Merge branch 'main' into release-updatecenterv2-publicpreview

articles/active-directory-b2c/identity-provider-google.md

@@ -43,9 +43,10 @@ To enable sign-in for users with a Google account in Azure Active Directory B2C
 1. In the upper-left corner of the page, select the project list, and then select **New Project**.
 1. Enter a **Project Name**, select **Create**.
 1. Make sure you are using the new project by selecting the project drop-down in the top-left of the screen. Select your project by name, then select **Open**.
-1. In the left menu, select **OAuth consent screen**, select **External**, and then select **Create**.
+1. In the left menu, select **APIs and services** and then **OAuth consent screen**. Select **External** and then select **Create**.
     1. Enter a **Name** for your application. 
     1. Select a **User support email**. 
+    1. In the **App domain** section, enter a link to your **Application home page**, a link to your **Application privacy policy**, and a link to your **Application terms of service**.
     1. In the **Authorized domains** section, enter *b2clogin.com*.
     1. In the **Developer contact information** section, enter comma separated emails for Google to notify you about any changes to your project. 
     1. Select **Save**.
@@ -199,4 +200,4 @@ If the sign-in process is successful, your browser is redirected to `https://jwt
 - Check out the Google federation [Live demo](https://github.com/azure-ad-b2c/unit-tests/tree/main/Identity-providers#google), and how to pass Google access token [Live demo](https://github.com/azure-ad-b2c/unit-tests/tree/main/Identity-providers#google-with-access-token)
 
 
-::: zone-end
+::: zone-end

articles/active-directory/develop/workload-identities-overview.md

@@ -45,6 +45,7 @@ Here are some ways you can use workload identities:
 - Review service principals and applications that are assigned to privileged directory roles in Azure AD using [access reviews for service principals](../privileged-identity-management/pim-create-azure-ad-roles-and-resource-roles-review.md).
 - Access Azure AD protected resources without needing to manage secrets (for supported scenarios) using [workload identity federation](workload-identity-federation.md).
 - Apply Conditional Access policies to service principals owned by your organization using [Conditional Access for workload identities](../conditional-access/workload-identity.md).
+- Secure workload identities with [Identity Protection](../identity-protection/concept-workload-identity-risk.md).
 
 ## Next steps
 

articles/active-directory/manage-apps/ways-users-get-assigned-to-applications.md

@@ -16,7 +16,7 @@ ms.reviewer: davidmu
 
 # Understand how users are assigned to apps
 
-This article help you to understand how users get assigned to an application in your tenant.
+This article helps you to understand how users get assigned to an application in your tenant.
 
 ## How do users get assigned an application in Azure AD?
 
@@ -34,6 +34,7 @@ There are several ways a user can be assigned an application. Assignment can be
 * An administrator enables [Self-service Application Access](./manage-self-service-access.md) to allow a user to add an application using [My Apps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510) **Add App** feature, but only **with prior approval from a selected set of business approvers**
 * An administrator enables [Self-service Group Management](../enterprise-users/groups-self-service-management.md) to allow a user to join a group that an application is assigned to **without business approval**
 * An administrator enables [Self-service Group Management](../enterprise-users/groups-self-service-management.md) to allow a user to join a group that an application is assigned to, but only **with prior approval from a selected set of business approvers**
+* One of the application's roles is included in an [entitlement management access package](../governance/entitlement-management-access-package-resources.md), and a user requests or is assigned to that access package
 * An administrator assigns a license to a user directly, for a Microsoft service such as [Microsoft 365](https://products.office.com/)
 * An administrator assigns a license to a group that the user is a member of, for a Microsoft service such as [Microsoft 365](https://products.office.com/)
 * A user [consents to an application](consent-and-permissions-overview.md#user-consent) on behalf of themselves.

articles/app-service/resources-kudu.md

@@ -32,7 +32,7 @@ It also provides other features, such as:
 - Run commands in the [Kudu console](https://github.com/projectkudu/kudu/wiki/Kudu-console).
 - Download IIS diagnostic dumps or Docker logs.
 - Manage IIS processes and site extensions.
-- Add deployment webhooks for Windows aps.
+- Add deployment webhooks for Windows apps.
 - Allow ZIP deployment UI with `/ZipDeploy`.
 - Generates [custom deployment scripts](https://github.com/projectkudu/kudu/wiki/Custom-Deployment-Script).
 - Allows access with [REST API](https://github.com/projectkudu/kudu/wiki/REST-API).

articles/application-gateway/private-link-configure.md

@@ -1,21 +1,23 @@
 ---
-title: Configure Azure Application Gateway Private Link
+title: Configure Azure Application Gateway Private Link (preview)
 description: This article shows you how to configure Application Gateway Private Link.
 services: application-gateway
-author: greglin
+author: greg-lindsay
 ms.service: application-gateway
 ms.topic: how-to
 ms.date: 05/09/2022
 ms.author: greglin
 
 ---
 
-# Configure Azure Application Gateway Private Link
+# Configure Azure Application Gateway Private Link (preview)
 
 Application Gateway Private Link allows you to connect your workloads over a private connection spanning across VNets and subscriptions. For more information, see [Application Gateway Private Link](private-link.md).
 
 :::image type="content" source="media/private-link/private-link.png" alt-text="Diagram showing Application Gateway Private Link":::
 
+> [!IMPORTANT]
+> Azure Application Gateway Private Link is currently in [public preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
 
 ## Configuration options
 

articles/application-gateway/private-link.md

@@ -1,16 +1,16 @@
 ---
-title: Azure Application Gateway Private Link
+title: Azure Application Gateway Private Link (preview)
 description: This article is an overview of Application Gateway Private Link.
 services: application-gateway
-author: greglin
+author: greg-lindsay
 ms.service: application-gateway
 ms.topic: conceptual
 ms.date: 05/09/2022
 ms.author: greglin
 
 ---
 
-# Application Gateway Private Link
+# Application Gateway Private Link (preview)
 
 Today, you can deploy your critical workloads securely behind Application Gateway, gaining the flexibility of Layer 7 load balancing features. Access to the backend workloads is possible in two ways:
 
@@ -21,6 +21,8 @@ Private Link for Application Gateway allows you to connect workloads over a priv
 
 :::image type="content" source="media/private-link/private-link.png" alt-text="Diagram showing Application Gateway Private Link":::
 
+> [!IMPORTANT]
+> Azure Application Gateway Private Link is currently in [public preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
 
 ## Features and capabilities
 

articles/automanage/automanage-arc.md

@@ -5,7 +5,7 @@ ms.service: automanage
 ms.collection: linux
 ms.workload: infrastructure
 ms.topic: conceptual
-ms.date: 03/22/2022
+ms.date: 05/12/2022
 ---
 
 # Azure Automanage for Machines Best Practices - Azure Arc-enabled servers
@@ -18,12 +18,10 @@ For all of these services, we will auto-onboard, auto-configure, monitor for dri
 
 Automanage supports the following operating systems for Azure Arc-enabled servers
 
-- Windows Server 2012/R2
-- Windows Server 2016
-- Windows Server 2019
+- Windows Server 2012 R2, 2016, 2019, 2022 
 - CentOS 7.3+, 8
 - RHEL 7.4+, 8
-- Ubuntu 16.04 and 18.04
+- Ubuntu 16.04, 18.04, 20.04
 - SLES 12 (SP3-SP5 only)
 
 ## Participating services
@@ -32,6 +30,7 @@ Automanage supports the following operating systems for Azure Arc-enabled server
 |-----------|---------------|----------------------|
 |[Machines Insights Monitoring](../azure-monitor/vm/vminsights-overview.md)    |Azure Monitor for machines monitors the performance and health of your virtual machines, including their running processes and dependencies on other resources.    |Production    |
 |[Update Management](../automation/update-management/overview.md)    |You can use Update Management in Azure Automation to manage operating system updates for your machines. You can quickly assess the status of available updates on all agent machines and manage the process of installing required updates for servers.    |Production, Dev/Test    |
+|[Microsoft Antimalware](../security/fundamentals/antimalware.md)    |Microsoft Antimalware for Azure is a free real-time protection that helps identify and remove viruses, spyware, and other malicious software. It generates alerts when known malicious or unwanted software tries to install itself or run on your Azure systems. **Note:** Microsoft Antimalware requires that there be no other antimalware software installed, or it may fail to work. This is also only supported for Windows Server 2016 and above. |Production, Dev/Test    |
 |[Change Tracking & Inventory](../automation/change-tracking/overview.md) |Change Tracking and Inventory combines change tracking and inventory functions to allow you to track virtual machine and server infrastructure changes. The service supports change tracking across services, daemons software, registry, and files in your environment to help you diagnose unwanted changes and raise alerts. Inventory support allows you to query in-guest resources for visibility into installed applications and other configuration items.    |Production, Dev/Test    |
 |[Azure Guest Configuration](../governance/policy/concepts/guest-configuration.md)  | Guest Configuration policy is used to monitor the configuration and report on the compliance of the machine. The Automanage service will install the Azure security baseline using the Guest Configuration extension. For Arc machines, the guest configuration service will install the baseline in audit-only mode. You will be able to see where your VM is out of compliance with the baseline, but noncompliance won't be automatically remediated.    |Production, Dev/Test    |
 |[Azure Automation Account](../automation/automation-create-standalone-account.md)    |Azure Automation supports management throughout the lifecycle of your infrastructure and applications.    |Production, Dev/Test    |

articles/automanage/automanage-virtual-machines.md

@@ -5,7 +5,7 @@ author: mmccrory
 ms.service: automanage
 ms.workload: infrastructure
 ms.topic: conceptual
-ms.date: 10/19/2021
+ms.date: 5/12/2022
 ms.author: memccror
 ms.custom: references_regions
 ---
@@ -109,7 +109,7 @@ The only time you might need to interact with this machine to manage these servi
 ## Enabling Automanage for VMs using Azure Policy
 You can also enable Automanage on VMs at scale using the built-in Azure Policy. The policy has a DeployIfNotExists effect, which means that all eligible VMs located within the scope of the policy will be automatically onboarded to Automanage VM Best Practices.
 
-A direct link to the policy is [here](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F270610db-8c04-438a-a739-e8e6745b22d3).
+A direct link to the policy is [here](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Ff889cab7-da27-4c41-a3b0-de1f6f87c55).
 
 For more information, check out how to enable the [Automanage built-in policy](virtual-machines-policy-enable.md). 
 

articles/automanage/automanage-windows-server.md

@@ -9,21 +9,22 @@ ms.date: 03/22/2022
 ms.author: memccror
 ---
 
-# Azure Automanage for Machines Best Practices - Windows Server
+# Azure Automanage for Machines Best Practices - Windows
 
 These Azure services are automatically onboarded for you when you use Automanage Machine Best Practices on a Windows Server VM. They are essential to our best practices white paper, which you can find in our [Cloud Adoption Framework](/azure/cloud-adoption-framework/manage/azure-server-management).
 
 For all of these services, we will auto-onboard, auto-configure, monitor for drift, and remediate if drift is detected. To learn more, go to [Azure Automanage for virtual machines](automanage-virtual-machines.md).
 
 ## Supported Windows Server versions
 
-Automanage supports the following Windows Server versions:
+Automanage supports the following Windows versions:
 
-- Windows Server 2012/R2
+- Windows Server 2012 R2
 - Windows Server 2016
 - Windows Server 2019
 - Windows Server 2022
 - Windows Server 2022 Azure Edition
+- Windows 10 
 
 ## Participating services
 

articles/azure-functions/functions-concurrency.md

@@ -11,9 +11,6 @@ ms.author: cachai
 
 This article describes the concurrency behaviors of event-driven triggers in Azure Functions. It also describes a new dynamic model for optimizing concurrency behaviors. 
 
->[!NOTE]
->The dynamic concurrency model is currently in preview. Support for dynamic concurrency is limited to specific binding extensions.
-
 The hosting model for Functions allows multiple function invocations to run concurrently on a single compute instance. For example, consider a case where you have three different functions in your function app, which is scaled out and running on multiple instances. In this scenario, each function processes invocations on each VM instance on which your function app is running. The function invocations on a single instance share the same VM compute resources, such as memory, CPU, and connections. When your app is hosted in a dynamic plan (Consumption or Premium), the platform scales the number of function app instances up or down based on the number of incoming events. To learn more, see [Event Driven Scaling](./Event-Driven-Scaling.md)). When you host your functions in a Dedicated (App Service) plan, you manually configure your instances or [set up an autoscale scheme](dedicated-plan.md#scaling).
 
 Because multiple function invocations can run on each instance concurrently, each function needs to have a way to throttle how many concurrent invocations it's processing at any given time.
@@ -28,7 +25,7 @@ While such concurrency configurations give you control of certain trigger behavi
 
 Ideally, we want the system to allow instances to process as much work as they can while keeping each instance healthy and latencies low, which is what dynamic concurrency is designed to do.
 
-## Dynamic concurrency (preview)
+## Dynamic concurrency
 
 Functions now provides a dynamic concurrency model that simplifies configuring concurrency for all function apps running in the same plan. 
 
@@ -74,7 +71,7 @@ When dynamic concurrency is enabled, you'll see dynamic concurrency decisions in
 
 ### Extension support 
 
-Dynamic concurrency is enabled for a function app at the host level, and any extensions that support dynamic concurrency run in that mode. Dynamic concurrency requires collaboration between the host and individual trigger extensions. For preview, only the listed versions of the following extensions support dynamic concurrency.
+Dynamic concurrency is enabled for a function app at the host level, and any extensions that support dynamic concurrency run in that mode. Dynamic concurrency requires collaboration between the host and individual trigger extensions. Only the listed versions of the following extensions support dynamic concurrency.
 
 #### Azure Queues
 

articles/azure-maps/authentication-best-practices.md

@@ -1,7 +1,7 @@
 ---
-title: Authentication and authorization best practices in Azure Maps
+title: Authentication best practices in Azure Maps
 titleSuffix: Microsoft Azure Maps
-description: Learn tips & tricks to optimize the use of Authentication and Authorization in your Azure Maps applications. 
+description: Learn tips & tricks to optimize the use of Authentication in your Azure Maps applications. 
 author: stevemunk
 ms.author: v-munksteve
 ms.date: 05/11/2022
@@ -10,7 +10,7 @@ ms.service: azure-maps
 services: azure-maps
 ---
 
-# Authentication and authorization best practices
+# Authentication best practices
 
 The single most important part of your application is its security. No matter how good the user experience might be, if your application isn't secure a hacker can ruin it.
 

articles/azure-monitor/agents/resource-manager-data-collection-rules.md

@@ -78,7 +78,7 @@ The following sample creates an association between an Azure virtual machine and
   "contentVersion": "1.0.0.0",
   "parameters": {
       "vmName": {
-        "value": "my-windows-vm"
+        "value": "my-azure-vm"
       },
       "associationName": {
         "value": "my-windows-vm-my-dcr"
@@ -142,7 +142,7 @@ The following sample creates an association between an Azure Arc-enabled server
   "contentVersion": "1.0.0.0",
   "parameters": {
       "vmName": {
-        "value": "my-windows-vm"
+        "value": "my-hybrid-vm"
       },
       "associationName": {
         "value": "my-windows-vm-my-dcr"

articles/azure-monitor/essentials/resource-logs-schema.md

@@ -90,6 +90,7 @@ The schema for resource logs varies depending on the resource and log category.
 | Azure Storage | [Blobs](../../storage/blobs/monitor-blob-storage-reference.md#resource-logs-preview), [Files](../../storage/files/storage-files-monitoring-reference.md#resource-logs-preview), [Queues](../../storage/queues/monitor-queue-storage-reference.md#resource-logs-preview),  [Tables](../../storage/tables/monitor-table-storage-reference.md#resource-logs-preview) |
 | Azure Stream Analytics |[Job logs](../../stream-analytics/stream-analytics-job-diagnostic-logs.md) |
 | Azure Traffic Manager | [Traffic Manager log schema](../../traffic-manager/traffic-manager-diagnostic-logs.md) |
+| Azure Video Indexer|[Monitor Azure Video Indexer data reference](/azure/azure-video-indexer/monitor-video-indexer-data-reference)|
 | Azure Virtual Network | Schema not available |
 | Virtual network gateways | [Logging for Virtual Network Gateways](../../vpn-gateway/troubleshoot-vpn-with-azure-diagnostics.md)|
 

articles/azure-monitor/logs/custom-fields.md

@@ -25,7 +25,7 @@ For example, the sample record below has useful data buried in the event descrip
 ![Sample extract](media/custom-fields/sample-extract.png)
 
 > [!NOTE]
-> In the Preview, you are limited to 100 custom fields in your workspace.  This limit will be expanded when this feature reaches general availability.
+> In the Preview, you are limited to 500 custom fields in your workspace.  This limit will be expanded when this feature reaches general availability.
 
 ## Creating a custom field
 When you create a custom field, Log Analytics must understand which data to use to populate its value.  It uses a technology from Microsoft Research called FlashExtract to quickly identify this data.  Rather than requiring you to provide explicit instructions, Azure Monitor learns about the data you want to extract from examples that you provide.

articles/azure-monitor/logs/powershell-workspace-configuration.md

@@ -36,7 +36,7 @@ try {
 }
 
 # Create the workspace
-New-AzOperationalInsightsWorkspace -Location $Location -Name $WorkspaceName -Sku Standard -ResourceGroupName $ResourceGroup
+New-AzOperationalInsightsWorkspace -Location $Location -Name $WorkspaceName -Sku PerGB2018 -ResourceGroupName $ResourceGroup
 ```
 
 ## Create workspace and configure data sources
@@ -71,7 +71,7 @@ try {
 }
 
 # Create the workspace
-New-AzOperationalInsightsWorkspace -Location $Location -Name $WorkspaceName -Sku Standard -ResourceGroupName $ResourceGroup
+New-AzOperationalInsightsWorkspace -Location $Location -Name $WorkspaceName -Sku PerGB2018 -ResourceGroupName $ResourceGroup
 
 # List of solutions to enable
 $Solutions = "Security", "Updates", "SQLAssessment"

articles/azure-portal/TOC.yml

@@ -52,9 +52,11 @@
       href: supportability/how-to-manage-azure-support-request.md
   - name: View and increase quotas
     items:
+    - name: Quotas overview
+      href: supportability/quotas-overview.md
     - name: View quotas
       href: supportability/view-quotas.md
-    - name: Increase vCPU quotas
+    - name: Increase compute quotas
       items:
       - name: Increase VM-family vCPU quotas
         href: supportability/per-vm-quota-requests.md