Merge pull request #200599 from MicrosoftDocs/repo_sync_working_branch

huypub · web-flow · commit 02d7b0701c8a · 2022-06-06T15:02:42.000-07:00
Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)
diff --git a/articles/active-directory/enterprise-users/groups-dynamic-rule-more-efficient.md b/articles/active-directory/enterprise-users/groups-dynamic-rule-more-efficient.md
@@ -31,8 +31,8 @@ Minimize the usage of the 'match' operator in rules as much as possible. Instead
 
 It's better to use rules like:
 
-- `user.city -contains "ago,"`
-- `user.city -startswith "Lag,"` 
+- `user.city -contains "ago"`
+- `user.city -startswith "Lag"` 
 
 Or, best of all:
 
diff --git a/articles/active-directory/fundamentals/active-directory-access-create-new-tenant.md b/articles/active-directory/fundamentals/active-directory-access-create-new-tenant.md
@@ -41,10 +41,10 @@ After you sign in to the Azure portal, you can create a new tenant for your orga
 
 1. Select **Next: Configuration** to move on to the Configuration tab.
 
+1.  On the Configuration tab, enter the following information:
+
     ![Azure Active Directory - Create a tenant page - configuration tab ](media/active-directory-access-create-new-tenant/azure-ad-create-new-tenant.png)
 
-1.  On the Configuration tab, enter the following information:
-    
     - Type _Contoso Organization_ into the **Organization name** box.
 
     - Type _Contosoorg_ into the **Initial domain name** box.
diff --git a/articles/active-directory/fundamentals/security-operations-devices.md b/articles/active-directory/fundamentals/security-operations-devices.md
@@ -87,11 +87,11 @@ You can create an alert that notifies appropriate administrators when a device i
 ```
 Sign-in logs
 
-| where ResourceDisplayName == “Device Registration Service”
+| where ResourceDisplayName == "Device Registration Service"
 
-| where conditionalAccessStatus ==”success”
+| where conditionalAccessStatus == "success"
 
-| where AuthenticationRequirement <> “multiFactorAuthentication”
+| where AuthenticationRequirement <> "multiFactorAuthentication"
 ```
 
 You can also use [Microsoft Intune to set and monitor device compliance policies](/mem/intune/protect/device-compliance-get-started).
@@ -104,7 +104,7 @@ It might not be possible to block access to all cloud and software-as-a-service
 
 | What to monitor| Risk Level| Where| Filter/sub-filter| Notes |
 | - |- |- |- |- |
-| Sign-ins by non-compliant devices| High| Sign-in logs| DeviceDetail.isCompliant ==false| If requiring sign-in from compliant devices, alert when:<br><li> any sign in by non-compliant devices.<li> any access without MFA or a trusted location.<p>If working toward requiring devices, monitor for suspicious sign-ins.<br>[Azure Sentinel template](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SigninLogs/SuspiciousSignintoPrivilegedAccount.yaml) |
+| Sign-ins by non-compliant devices| High| Sign-in logs| DeviceDetail.isCompliant == false| If requiring sign-in from compliant devices, alert when:<br><li> any sign in by non-compliant devices.<li> any access without MFA or a trusted location.<p>If working toward requiring devices, monitor for suspicious sign-ins.<br>[Azure Sentinel template](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SigninLogs/SuspiciousSignintoPrivilegedAccount.yaml) |
 | Sign-ins by unknown devices| Low| Sign-in logs| <li>DeviceDetail is empty<li>Single factor authentication<li>From a non-trusted location| Look for: <br><li>any access from out of compliance devices.<li>any access without MFA or trusted location |
 
 
@@ -115,9 +115,9 @@ It might not be possible to block access to all cloud and software-as-a-service
 ```
 SigninLogs
 
-| where DeviceDetail.isCompliant ==false
+| where DeviceDetail.isCompliant == false
 
-| where conditionalAccessStatus == “success”
+| where conditionalAccessStatus == "success"
 ```
  
 
@@ -149,15 +149,15 @@ Attackers who have compromised a user’s device may retrieve the [BitLocker](/w
 
 | What to monitor| Risk Level| Where| Filter/sub-filter| Notes |
 | - |- |- |- |- |
-| Key retrieval| Medium| Audit logs| OperationName == "Read BitLocker key”| Look for <br><li>key retrieval`<li> other anomalous behavior by users retrieving keys. |
+| Key retrieval| Medium| Audit logs| OperationName == "Read BitLocker key"| Look for <br><li>key retrieval`<li> other anomalous behavior by users retrieving keys. |
 
 
 In LogAnalytics create a query such as
 
 ```
 AuditLogs
 
-| where OperationName == "Read BitLocker key” 
+| where OperationName == "Read BitLocker key" 
 ```
 
 ## Device administrator roles
diff --git a/articles/azure-arc/data/create-complete-managed-instance-indirectly-connected.md b/articles/azure-arc/data/create-complete-managed-instance-indirectly-connected.md
@@ -160,7 +160,7 @@ NAME          STATE
 <namespace>   Ready
 ```
 
-## Create Azure Arc-enabled SQL Managed Instance
+## Create an instance of Azure Arc-enabled SQL Managed Instance
 
 Now, we can create the Azure MI for indirectly connected mode with the following command: 
 
@@ -188,4 +188,4 @@ To connect with Azure Data Studio, see [Connect to Azure Arc-enabled SQL Managed
 
 ## Next steps
 
-[Upload usage data, metrics, and logs to Azure](upload-metrics-and-logs-to-azure-monitor.md).
+[Upload usage data, metrics, and logs to Azure](upload-metrics-and-logs-to-azure-monitor.md).
diff --git a/articles/cloud-services-extended-support/override-sku.md b/articles/cloud-services-extended-support/override-sku.md
@@ -33,7 +33,7 @@ Setting the **allowModelOverride** property to `true` here will update the cloud
         "packageUrl": "[parameters('packageSasUri')]",
         "configurationUrl": "[parameters('configurationSasUri')]",
         "upgradeMode": "[parameters('upgradeMode')]",
-        “allowModelOverride” : true,
+        "allowModelOverride": true,
         "roleProfile": {
           "roles": [
             {
diff --git a/articles/postgresql/flexible-server/quickstart-create-connect-server-vnet.md b/articles/postgresql/flexible-server/quickstart-create-connect-server-vnet.md
@@ -129,7 +129,7 @@ ssh -i .\Downloads\myKey1.pem azureuser@10.111.12.123
 You need to install the postgresql-client tool to be able to connect to the server.
 
 ```bash
-sudo apt-getupdate
+sudo apt-get update
 sudo apt-get install postgresql-client
 ```
 
diff --git a/articles/virtual-machines/co-location.md b/articles/virtual-machines/co-location.md
@@ -43,7 +43,8 @@ Proximity placement groups offer colocation in the same data center. However, be
 
 - When you ask for the first virtual machine in the proximity placement group, the data center is automatically selected. In some cases, a second request for a different virtual machine SKU, may fail if it doesn't exist in that data center. In this case, an **OverconstrainedAllocationRequest** error is returned. To avoid this, try changing the order in which you deploy your SKUs or have both resources deployed using a single ARM template.
 - 	In the case of elastic workloads, where you add and remove VM instances, having a proximity placement group constraint on your deployment may result in a failure to satisfy the request resulting in **AllocationFailure** error. 
-- Stopping (deallocate) and starting your VMs as needed is another way to achieve elasticity. Since the capacity is not kept once you stop (deallocate) a VM, starting it again may result in an **AllocationFailure** error.
+- Stopping (deallocate) and starting your VMs as needed is another way to achieve elasticity. Since the capacity is not kept once you stop (deallocate) a VM, starting it again may result in an **AllocationFailure** error. 
+- VM start and redeploy operations will continue to respect the Proximity Placement Group once sucessfully configured.
 
 ## Planned maintenance and Proximity Placement Groups
 
diff --git a/articles/virtual-machines/extensions/key-vault-windows.md b/articles/virtual-machines/extensions/key-vault-windows.md
@@ -294,9 +294,9 @@ The Key Vault VM extension logs only exist locally on the VM and are most inform
 |Location|Description|
 |--|--|
 | C:\WindowsAzure\Logs\WaAppAgent.log | Shows when an update to the extension occurred. |
-| C:\WindowsAzure\Logs\Plugins\Microsoft.Azure.KeyVault.KeyVaultForWindows\<most recent version\>\ | Shows the status of certificate download. The download location will always be the Windows computer's MY store (certlm.msc). |
-| C:\Packages\Plugins\Microsoft.Azure.KeyVault.KeyVaultForWindows\<most recent version\>\RuntimeSettings\ |	The Key Vault VM Extension service logs show the status of the akvvm_service service. |
-| C:\Packages\Plugins\Microsoft.Azure.KeyVault.KeyVaultForWindows\<most recent version\>\Status\	| The configuration and binaries for Key Vault VM Extension service. |
+| C:\WindowsAzure\Logs\Plugins\Microsoft.Azure.KeyVault.KeyVaultForWindows\\\<most recent version\>\ | Shows the status of certificate download. The download location will always be the Windows computer's MY store (certlm.msc). |
+| C:\Packages\Plugins\Microsoft.Azure.KeyVault.KeyVaultForWindows\\\<most recent version\>\RuntimeSettings\ |	The Key Vault VM Extension service logs show the status of the akvvm_service service. |
+| C:\Packages\Plugins\Microsoft.Azure.KeyVault.KeyVaultForWindows\\\<most recent version\>\Status\	| The configuration and binaries for Key Vault VM Extension service. |
 |||  
 
 
diff --git a/articles/virtual-machines/extensions/update-linux-agent.md b/articles/virtual-machines/extensions/update-linux-agent.md
@@ -379,15 +379,15 @@ Open [the release of Azure Linux Agent in GitHub](https://github.com/Azure/WALin
 
 For version 2.2.x or later, type:
 ```bash
-wget https://github.com/Azure/WALinuxAgent/archive/v2.2.x.zip
+wget https://github.com/Azure/WALinuxAgent/archive/refs/tags/v2.2.x.zip 
 unzip v2.2.x.zip
 cd WALinuxAgent-2.2.x
 ```
 
-The following line uses version 2.2.0 as an example:
+The following line uses version 2.2.14 as an example:
 
 ```bash
-wget https://github.com/Azure/WALinuxAgent/archive/v2.2.14.zip
+wget https://github.com/Azure/WALinuxAgent/archive/refs/tags/v2.2.14.zip
 unzip v2.2.14.zip  
 cd WALinuxAgent-2.2.14
 ```
diff --git a/articles/virtual-machines/linux/ssh-from-windows.md b/articles/virtual-machines/linux/ssh-from-windows.md
@@ -56,7 +56,7 @@ You can also create key pairs with the [Azure CLI](/cli/azure) with the [az sshk
 To create an SSH key pair on your local computer using the `ssh-keygen` command from PowerShell or a command prompt, type the following: 
 
 ```powershell
-ssh-keygen -m PEM -t rsa -b 4096
+ssh-keygen -m PEM -t rsa -b 2048
 ```
 
 Enter a filename, or use the default shown in parenthesis (for example `C:\Users\username/.ssh/id_rsa`).  Enter a passphrase for the file, or leave the passphrase blank if you do not want to use a passphrase. 
diff --git a/articles/virtual-machines/sizes-hpc.md b/articles/virtual-machines/sizes-hpc.md
@@ -18,7 +18,7 @@ ms.reviewer: jushiman
 
 Azure H-series virtual machines (VMs) are designed to deliver leadership-class performance, scalability, and cost efficiency for various real-world HPC workloads.
 
-[HBv3-series](hbv3-series.md) VMs are optimized for HPC applications such as fluid dynamics, explicit and implicit finite element analysis, weather modeling, seismic processing, reservoir simulation, and RTL simulation. HBv3 VMs feature up to 120 AMD EPYC™ 7003-series (Milan) CPU cores, 448 GB of RAM, and no hyperthreading. HBv3-series VMs also provide 350 GB/sec of memory bandwidth, up to 32 MB of L3 cache per core, up to 7 GB/s of block device SSD performance, and clock frequencies up to 3.675 GHz. 
+[HBv3-series](hbv3-series.md) VMs are optimized for HPC applications such as fluid dynamics, explicit and implicit finite element analysis, weather modeling, seismic processing, reservoir simulation, and RTL simulation. HBv3 VMs feature up to 120 AMD EPYC™ 7003-series (Milan) CPU cores, 448 GB of RAM, and no hyperthreading. HBv3-series VMs also provide 350 GB/sec of memory bandwidth, up to 32 MB of L3 cache per core, up to 7 GB/s of block device SSD performance, and clock frequencies up to 3.5 GHz. 
 
 All HBv3-series VMs feature 200 Gb/sec HDR InfiniBand from NVIDIA Networking to enable supercomputer-scale MPI workloads. These VMs are connected in a non-blocking fat tree for optimized and consistent RDMA performance. The HDR InfiniBand fabric also supports Adaptive Routing and the Dynamic Connected Transport (DCT, in addition to standard RC and UD transports). These features enhance application performance, scalability, and consistency, and their usage is strongly recommended.
 
diff --git a/articles/virtual-machines/workloads/sap/high-availability-guide-rhel-pacemaker.md b/articles/virtual-machines/workloads/sap/high-availability-guide-rhel-pacemaker.md
@@ -239,7 +239,7 @@ The STONITH device uses a Service Principal to authorize against Microsoft Azure
 
 ### **[1]** Create a custom role for the fence agent
 
-The Service Principal does not have permissions to access your Azure resources by default. You need to give the Service Principal permissions to start and stop (power-off) all virtual machines of the cluster. If you did not already create the custom role, you can create it using [PowerShell](../../../role-based-access-control/role-assignments-powershell.md) or [Azure CLI](../../../role-based-access-control/role-assignments-cli.md)
+The Service Principal does not have permissions to access your Azure resources by default. You need to give the Service Principal permissions to start and stop (power-off) all virtual machines of the cluster. If you did not already create the custom role, you can create it using [PowerShell](../../../role-based-access-control/custom-roles-powershell.md) or [Azure CLI](../../../role-based-access-control/custom-roles-cli.md)
 
 Use the following content for the input file. You need to adapt the content to your subscriptions that is, replace *xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx* and *yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy* with the Ids of your subscription. If you only have one subscription, remove the second entry in AssignableScopes.
 
diff --git a/includes/virtual-machines-share-images-across-tenants.md b/includes/virtual-machines-share-images-across-tenants.md
@@ -24,11 +24,11 @@ Create an application registration that will be used by both tenants to share th
 1. Select **New registration** from the menu at the top of the page.
 1. In **Name**, type *myGalleryApp*.
 1. In **Supported account types**, select **Accounts in any organizational directory and personal Microsoft accounts**.
-1. In **Redirect URI**, type *https://www.microsoft.com* and then select **Register**. After the app registration has been created, the overview page will open.
+1. In **Redirect URI**, select *Web* from the **Select a platform** dropdown and type *https://www.microsoft.com*, then select **Register**. After the app registration has been created, the overview page will open.
 1. On the overview page, copy the **Application (client) ID** and save for use later.   
 1. Select **Certificates & secrets**, and then select **New client secret**.
 1. In **Description**, type *Shared image gallery cross-tenant app secret*.
-1. In **Expires**, leave the default of **In 1 year** and then select **Add**.
+1. In **Expires**, change from the default of **6 months (recommended)** to **12 months** and then select **Add**.
 1. Copy the value of the secret and save it to a safe place. You cannot retrieve it after you leave the page.
 
 
@@ -37,7 +37,7 @@ Give the app registration permission to use the shared image gallery.
 1. Select **select Access control (IAM)**, and under **Add role assignment** select *Add*. 
 1. Under **Role**, select **Reader**.
 1. Under **Assign access to:**, leave this as **Azure AD user, group, or service principal**.
-1. Under **Select**, type *myGalleryApp* and select it when it shows up in the list. When you are done, select **Save**.
+1. Under **Select members**, type *myGalleryApp* and select it when it shows up in the list. When you are done, select **Review + assign**.
 
 
 ## Give Tenant 2 access
@@ -53,7 +53,7 @@ In the [Azure portal](https://portal.azure.com) sign in as Tenant 2 and give the
 1. Select the resource group and then select **Access control (IAM)**. Under **Add role assignment** select **Add**. 
 1. Under **Role**, type **Contributor**.
 1. Under **Assign access to:**, leave this as **Azure AD user, group, or service principal**.
-1. Under **Select** type *myGalleryApp* then select it when it shows up in the list. When you are done, select **Save**.
+1. Under **Select members** type *myGalleryApp* then select it when it shows up in the list. When you are done, select **Review + assign**.
 
 > [!NOTE]
 > You need to wait for the image version to completely finish being built and replicated before you can use the same managed image to create another image version.

Original file line number	Diff line number	Diff line change
@@ -33,7 +33,7 @@ Setting the allowModelOverride property to `true` here will update the cloud
`33`	`33`	`"packageUrl": "[parameters('packageSasUri')]",`
`34`	`34`	`"configurationUrl": "[parameters('configurationSasUri')]",`
`35`	`35`	`"upgradeMode": "[parameters('upgradeMode')]",`
`36`		`- “allowModelOverride” : true,`
	`36`	`+ "allowModelOverride": true,`
`37`	`37`	`"roleProfile": {`
`38`	`38`	`"roles": [`
`39`	`39`	`{`