Merge pull request #167199 from MicrosoftDocs/master

7/28 AM Publish

Author: huypub

articles/active-directory/authentication/concept-sspr-writeback.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 07/14/2020
+ms.date: 07/28/2021
 
 ms.author: justinha
 author: justinha
@@ -54,7 +54,7 @@ When a federated or password hash synchronized user attempts to reset or change
    * If the writeback service is down, the user is informed that their password can't be reset right now.
 1. Next, the user passes the appropriate authentication gates and reaches the **Reset password** page.
 1. The user selects a new password and confirms it.
-1. When the user selects **Submit**, the plaintext password is encrypted with a symmetric key created during the writeback setup process.
+1. When the user selects **Submit**, the plaintext password is encrypted with a public key created during the writeback setup process.
 1. The encrypted password is included in a payload that gets sent over an HTTPS channel to your tenant-specific service bus relay (that is set up for you during the writeback setup process). This relay is protected by a randomly generated password that only your on-premises installation knows.
 1. After the message reaches the service bus, the password-reset endpoint automatically wakes up and sees that it has a reset request pending.
 1. The service then looks for the user by using the cloud anchor attribute. For this lookup to succeed, the following conditions must be met:

articles/active-directory/authentication/howto-sspr-windows.md

@@ -42,6 +42,7 @@ The following limitations apply to using SSPR from the Windows sign-in screen:
     - *HideFastUserSwitching* is set to enabled or 1
     - *DontDisplayLastUserName* is set to enabled or 1
     - *NoLockScreen* is set to enabled or 1
+    - *BlockNonAdminUserInstall* is set to enabled or 1
     - *EnableLostMode* is set on the device
     - Explorer.exe is replaced with a custom shell
 - The combination of the following specific three settings can cause this feature to not work.

articles/active-directory/conditional-access/howto-conditional-access-policy-registration.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: how-to
-ms.date: 04/20/2021
+ms.date: 07/28/2021
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -17,7 +17,7 @@ ms.collection: M365-identity-device-management
 ---
 # Conditional Access: Securing security info registration
 
-Securing when and how users register for Azure AD Multi-Factor Authentication and self-service password reset is possible with user actions in a Conditional Access policy. This feature is available to organizations who have enabled the [combined registration](../authentication/concept-registration-mfa-sspr-combined.md). This functionality allows organizations to treat the registration process like any application in a Conditional Access policy and use the full power of Conditional Access to secure the experience. 
+Securing when and how users register for Azure AD Multi-Factor Authentication and self-service password reset is possible with user actions in a Conditional Access policy. This feature is available to organizations who have enabled the [combined registration](../authentication/concept-registration-mfa-sspr-combined.md). This functionality allows organizations to treat the registration process like any application in a Conditional Access policy and use the full power of Conditional Access to secure the experience. Users signing in to the Microsoft Authenticator app or enabling passwordless phone sign-in are subject to this policy.
 
 Some organizations in the past may have used trusted network location or device compliance as a means to secure the registration experience. With the addition of [Temporary Access Pass](../authentication/howto-authentication-temporary-access-pass.md) in Azure AD, administrators can provision time-limited credentials to their users that allow them to register from any device or location. Temporary Access Pass credentials satisfy Conditional Access requirements for multi-factor authentication.
 

articles/active-directory/saas-apps/github-enterprise-cloud-enterprise-account-tutorial.md

@@ -72,15 +72,15 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, enter the values for the following fields:
 
     a. In the **Identifier (Entity ID)** text box, type a URL using the following pattern:
-    `https://github.com/orgs/<ENTERPRISE-SLUG>`
+    `https://github.com/enterprises/<ENTERPRISE-SLUG>`
 
     b. In the **Reply URL** text box, type a URL using the following pattern:
-    `https://github.com/orgs/<ENTERPRISE-SLUG>/saml/consume`
+    `https://github.com/enterprises/<ENTERPRISE-SLUG>/saml/consume`
 
 1. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode:
 
      In the **Sign on URL** text box, type a URL using the following pattern:
-    `https://github.com/orgs/<ENTERPRISE-SLUG>/sso`
+    `https://github.com/enterprises/<ENTERPRISE-SLUG>/sso`
 
 	> [!NOTE]
 	> Replace `<ENTERPRISE-SLUG>` with the actual name of your GitHub Enterprise Account.
@@ -136,7 +136,7 @@ After you enable SAML SSO for your GitHub Enterprise Account, SAML SSO is enable
 
 ## Test SSO with another enterprise account owner or organization member account
 
-After the SAML integration is set up for the GitHub enterprise account (which also applies to the GitHub organizations in the enterprise account), other enterprise account owners who are assigned to the app in Azure AD should be able to navigate to the GitHub enterprise account URL (`https://github.com/orgs/<enterprise account>`), authenticate via SAML, and access the policies and settings under the GitHub enterprise account. 
+After the SAML integration is set up for the GitHub enterprise account (which also applies to the GitHub organizations in the enterprise account), other enterprise account owners who are assigned to the app in Azure AD should be able to navigate to the GitHub enterprise account URL (`https://github.com/enterprises/<enterprise account>`), authenticate via SAML, and access the policies and settings under the GitHub enterprise account. 
 
 An organization owner for an organization in an enterprise account should be able to [invite a user to join their GitHub organization](https://docs.github.com/en/free-pro-team@latest/github/setting-up-and-managing-organizations-and-teams/inviting-users-to-join-your-organization). Sign in to GitHub.com with an organization owner account and follow the steps in the article to invite `B.Simon` to the organization. A GitHub user account will need to be created for `B.Simon` if one does not already exist. 
 

articles/aks/TOC.yml

@@ -205,11 +205,11 @@
           href: use-ultra-disks.md
         - name: CSI Storage Drivers
           items:
-            - name: Enable CSI Storage Drivers (preview)
+            - name: Enable CSI Storage Drivers
               href: csi-storage-drivers.md
-            - name: Azure Disk CSI drivers (preview)
+            - name: Azure Disk CSI drivers
               href: azure-disk-csi.md
-            - name: Azure Files CSI drivers (preview)
+            - name: Azure Files CSI drivers
               href: azure-files-csi.md
     - name: Configure networking
       items:

articles/aks/azure-disk-csi.md

@@ -8,8 +8,7 @@ author: palma21
 
 ---
 
-# Use the Azure disk Container Storage Interface (CSI) drivers in Azure Kubernetes Service (AKS) (preview)
-
+# Use the Azure disk Container Storage Interface (CSI) drivers in Azure Kubernetes Service (AKS)
 The Azure disk Container Storage Interface (CSI) driver is a [CSI specification](https://github.com/container-storage-interface/spec/blob/master/spec.md)-compliant driver used by Azure Kubernetes Service (AKS) to manage the lifecycle of Azure disks.
 
 The CSI is a standard for exposing arbitrary block and file storage systems to containerized workloads on Kubernetes. By adopting and using CSI, AKS can write, deploy, and iterate plug-ins to expose new or improve existing storage systems in Kubernetes without having to touch the core Kubernetes code and wait for its release cycles.
@@ -23,8 +22,6 @@ To create an AKS cluster with CSI driver support, see [Enable CSI drivers for Az
 
 A [persistent volume](concepts-storage.md#persistent-volumes) (PV) represents a piece of storage that's provisioned for use with Kubernetes pods. A PV can be used by one or many pods and can be dynamically or statically provisioned. This article shows you how to dynamically create PVs with Azure disks for use by a single pod in an AKS cluster. For static provisioning, see [Manually create and use a volume with Azure disks](azure-disk-volume.md).
 
-[!INCLUDE [preview features callout](./includes/preview/preview-callout.md)]
-
 For more information on Kubernetes volumes, see [Storage options for applications in AKS][concepts-storage].
 
 ## Dynamically create Azure disk PVs by using the built-in storage classes

articles/aks/azure-files-csi.md

@@ -8,7 +8,7 @@ author: palma21
 
 ---
 
-# Use Azure Files Container Storage Interface (CSI) drivers in Azure Kubernetes Service (AKS) (preview)
+# Use Azure Files Container Storage Interface (CSI) drivers in Azure Kubernetes Service (AKS)
 
 The Azure Files Container Storage Interface (CSI) driver is a [CSI specification](https://github.com/container-storage-interface/spec/blob/master/spec.md)-compliant driver used by Azure Kubernetes Service (AKS) to manage the lifecycle of Azure Files shares.
 
@@ -25,8 +25,6 @@ A [persistent volume (PV)](concepts-storage.md#persistent-volumes) represents a
 
 For more information on Kubernetes volumes, see [Storage options for applications in AKS][concepts-storage].
 
-[!INCLUDE [preview features callout](./includes/preview/preview-callout.md)]
-
 ## Dynamically create Azure Files PVs by using the built-in storage classes
 
 A storage class is used to define how an Azure Files share is created. A storage account is automatically created in the [node resource group][node-resource-group] for use with the storage class to hold the Azure Files shares. Choose one of the following [Azure storage redundancy SKUs][storage-skus] for *skuName*:
@@ -258,8 +256,6 @@ kubectl apply -f private-pvc.yaml
 
  This option is optimized for random access workloads with in-place data updates and provides full POSIX file system support. This section shows you how to use NFS shares with the Azure File CSI driver on an AKS cluster.
 
-Make sure to check the [Support for Azure Storage features](../storage/files/files-nfs-protocol.md#support-for-azure-storage-features) and [region availability](../storage/files/files-nfs-protocol.md#regional-availability) sections during the preview phase.
-
 ### Create NFS file share storage class
 
 Save a `nfs-sc.yaml` file with the manifest below editing the respective placeholders.

articles/aks/csi-storage-drivers.md

@@ -8,7 +8,7 @@ author: palma21
 
 ---
 
-# Enable Container Storage Interface (CSI) drivers for Azure disks and Azure Files on Azure Kubernetes Service (AKS) (preview)
+# Enable Container Storage Interface (CSI) drivers for Azure disks and Azure Files on Azure Kubernetes Service (AKS)
 
 The Container Storage Interface (CSI) is a standard for exposing arbitrary block and file storage systems to containerized workloads on Kubernetes. By adopting and using CSI, Azure Kubernetes Service (AKS) can write, deploy, and iterate plug-ins to expose new or improve existing storage systems in Kubernetes without having to touch the core Kubernetes code and wait for its release cycles.
 
@@ -25,47 +25,7 @@ The CSI storage driver support on AKS allows you to natively use:
 
 - This feature can only be set at cluster creation time.
 - The minimum Kubernetes minor version that supports CSI drivers is v1.17.
-- During the preview, the default storage class will still be the [same in-tree storage class](concepts-storage.md#storage-classes). After this feature is generally available, the default storage class will be the `managed-csi` storage class and in-tree storage classes will be removed.
-- During the first preview phase, only Azure CLI is supported.
-
-[!INCLUDE [preview features callout](./includes/preview/preview-callout.md)]
-
-### Register the `EnableAzureDiskFileCSIDriver` preview feature
-
-To create an AKS cluster that can use CSI drivers for Azure disks and Azure Files, you must enable the `EnableAzureDiskFileCSIDriver` feature flag on your subscription.
-
-Register the `EnableAzureDiskFileCSIDriver` feature flag by using the [az feature register][az-feature-register] command, as shown in the following example:
-
-```azurecli-interactive
-az feature register --namespace "Microsoft.ContainerService" --name "EnableAzureDiskFileCSIDriver"
-```
-
-It takes a few minutes for the status to show *Registered*. Verify the registration status by using the [az feature list][az-feature-list] command:
-
-```azurecli-interactive
-az feature list -o table --query "[?contains(name, 'Microsoft.ContainerService/EnableAzureDiskFileCSIDriver')].{Name:name,State:properties.state}"
-```
-
-When ready, refresh the registration of the *Microsoft.ContainerService* resource provider by using the [az provider register][az-provider-register] command:
-
-```azurecli-interactive
-az provider register --namespace Microsoft.ContainerService
-```
-
-[!INCLUDE [preview features callout](./includes/preview/preview-callout.md)]
-
-### Install aks-preview CLI extension
-
-To create an AKS cluster or a node pool that can use the CSI storage drivers, you need the latest *aks-preview* Azure CLI extension. Install the *aks-preview* Azure CLI extension by using the [az extension add][az-extension-add] command. Or install any available updates by using the [az extension update][az-extension-update] command.
-
-```azurecli-interactive
-# Install the aks-preview extension
-az extension add --name aks-preview
-
-# Update the extension to make sure you have the latest version installed
-az extension update --name aks-preview
-``` 
-
+- The default storage class will be the `managed-csi` storage class.
 
 ## Create a new cluster that can use CSI storage drivers
 

articles/azure-monitor/insights/azure-key-vault-deprecated.md

@@ -71,7 +71,7 @@ The following table shows data collection methods and other details about how da
 | Azure |  |  |• |  |  | on arrival |
 
 ## Use Azure Key Vault
-After you [install the solution](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.KeyVaultAnalyticsOMS?source=intercept.nl&tab=Overview), view the Key Vault data by clicking the **Key Vault Analytics** tile from the Azure Monitor **Overview** page. Open this page from the **Azure Monitor** menu by clicking **More** under the **Insights** section. 
+After you install the solution, view the Key Vault data by clicking the **Key Vault Analytics** tile from the Azure Monitor **Overview** page. Open this page from the **Azure Monitor** menu by clicking **More** under the **Insights** section. 
 
 ![Screenshot of the Key Vault Analytics tile on the Azure Monitor Overview page showing a graph of key vault operations volume over time.](media/azure-key-vault/log-analytics-keyvault-tile.png)
 
@@ -146,4 +146,3 @@ Data collected before the change is not visible in the new solution. You can con
 
 ## Next steps
 * Use [Log queries in Azure Monitor](../logs/log-query-overview.md) to view detailed Azure Key Vault data.
-

articles/azure-netapp-files/azure-netapp-files-resource-limits.md

@@ -13,7 +13,7 @@ ms.workload: storage
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: conceptual
-ms.date: 04/22/2021
+ms.date: 07/28/2021
 ms.author: b-juche
 ---
 # Resource limits for Azure NetApp Files
@@ -26,6 +26,7 @@ The following table describes resource limits for Azure NetApp Files:
 
 |  Resource  |  Default limit  |  Adjustable via support request  |
 |----------------|---------------------|--------------------------------------|
+|  [Regional capacity quota per subscription](#regional-capacity-quota)   |  25 TiB  |  Yes  |
 |  Number of NetApp accounts per Azure region per subscription  |  10    |  Yes   |
 |  Number of capacity pools per NetApp account   |    25     |   Yes   |
 |  Number of volumes per subscription   |    500     |   Yes   |
@@ -88,9 +89,39 @@ If you have already allocated at least 4 TiB of quota for a volume, you can init
 
 You can increase the maxfiles limit to 500 million if your volume quota is at least 20 TiB. <!-- ANF-11854 --> 
 
+## Regional capacity quota
+
+Azure NetApp Files has a regional limit based on capacity. The standard capacity limit for each subscription is 25 TiB per region, across all service levels.   
+
+You can request a capacity increase by submitting a specific **Service and subscription limits (quotas)** support ticket as follows:
+
+1. Go to **Support + Troubleshooting** in the portal to start the Support request process:  
+
+    ![Screenshot that shows the Support Troubleshooting menu.](../media/azure-netapp-files/support-troubleshoot-menu.png)   
+
+2.	Select the **Service and subscription limits (quotas)** issue type and enter all relevant details:
+
+    ![Screenshot that shows the Service and Subscription Limits menu.](../media/azure-netapp-files/service-subscription-limits-menu.png)   
+
+3. Click the **Enter details** link in the Details tab, then select the **TiBs per subscription** quota type:   
+
+    ![Screenshot that shows the Enter Details link in Details tab.](../media/azure-netapp-files/support-details.png)   
+
+    ![Screenshot that shows the Quota Details window.](../media/azure-netapp-files/support-quota-details.png)   
+
+4.  On the Support Method page, make sure to select **Severity Level B – Moderate impact**:  
+
+    ![Screenshot that shows the Support Method window.](../media/azure-netapp-files/support-method-severity.png)   
+
+5. Complete the request process to issue the request. 
+ 
+After the ticket is submitted, the request will be sent to the Azure capacity management team for processing. You will receive a response typically within 2 business days. The Azure capacity management team might contact you for handling of large requests.
+ 
+A regional capacity quota increase does not incur a billing increase. Billing will still be based on the provisioned capacity pools.
+
 ## Request limit increase <a name="limit_increase"></a> 
 
-You can create an Azure support request to increase the adjustable limits from the table above. 
+You can create an Azure support request to increase the adjustable limits from the [Resource Limits](#resource-limits) table. 
 
 From Azure portal navigation plane: