Merge pull request #116227 from v-kents/Microsoft/azure-docs-migration

megvanhuygen · web-flow · commit 016592b002ba · 2020-05-22T16:31:55.000-07:00
migrate PR from Microsoft repo
diff --git a/articles/active-directory/authentication/howto-mfa-nps-extension-vpn.md b/articles/active-directory/authentication/howto-mfa-nps-extension-vpn.md
@@ -242,9 +242,9 @@ In this section, you configure your VPN server to use RADIUS authentication. The
     b. For the **Shared secret**, select **Change**, and then enter the shared secret password that you created and recorded earlier.
 
     c. In the **Time-out (seconds)** box, enter a value of **30**.  
-    The timeout value is necessary to allow enough time to complete the second authentication factor.
+    The timeout value is necessary to allow enough time to complete the second authentication factor. Some VPNs or regions require time-out settings greater than 30 seconds to prevent users from receiving multiple phone calls. If users do experience this issue, increase the **Time-out (seconds)** value in increments of 30 seconds until the issue doesn't reoccur.
 
-    ![Add RADIUS Server window configuring the Time-out](./media/howto-mfa-nps-extension-vpn/image16.png)
+    ![Add RADIUS Server window configuring the Time-out](./media/howto-mfa-nps-extension-vpn/image16.png) 
 
 8. Select **OK**.
 
diff --git a/articles/active-directory/conditional-access/howto-conditional-access-policy-registration.md b/articles/active-directory/conditional-access/howto-conditional-access-policy-registration.md
@@ -58,6 +58,7 @@ Some may choose to use device state instead of location in step 6 above:
 
 > [!WARNING]
 > If you use device state as a condition in your policy this may impact guest users in the directory. [Report-only mode](concept-conditional-access-report-only.md) can help determine the impact of policy decisions.
+> Note that report-only mode is not applicable for CA policies with "User Actions" scope.
 
 ## Next steps
 
diff --git a/articles/active-directory/develop/active-directory-saml-claims-customization.md b/articles/active-directory/develop/active-directory-saml-claims-customization.md
@@ -164,9 +164,9 @@ To add a claim condition:
 
 The order in which you add the conditions are important. Azure AD evaluates the conditions from top to bottom to decide which value to emit in the claim. 
 
-For example, Brita Simon is a guest user in the Contoso tenant. She belongs to another organization that also uses Azure AD. Given the below configuration for the Fabrikam application, when Brita tries to sign in to Fabrikam, Azure AD will evaluate the conditions as follow.
+For example, Britta Simon is a guest user in the Contoso tenant. She belongs to another organization that also uses Azure AD. Given the below configuration for the Fabrikam application, when Britta tries to sign in to Fabrikam, Azure AD will evaluate the conditions as follow.
 
-First, Azure AD verifies if Brita's user type is `All guests`. Since, this is true then Azure AD assigns the source for the claim to `user.extensionattribute1`. Second, Azure AD verifies if Brita's user type is `AAD guests`, since this is also true then Azure AD assigns the source for the claim to `user.mail`. Finally, the claim is emitted with value `user.email` for Brita.
+First, Azure AD verifies if Britta's user type is `All guests`. Since, this is true then Azure AD assigns the source for the claim to `user.extensionattribute1`. Second, Azure AD verifies if Britta's user type is `AAD guests`, since this is also true then Azure AD assigns the source for the claim to `user.mail`. Finally, the claim is emitted with value `user.mail` for Britta.
 
 ![Claims conditional configuration](./media/active-directory-saml-claims-customization/sso-saml-user-conditional-claims.png)
 
diff --git a/articles/active-directory/saas-apps/policystat-tutorial.md b/articles/active-directory/saas-apps/policystat-tutorial.md
@@ -76,10 +76,9 @@ To configure and test Azure AD single sign-on with PolicyStat, you need to compl
 
 1. **[Configure Azure AD Single Sign-On](#configure-azure-ad-single-sign-on)** - to enable your users to use this feature.
 2. **[Configure PolicyStat Single Sign-On](#configure-policystat-single-sign-on)** - to configure the Single Sign-On settings on application side.
-3. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
-4. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
-5. **[Create PolicyStat test user](#create-policystat-test-user)** - to have a counterpart of Britta Simon in PolicyStat that is linked to the Azure AD representation of user.
-6. **[Test single sign-on](#test-single-sign-on)** - to verify whether the configuration works.
+3. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
+4. **[Create PolicyStat test user](#create-policystat-test-user)** - to have a counterpart of Britta Simon in PolicyStat that is linked to the Azure AD representation of user.
+5. **[Test single sign-on](#test-single-sign-on)** - to verify whether the configuration works.
 
 ### Configure Azure AD single sign-on
 
@@ -162,59 +161,34 @@ To configure Azure AD single sign-on with PolicyStat, perform the following step
    
     ![Administrator Menu](./media/policystat-tutorial/ic808633.png "Administrator Menu")
 
-3. In the **Setup** section, select **Enable Single Sign-on Integration**.
-   
-    ![Single Sign-On Configuration](./media/policystat-tutorial/ic808634.png "Single Sign-On Configuration")
-
-4. Click **Configure Attributes**, and then, in the **Configure Attributes** section, perform the following steps:
-   
-    ![Single Sign-On Configuration](./media/policystat-tutorial/ic808635.png "Single Sign-On Configuration")
-   
-    a. In the **Username Attribute** textbox, type **uid**.
-
-    b. In the **First Name Attribute** textbox, type **firstname** of user **Britta**.
-
-    c. In the **Last Name Attribute** textbox, type **lastname** of user **Simon**.
-
-    d. In the **Email Attribute** textbox, type **emailaddress** of user `BrittaSimon@contoso.com`.
-
-    e. Click **Save Changes**.
-
-5. Click **Your IDP Metadata**, and then, in the **Your IDP Metadata** section, perform the following steps:
+3. Click **Your IDP Metadata**, and then, in the **Your IDP Metadata** section, perform the following steps:
    
     ![Single Sign-On Configuration](./media/policystat-tutorial/ic808636.png "Single Sign-On Configuration")
    
     a. Open your downloaded metadata file, copy the content, and  then paste it into the **Your Identity Provider Metadata** textbox.
 
     b. Click **Save Changes**.
 
-### Create an Azure AD test user 
-
-The objective of this section is to create a test user in the Azure portal called Britta Simon.
-
-1. In the Azure portal, in the left pane, select **Azure Active Directory**, select **Users**, and then select **All users**.
-
-    ![The "Users and groups" and "All users" links](common/users.png)
-
-2. Select **New user** at the top of the screen.
+4. Click **Configure Attributes**, and then, in the **Configure Attributes** section, perform the following steps:
+   
+    a. In the **Username Attribute** textbox, type **uid**.
 
-    ![New user Button](common/new-user.png)
+    b. In the **First Name Attribute** textbox, type your First Name Attribute claim name from Azure **http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname**.
 
-3. In the User properties, perform the following steps.
+    c. In the **Last Name Attribute** textbox, type your Last Name Attribute claim name from Azure **http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname**.
 
-    ![The User dialog box](common/user-properties.png)
+    d. In the **Email Attribute** textbox, type your Email Attribute claim name from Azure **http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress**.
 
-    a. In the **Name** field enter **BrittaSimon**.
-  
-    b. In the **User name** field type brittasimon@yourcompanydomain.extension. For example, BrittaSimon@contoso.com
+    e. Click **Save Changes**.
 
-    c. Select **Show password** check box, and then write down the value that's displayed in the Password box.
+5. In the **Setup** section, select **Enable Single Sign-on Integration**.
+   
+    ![Single Sign-On Configuration](./media/policystat-tutorial/ic808634.png "Single Sign-On Configuration")
 
-    d. Click **Create**.
 
 ### Assign the Azure AD test user
 
-In this section, you enable Britta Simon to use Azure single sign-on by granting access to PolicyStat.
+In this section, you enable your own account to use Azure single sign-on by granting access to PolicyStat.
 
 1. In the Azure portal, select **Enterprise Applications**, select **All applications**, then select **PolicyStat**.
 
@@ -232,7 +206,7 @@ In this section, you enable Britta Simon to use Azure single sign-on by granting
 
     ![The Add Assignment pane](common/add-assign-user.png)
 
-5. In the **Users and groups** dialog select **Britta Simon** in the Users list, then click the **Select** button at the bottom of the screen.
+5. In the **Users and groups** dialog select your account in the Users list, then click the **Select** button at the bottom of the screen.
 
 6. If you are expecting any role value in the SAML assertion then in the **Select Role** dialog select the appropriate role for the user from the list, then click the **Select** button at the bottom of the screen.
 
@@ -258,4 +232,3 @@ When you click the PolicyStat tile in the Access Panel, you should be automatica
 - [What is application access and single sign-on with Azure Active Directory?](https://docs.microsoft.com/azure/active-directory/active-directory-appssoaccess-whatis)
 
 - [What is Conditional Access in Azure Active Directory?](https://docs.microsoft.com/azure/active-directory/conditional-access/overview)
-
diff --git a/articles/aks/private-clusters.md b/articles/aks/private-clusters.md
@@ -98,7 +98,8 @@ As mentioned, VNet peering is one way to access your private cluster. To use VNe
 * IP authorized ranges cannot be applied to the private api server endpoint, they only apply to the public API server
 * Availability Zones are currently supported for certain regions, see the beginning of this document 
 * [Azure Private Link service limitations][private-link-service] apply to private clusters.
-* No support for Azure DevOps integration out of the box with private clusters
+* No support for virtual nodes in a private cluster to spin private Azure Container Instances (ACI) in a private Azure virtual network
+* No support for Azure DevOps Microsoft-hosted Agents with private clusters. Consider to use [Self-hosted Agents][devops-agents]. 
 * For customers that need to enable Azure Container Registry to work with private AKS, the Container Registry virtual network must be peered with the agent cluster virtual network.
 * No current support for Azure Dev Spaces
 * No support for converting existing AKS clusters into private clusters
@@ -116,4 +117,4 @@ As mentioned, VNet peering is one way to access your private cluster. To use VNe
 [virtual-network-peering]: ../virtual-network/virtual-network-peering-overview.md
 [azure-bastion]: ../bastion/bastion-create-host-portal.md
 [express-route-or-vpn]: ../expressroute/expressroute-about-virtual-network-gateways.md
-
+[devops-agents]: https://docs.microsoft.com/azure/devops/pipelines/agents/agents?view=azure-devops
diff --git a/articles/azure-cache-for-redis/cache-remove-tls-10-11.md b/articles/azure-cache-for-redis/cache-remove-tls-10-11.md
@@ -28,12 +28,12 @@ This article provides general guidance about how to detect dependencies on these
 
 The dates when these changes take effect are:
 
-| Cloud               | Phase 1 Start Date | Phase 2 Start Date      |
-|---------------------|--------------------|-------------------------|
-| Azure (global)      |  January 13, 2020  | May 11, 2020            |
-| Azure Government    |  March 13, 2020    | May 11, 2020            |
-| Azure Germany       |  March 13, 2020    | May 11, 2020            |
-| Azure China         |  March 13, 2020    | May 11, 2020            |
+| Cloud                | Phase 1 Start Date | Phase 2 Start Date      |
+|----------------------|--------------------|-------------------------|
+| Azure (global)       |  January 13, 2020  | May 11, 2020            |
+| Azure Government     |  March 13, 2020    | May 11, 2020            |
+| Azure Germany        |  March 13, 2020    | May 11, 2020            |
+| Azure China 21Vianet |  March 13, 2020    | May 11, 2020            |
 
 ## Check whether your application is already compliant
 
@@ -52,7 +52,12 @@ Redis .NET clients use the earliest TLS version by default on .NET Framework 4.5
 
 ### .NET Core
 
-Redis .NET Core clients use the latest TLS version by default.
+Redis .NET Core clients default to the OS default TLS version which obviously depends on the OS itself. 
+
+Depending on when the OS was released and if any other patches changed the default TLS version, the OS TLS version could be quite varied. While there is no complete information about this, for Windows OS specifically you can find more information [here](https://docs.microsoft.com/dotnet/framework/network-programming/tls#support-for-tls-12). 
+
+However, if you are using a old OS or just wanted to be sure we recommend to configure the preferred TLS version manually through the client.
+
 
 ### Java
 
diff --git a/articles/azure-monitor/learn/quick-collect-linux-computer.md b/articles/azure-monitor/learn/quick-collect-linux-computer.md
@@ -111,7 +111,7 @@ For example: `https://user01:password@proxy01.contoso.com:30443`
 
 Azure Monitor can collect events from the Linux Syslog and performance counters that you specify for longer term analysis and reporting. It can also take action when it detects a particular condition. Follow these steps to configure collection of events from the Linux Syslog, and several common performance counters to start with.  
 
-1. In the lower-left corner of the Azure portal, select **More services**. In the search box, enter **Log Analytics**. As you type, the list filters based on your input. Select **Log Analytics workspaces**.
+1. In the Azure portal, select **All services**. In the list of resources, type Log Analytics. As you type, the list filters based on your input. Select **Log Analytics workspaces** and in your list of Log Analytics workspaces, select the workspace you are looking for and select **Advanced settings** of the **Log Analytics** workspace.
 
 2. Select **Data**, and then select **Syslog**.  
 
diff --git a/articles/sql-database/sql-database-powershell-samples.md b/articles/sql-database/sql-database-powershell-samples.md
@@ -44,7 +44,7 @@ The following table includes links to sample Azure PowerShell scripts for Azure
 | [Configure auditing and threat-detection](scripts/sql-database-auditing-and-threat-detection-powershell.md?toc=%2fpowershell%2fmodule%2ftoc.json)| This PowerShell script configures auditing and threat detection policies for an Azure SQL database. |
 | **Restore, copy, and import a database**||
 | [Restore a database](scripts/sql-database-restore-database-powershell.md?toc=%2fpowershell%2fmodule%2ftoc.json)| This PowerShell script restores an Azure SQL database from a geo-redundant backup and restores a deleted Azure SQL database to the latest backup. |
-| [Copy a database to new server](scripts/sql-database-copy-database-to-new-server-powershell.md?toc=%2fpowershell%2fmodule%2ftoc.json)| This PowerShell script creates a copy of an existing Azure SQL database in a new Azure SQL server. |
+| [Copy a database to a new server](scripts/sql-database-copy-database-to-new-server-powershell.md?toc=%2fpowershell%2fmodule%2ftoc.json)| This PowerShell script creates a copy of an existing Azure SQL database in a new Azure SQL server. |
 | [Import a database from a bacpac file](scripts/sql-database-import-from-bacpac-powershell.md?toc=%2fpowershell%2fmodule%2ftoc.json)| This PowerShell script imports a database to an Azure SQL server from a bacpac file. |
 | **Sync data between databases**||
 | [Sync data between SQL databases](scripts/sql-database-sync-data-between-sql-databases.md?toc=%2fpowershell%2fmodule%2ftoc.json) | This PowerShell script configures Data Sync to sync between multiple Azure SQL databases. |
diff --git a/articles/virtual-machines/scripts/virtual-machines-powershell-sample-collect-vm-details.md b/articles/virtual-machines/scripts/virtual-machines-powershell-sample-collect-vm-details.md
@@ -19,7 +19,7 @@ ms.custom: mvc
 
 # Collect details about all VMs in a subscription with PowerShell
 
-This script creates a csv that contains the VM Name, Resource Group Name, Region, Virtual Network, Subnet, Private IP Address, OS Type, and Public IP Address of the VMs in the provided subscription.
+This script creates a csv that contains the VM Name, Resource Group Name, Region, Vm Size, Virtual Network, Subnet, Private IP Address, OS Type, and Public IP Address of the VMs in the provided subscription.
 
 If you don't have an [Azure subscription](https://docs.microsoft.com/azure/guides/developer/azure-developer-guide#understanding-accounts-subscriptions-and-billing), create a [free account](https://azure.microsoft.com/free) before you begin.
 
@@ -44,7 +44,7 @@ $vms = Get-AzVM
 $publicIps = Get-AzPublicIpAddress 
 $nics = Get-AzNetworkInterface | ?{ $_.VirtualMachine -NE $null} 
 foreach ($nic in $nics) { 
-    $info = "" | Select VmName, ResourceGroupName, Region, VirturalNetwork, Subnet, PrivateIpAddress, OsType, PublicIPAddress 
+    $info = "" | Select VmName, ResourceGroupName, Region, VmSize, VirturalNetwork, Subnet, PrivateIpAddress, OsType, PublicIPAddress 
     $vm = $vms | ? -Property Id -eq $nic.VirtualMachine.id 
     foreach($publicIp in $publicIps) { 
         if($nic.IpConfigurations.id -eq $publicIp.ipconfiguration.Id) {
@@ -55,12 +55,13 @@ foreach ($nic in $nics) {
         $info.VMName = $vm.Name 
         $info.ResourceGroupName = $vm.ResourceGroupName 
         $info.Region = $vm.Location 
+        $info.VmSize = $vm.HardwareProfile.VmSize
         $info.VirturalNetwork = $nic.IpConfigurations.subnet.Id.Split("/")[-3] 
         $info.Subnet = $nic.IpConfigurations.subnet.Id.Split("/")[-1] 
         $info.PrivateIpAddress = $nic.IpConfigurations.PrivateIpAddress 
         $report+=$info 
     } 
-$report | ft VmName, ResourceGroupName, Region, VirturalNetwork, Subnet, PrivateIpAddress, OsType, PublicIPAddress 
+$report | ft VmName, ResourceGroupName, Region, VmSize, VirturalNetwork, Subnet, PrivateIpAddress, OsType, PublicIPAddress 
 $report | Export-CSV "$home/$reportName"
 ```
 
diff --git a/articles/virtual-machines/windows/disk-encryption-faq.md b/articles/virtual-machines/windows/disk-encryption-faq.md
@@ -44,8 +44,6 @@ The [Azure Disk Encryption overview](disk-encryption-overview.md) article lists
 
 You can encrypt both boot and data volumes, but you can't encrypt the data without first encrypting the OS volume.
 
-After you've encrypted the OS volume, disabling encryption on the OS volume isn't supported.
-
 ## Can I encrypt an unmounted volume with Azure Disk Encryption?
 
 No, Azure Disk Encryption only encrypts mounted volumes.
