection identifies that users were active from an IP address that has been identified as an anonymous proxy IP address. |
 | Suspicious inbox forwarding | Offline | This detection is discovered by [Microsoft Defender for Cloud Apps](/cloud-app-security/anomaly-detection-policy#suspicious-inbox-forwarding). This detection looks for suspicious email forwarding rules, for example, if a user created an inbox rule that forwards a copy of all emails to an external address. |
 | Mass Access to Sensitive Files | Offline | This detection is discovered by [Microsoft Defender for Cloud Apps](/defender-cloud-apps/investigate-anomaly-alerts#unusual-file-access-by-user). This detection looks at your environment and triggers alerts when users access multiple files from Microsoft SharePoint or Microsoft OneDrive. An alert is triggered only if the number of accessed files is uncommon for the user and the files might contain sensitive information|
+| Verified threat actor IP | Real-time | This risk detection type indicates sign-in activity that is consistent with known IP addresses associated with nation state actors or cyber crime groups, based on Microsoft Threat Intelligence Center (MSTIC).|
 
 #### Nonpremium sign-in risk detections
 

articles/active-directory/reports-monitoring/howto-use-recommendations.md

@@ -72,6 +72,9 @@ Each recommendation provides the same set of details that explain what the recom
 
 - The **Impacted resources** table contains a list of resources identified by the recommendation. The resource's name, ID, date it was first detected, and status are provided. The resource could be an application or resource service principal, for example. 
 
+> [!NOTE]
+> In the Azure portal the impacted resources are limited to a maximum of 50 resources. To view more resources, you should use the expand query parameter at the end of your API query on Microsoft graph. For example: Get: https://graph.microsoft.com/beta/directory/recommendations?$expand=impactedResources
+
 ## How to update a recommendation
 
 To update the status of a recommendation or a related resource, sign in to Azure using a least-privileged role for updating a recommendation.
@@ -136,4 +139,4 @@ For more information, see the [Microsoft Graph documentation for recommendations
 ## Next steps
 
 - [Review the Azure AD recommendations overview](overview-recommendations.md)
-- [Learn about Service Health notifications](overview-service-health-notifications.md)
+- [Learn about Service Health notifications](overview-service-health-notifications.md)

articles/app-service/app-service-undelete.md

@@ -3,7 +3,7 @@ title: Restore deleted apps
 description: Learn how to restore a deleted app in Azure App Service. Avoid the headache of an accidentally deleted app.
 author: seligj95
 ms.author: jordanselig
-ms.date: 11/4/2022
+ms.date: 4/3/2023
 ms.topic: article 
 ms.custom: devx-track-azurepowershell
 ---
@@ -14,8 +14,8 @@ If you happened to accidentally delete your app in Azure App Service, you can re
 
 > [!NOTE]
 > - Deleted apps are purged from the system 30 days after the initial deletion. After an app is purged, it can't be recovered.
-> - Undelete functionality isn't supported for the Consumption plan.
-> - Apps Service apps running in an App Service Environment don't support snapshots. Therefore, undelete functionality and clone functionality aren't supported for App Service apps running in an App Service Environment.
+> - Undelete functionality isn't supported for function apps hosted on the Consumption plan or Elastic Premium plan.
+> - App Service apps running in an App Service Environment don't support snapshots. Therefore, undelete functionality and clone functionality aren't supported for App Service apps running in an App Service Environment.
 >
 
 ## Re-register App Service resource provider
@@ -49,12 +49,12 @@ The detailed information includes:
 ## Restore deleted app
 
 >[!NOTE]
->- `Restore-AzDeletedWebApp` isn't supported for function apps.
+>- `Restore-AzDeletedWebApp` isn't supported for function apps hosted on the Consumption plan or Elastic Premium plan.
 >- The Restore-AzDeletedWebApp cmdlet restores a deleted web app. The web app specified by TargetResourceGroupName, TargetName, and TargetSlot will be overwritten with the contents and settings of the deleted web app. If the target parameters are not specified, they will automatically be filled with the deleted web app's resource group, name, and slot. If the target web app does not exist, it will automatically be created in the app service plan specified by TargetAppServicePlanName.
 >- By default `Restore-AzDeletedWebApp` will restore both your app configuration as well any content. If you want to only restore content, you use the **`-RestoreContentOnly`** flag with this commandlet.
 
 
-Once the app you want to restore has been identified, you can restore it using `Restore-AzDeletedWebApp`, please see below examples
+After identifying the app you want to restore, you can restore it using `Restore-AzDeletedWebApp`, as shown in the following examples.
 >*You can find the full commandlet reference here: **[Restore-AzDeletedWebApp](/powershell/module/az.websites/restore-azdeletedwebapp)*** .
 
 >Restore to the original app name:
@@ -90,16 +90,43 @@ Restore-AzDeletedWebApp -ResourceGroupName <original_rg> -Name <original_app> -D
 
 The inputs for command are:
 
-- **Target Resource Group**: Target resource group where the app will be restored
+- **Target Resource Group**: Target resource group where the app is to be restored
 - **TargetName**: Target app for the deleted app to be restored to
 - **TargetAppServicePlanName**: App Service plan linked to the app
 - **Name**: Name for the app, should be globally unique.
 - **ResourceGroupName**: Original resource group for the deleted app 
 - **Slot**: Slot for the deleted app 
-- **RestoreContentOnly**: By default `Restore-AzDeletedWebApp` will restore both your app configuration as well any content. If you want to only restore content, you can use the `-RestoreContentOnly` flag with this commandlet.
+- **RestoreContentOnly**: By default `Restore-AzDeletedWebApp` restores both your app configuration as well any content. If you want to only restore content, you can use the `-RestoreContentOnly` flag with this commandlet.
 
 > [!NOTE]
 > If the app was hosted on and then deleted from an App Service Environment, it can be restored only if the corresponding App Service Environment still exists.
 
+## Restore deleted function app 
+
+If the function app was hosted on a **Dedicated app service plan**, it can be restored, as long as it was using the default App Service storage.
+
+1. Fetch the DeletedSiteId of the app version you want to restore, using Get-AzDeletedWebApp cmdlet:
+
+```powershell
+Get-AzDeletedWebApp -ResourceGroupName <RGofDeletedApp> -Name <NameofApp> 
+```
+2. Create a new function app in a Dedicated plan. Refer to the instructions for [how to create an app in the portal](../azure-functions/functions-create-function-app-portal.md#create-a-function-app).
+3. Restore to the newly created function app using this cmdlet:
+
+```powershell
+Restore-AzDeletedWebApp -ResourceGroupName <RGofnewapp> -Name <newApp> -deletedId "/subscriptions/xxxx/providers/Microsoft.Web/locations/xxxx/deletedSites/xxxx"
+```
+
+Currently there's no support for Undelete (Restore-AzDeletedWebApp) Function app that's hosted in a Consumption plan or Elastic premium plan since the content resides on Azure Files in a Storage account. If you haven't 'hard' deleted that Azure Files storage account, or if the account exists and file shares haven't been deleted, then you may use the steps as workaround:
+ 
+
+1. Create a new function app in a Consumption or Premium plan. Refer the instructions for [how to create an app in the portal](../azure-functions/functions-create-function-app-portal.md#create-a-function-app).
+2. Set the following [app settings](../azure-functions/functions-how-to-use-azure-function-app-settings.md?tabs=portal#settings) to refer to the old storage account , which contains the content from the previous app.
+
+    | App Setting      | Suggested value  | 
+    | ------------ | ---------------- | 
+    | **AzureWebJobsStorage** | Connection String for the storage account used by the deleted app. | 
+    | **WEBSITE_CONTENTAZUREFILECONNECTIONSTRING** | Connection String for the storage account used by the deleted app. | 
+    | **WEBSITE_CONTENTSHARE** | File share on storage account used by the deleted app. | 
 
 

articles/azure-functions/functions-networking-options.md

@@ -283,6 +283,15 @@ The following APIs let you programmatically manage regional virtual network inte
 + **Azure CLI**: Use the [`az functionapp vnet-integration`](/cli/azure/functionapp/vnet-integration) commands to add, list, or remove a regional virtual network integration.  
 + **ARM templates**: Regional virtual network integration can be enabled by using an Azure Resource Manager template. For a full example, see [this Functions quickstart template](https://azure.microsoft.com/resources/templates/function-premium-vnet-integration/).
 
+## Testing
+
+When testing functions in a function app with private endpoints, you must do your testing from within the same virtual network, such as on a virtual machine (VM) in that network. To use the **Code + Test** option in the portal from that VM, you need to add following [CORS origins](./functions-how-to-use-azure-function-app-settings.md?tabs=portal#cors) to your function app:
+
+* https://functions-next.azure.com
+* https://functions-staging.azure.com
+* https://functions.azure.com
+* https://portal.azure.com
+
 ## Troubleshooting
 
 [!INCLUDE [app-service-web-vnet-troubleshooting](../../includes/app-service-web-vnet-troubleshooting.md)]