Merge pull request #184050 from MicrosoftDocs/master

Merge master to live, 4 AM

Author: ttorble

.openpublishing.publish.config.json

@@ -75,6 +75,12 @@
       "branch": "master",
       "branch_mapping": {}
     },
+    {
+      "path_to_root": "azure_cli_scripts",
+      "url": "https://github.com/Azure-Samples/azure-cli-samples",
+      "branch": "master",
+      "branch_mapping": {}
+    },
     {
       "path_to_root": "powershell_scripts",
       "url": "https://github.com/Azure/azure-docs-powershell-samples",

.openpublishing.redirection.json

@@ -25628,6 +25628,81 @@
       "redirect_url": "/cli/azure/spring-cloud",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/sql-database/scripts/sql-database-setup-geodr-and-failover-pool-cli.md",
+      "redirect_url": "/azure/azure-sql/database/scripts/setup-geodr-failover-pool-cli",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/sql-database/scripts/sql-database-setup-geodr-and-failover-database-cli.md",
+      "redirect_url": "/azure/azure-sql/database/scripts/setup-geodr-failover-database-cli",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/sql-database/scripts/sql-database-restore-database-cli.md",
+      "redirect_url": "/azure/azure-sql/database/scripts/restore-database-cli",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/sql-database/scripts/sql-database-import-from-bacpac-cli.md",
+      "redirect_url": "/azure/azure-sql/database/scripts/import-from-bacpac-cli",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/sql-database/scripts/auditing-and-threat-detection-cli.md",
+      "redirect_url": "/azure/azure-sql/database/scripts/auditing-threat-detection-cli",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/sql-database/scripts/setup-geodr-and-failover-database-cli.md",
+      "redirect_url": "/azure/azure-sql/database/scripts/setup-geodr-failover-database-cli",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/sql-database/scripts/sql-database-create-managed-instance-to-failover-group-cli.md",
+      "redirect_url": "/azure/azure-sql/database/az-cli-script-samples-content-guide",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/sql-database/scripts/transparent-data-encryption-byok-sql-managed-instance-cli.md",
+      "redirect_url": "/azure/azure-sql/managed-instance/scripts/transparent-data-encryption-byok-sql-managed-instance-cli",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/sql-database/scripts/sql-managed-instance-restore-geo-backup-cli.md",
+      "redirect_url": "/azure/azure-sql/managed-instance/scripts/restore-geo-backup-cli",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/sql-database/scripts/sql-database-create-configure-managed-instance-cli.md",
+      "redirect_url": "/azure/azure-sql/managed-instance/scripts/create-configure-managed-instance-cli",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/sql-database/scripts/sql-database-copy-database-to-new-server-cli.md",
+      "redirect_url": "/azure/azure-sql/database/scripts/copy-database-to-new-server-cli",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/sql-database/scripts/sql-database-backup-database-cli.md",
+      "redirect_url": "/azure/azure-sql/database/scripts/backup-database-cli",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/sql-database/scripts/sql-database-add-managed-instance-to-failover-group-cli.md",
+      "redirect_url": "/azure/azure-sql/database/az-cli-script-samples-content-guide",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/sql-database/scripts/sql-database-auditing-and-threat-detection-cli.md",
+      "redirect_url": "/azure/azure-sql/database/scripts/auditing-threat-detection-cli",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/sql-database/scripts/sql-database-add-elastic-pool-to-failover-group-cli.md",
+      "redirect_url": "/azure/azure-sql/database/scripts/add-elastic-pool-to-failover-group-cli",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/scripts/sql-database-setup-geodr-failover-database-failover-group-powershell.md",
       "redirect_url": "/azure/sql-database/scripts/sql-database-add-single-db-to-failover-group-powershell",

articles/active-directory/develop/msal-logging-js.md

@@ -10,7 +10,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 01/25/2021
+ms.date: 12/21/2021
 ms.author: marsma
 ms.reviewer: saeeda, jmprieur
 ms.custom: aaddev
@@ -21,34 +21,62 @@ ms.custom: aaddev
 
 ## Configure logging in MSAL.js
 
-Enable logging in MSAL.js (JavaScript) by passing a logger object during the configuration for creating a `UserAgentApplication` instance. This logger object has the following properties:
+Enable logging in MSAL.js (JavaScript) by passing a loggerOptions object during the configuration for creating a `PublicClientApplication` instance. The only required config parameter is the client ID of the application. Everything else is optional, but may be required depending on your tenant and application model.
 
-- `localCallback`: a Callback instance that can be provided by the developer to consume and publish logs in a custom manner. Implement the localCallback method depending on how you want to redirect logs.
-- `level` (optional): the configurable log level. The supported log levels are: `Error`, `Warning`, `Info`, and `Verbose`. The default is `Info`.
+The loggerOptions object has the following properties:
+
+- `loggerCallback`: a Callback function that can be provided by the developer to handle the logging of MSAL statements in a custom manner. Implement the `loggerCallback` function depending on how you want to redirect logs. The loggerCallback function has the following format ` (level: LogLevel, message: string, containsPii: boolean): void`
+     - The supported log levels are: `Error`, `Warning`, `Info`, and `Verbose`. The default is `Info`.
 - `piiLoggingEnabled` (optional): if set to true, logs personal and organizational data. By default this is false so that your application doesn't log personal data. Personal data logs are never written to default outputs like Console, Logcat, or NSLog.
-- `correlationId` (optional): a unique identifier, used to map the request with the response for debugging purposes. Defaults to RFC4122 version 4 guid (128 bits).
 
 ```javascript
-function loggerCallback(logLevel, message, containsPii) {
-   console.log(message);
-}
-
-var msalConfig = {
+const msalConfig = {
     auth: {
-        clientId: "<Enter your client id>",
+        clientId: "enter_client_id_here",
+        authority: "https://login.microsoftonline.com/common",
+        knownAuthorities: [],
+        cloudDiscoveryMetadata: "",
+        redirectUri: "enter_redirect_uri_here",
+        postLogoutRedirectUri: "enter_postlogout_uri_here",
+        navigateToLoginRequestUrl: true,
+        clientCapabilities: ["CP1"]
+    },
+    cache: {
+        cacheLocation: "sessionStorage",
+        storeAuthStateInCookie: false,
+        secureCookies: false
     },
     system: {
-        logger: new Msal.Logger(
-            loggerCallback , {
-                level: Msal.LogLevel.Verbose,
-                piiLoggingEnabled: false,
-                correlationId: '1234'
-            }
-        )
-    }
+        loggerOptions: {
+            loggerCallback: (level: LogLevel, message: string, containsPii: boolean): void => {
+                if (containsPii) {
+                    return;
+                }
+                switch (level) {
+                    case LogLevel.Error:
+                        console.error(message);
+                        return;
+                    case LogLevel.Info:
+                        console.info(message);
+                        return;
+                    case LogLevel.Verbose:
+                        console.debug(message);
+                        return;
+                    case LogLevel.Warning:
+                        console.warn(message);
+                        return;
+                }
+            },
+            piiLoggingEnabled: false
+        },
+        windowHashTimeout: 60000,
+        iframeHashTimeout: 6000,
+        loadFrameTimeout: 0,
+        asyncPopups: false
+    };
 }
 
-var UserAgentApplication = new Msal.UserAgentApplication(msalConfig);
+const msalInstance = new PublicClientApplication(msalConfig);
 ```
 
 ## Next steps

articles/active-directory/index.yml

@@ -10,10 +10,10 @@ metadata:
   ms.service: active-directory
   ms.topic: hub-page
   ms.collection: M365-identity-device-management
-  author: mtillman
-  ms.author: mtillman
-  manager: daveba
-  ms.date: 04/14/2021
+  author: rolyon
+  ms.author: rolyon
+  manager: karenhoran
+  ms.date: 01/03/2022
 
 highlightedContent:
 # itemType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | whats-new
@@ -282,15 +282,15 @@ conceptualContent:
 
     - title: Roles
       links:
-        - url: ./roles/concept-understand-roles.md
+        - url: ./roles/manage-roles-portal.md
+          itemType: how-to-guide
+          text:  Assign Azure AD roles
+        - url: ./roles/administrative-units.md
           itemType: concept
-          text:  Understand Azure AD roles
+          text:  Understand administrative units
         - url: ./roles/custom-create.md
           itemType: how-to-guide
           text:  Create a custom role
-        - url: ./roles/groups-view-assignments.md
-          itemType: reference
-          text:  View roles assigned to a group
       footerLink:
         url: ./roles/index.yml
         text: See more

articles/active-directory/manage-apps/secure-hybrid-access.md

@@ -31,7 +31,7 @@ Using [Application Proxy](../app-proxy/what-is-application-proxy.md) you can pro
 
 In addition to [Azure AD Application Proxy](../app-proxy/what-is-application-proxy.md), Microsoft partners with third-party providers to enable secure access to your on-premises applications and applications that use legacy authentication.
 
-![Image shows secure hybrid access with app proxy and partners](./media/secure-hybrid-access/secure-hybrid-access.png)
+![Illustration of Secure Hybrid Access partner integrations and Application Proxy providing access to legacy and on-premises applications after authentication with Azure AD.](./media/secure-hybrid-access/secure-hybrid-access.png)
 
 The following partners offer pre-built solutions to support **conditional access policies per application** and provide detailed guidance for integrating with Azure AD. 
 

articles/active-directory/roles/index.yml

@@ -25,69 +25,75 @@ landingContent:
     linkLists:
       - linkListType: overview
         links:
-          - text: Azure AD role-based access control overview
+          - text: What is Azure AD RBAC?
             url: custom-overview.md
       - linkListType: concept
         links:
           - text: Understand Azure AD roles
             url: concept-understand-roles.md
-          - text: Understand administrative units in Azure AD
+          - text: Understand administrative units
             url: administrative-units.md
           - text: Use groups to manage role assignments
             url: groups-concept.md
 
   # Card
-  - title: Get started
+  - title: Choose roles
     linkLists:
-      - linkListType: quickstart
+      - linkListType: how-to-guide
+        links:
+          - text: List role definitions
+            url: role-definitions-list.md
+      - linkListType: reference
         links:
-          - text: Grant permission to create unlimited app registrations
-            url: quickstart-app-registration-limits.md
+          - text: Built-in roles
+            url: permissions-reference.md
+          - text: Least privileged roles by task
+            url: delegate-by-task.md
 
   # Card
-  - title: Delegate roles
+  - title: List role assignments
     linkLists:
       - linkListType: how-to-guide
         links:
-          - text: Delegate roles by task
-            url: delegate-by-task.md
-          - text: Delegate application management
-            url: delegate-app-roles.md
+          - text: List role assignments
+            url: view-assignments.md
 
   # Card
-  - title: Assign roles to users
+  - title: Assign roles
     linkLists:
       - linkListType: how-to-guide
         links:
-          - text: Create custom roles
-            url: custom-create.md
-          - text: Assign roles using Graph API
-            url: custom-assign-graph.md
-          - text: Assign using PowerShell
-            url: custom-assign-powershell.md
-          - text: Assign roles using Graph API
-            url: custom-assign-graph.md
+          - text: Assign roles to users
+            url: manage-roles-portal.md
+          - text: Assign roles at different scopes
+            url: assign-roles-different-scopes.md
 
   # Card
   - title: Assign roles to groups
     linkLists:
       - linkListType: how-to-guide
         links:
-          - text: Create role-assignable groups
+          - text: Create a role-assignable group
             url: groups-create-eligible.md
           - text: Assign roles to groups
             url: groups-assign-role.md
-          - text: Make a group eligible for PIM
-            url: groups-pim-eligible.md
-          - text: View assignments for a group
-            url: groups-view-assignments.md
+
+  # Card
+  - title: Create custom roles
+    linkLists:
+      - linkListType: how-to-guide
+        links:
+          - text: Create a custom role
+            url: custom-create.md
+          - text: Create custom roles for enterprise apps
+            url: custom-enterprise-apps.md
 
   # Card
   - title: Manage scope with administrative units
     linkLists:
       - linkListType: how-to-guide
         links:
-          - text: Create or delete administrative units
+          - text: Create administrative units
             url: admin-units-manage.md
           - text: Add members
             url: admin-units-members-add.md

articles/aks/concepts-clusters-workloads.md

@@ -58,7 +58,7 @@ AKS provides a single-tenant control plane, with a dedicated API server, schedul
 
 While you don't need to configure components (like a highly available *etcd* store) with this managed control plane, you can't access the control plane directly. Kubernetes control plane and node upgrades are orchestrated through the Azure CLI or Azure portal. To troubleshoot possible issues, you can review the control plane logs through Azure Monitor logs.
 
-To configure or directly access a control plane, deploy your own Kubernetes cluster using [aks-engine][aks-engine].
+To configure or directly access a control plane, deploy a self-managed Kubernetes cluster using [Cluster API Provider Azure][cluster-api-provider-azure].
 
 For associated best practices, see [Best practices for cluster security and upgrades in AKS][operator-best-practices-cluster-security].
 
@@ -78,7 +78,7 @@ The Azure VM size for your nodes defines the storage CPUs, memory, size, and typ
 
 In AKS, the VM image for your cluster's nodes is based on Ubuntu Linux or Windows Server 2019. When you create an AKS cluster or scale out the number of nodes, the Azure platform automatically creates and configures the requested number of VMs. Agent nodes are billed as standard VMs, so any VM size discounts (including [Azure reservations][reservation-discounts]) are automatically applied.
 
-Deploy your own Kubernetes cluster with [aks-engine][aks-engine] if using a different host OS, container runtime, or including different custom packages. The upstream `aks-engine` releases features and provides configuration options ahead of support in AKS clusters. So, if you wish to use a container runtime other than `containerd` or Docker, you can run `aks-engine` to configure and deploy a Kubernetes cluster that meets your current needs.
+If you need advanced configuration and control on your Kubernetes node container runtime and OS, you can deploy a self-managed cluster using [Cluster API Provider Azure][cluster-api-provider-azure].
 
 ### Resource reservations
 
@@ -297,6 +297,7 @@ This article covers some of the core Kubernetes components and how they apply to
 
 <!-- EXTERNAL LINKS -->
 [aks-engine]: https://github.com/Azure/aks-engine
+[cluster-api-provider-azure]: https://github.com/kubernetes-sigs/cluster-api-provider-azure
 [kubernetes-pods]: https://kubernetes.io/docs/concepts/workloads/pods/pod-overview/
 [kubernetes-pod-lifecycle]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/
 [kubernetes-deployments]: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/

articles/aks/tutorial-kubernetes-deploy-application.md

@@ -64,13 +64,13 @@ Get the ACR login server name using the [Get-AzContainerRegistry][get-azcontaine
 
 ---
 
-The sample manifest file from the git repo cloned in the first tutorial uses the login server name of *microsoft*. Make sure that you're in the cloned *azure-voting-app-redis* directory, then open the manifest file with a text editor, such as `vi`:
+The sample manifest file from the git repo cloned in the first tutorial uses the images from Microsoft Container Registry (*mcr.microsoft.com*). Make sure that you're in the cloned *azure-voting-app-redis* directory, then open the manifest file with a text editor, such as `vi`:
 
 ```console
 vi azure-vote-all-in-one-redis.yaml
 ```
 
-Replace *microsoft* with your ACR login server name. The image name is found on line 60 of the manifest file. The following example shows the default image name:
+Replace *mcr.microsoft.com* with your ACR login server name. The image name is found on line 60 of the manifest file. The following example shows the default image name:
 
 ```yaml
 containers:
@@ -163,5 +163,5 @@ Advance to the next tutorial to learn how to scale a Kubernetes application and
 [kubernetes-service]: concepts-network.md#services
 [azure-powershell-install]: /powershell/azure/install-az-ps
 [get-azcontainerregistry]: /powershell/module/az.containerregistry/get-azcontainerregistry
-[gitops-flux-tutorial]: ../azure-arc/kubernetes/tutorial-use-gitops-flux2.md
-[gitops-flux-tutorial-aks]: ../azure-arc/kubernetes/tutorial-use-gitops-flux2.md#for-azure-kubernetes-service-clusters
+[gitops-flux-tutorial]: ../azure-arc/kubernetes/tutorial-use-gitops-flux2.md?toc=/azure/aks/toc.json
+[gitops-flux-tutorial-aks]: ../azure-arc/kubernetes/tutorial-use-gitops-flux2.md?toc=/azure/aks/toc.json#for-azure-kubernetes-service-clusters

articles/api-management/TOC.yml

@@ -356,6 +356,8 @@
         href: gateway-log-schema-reference.md
       - name: Event Grid schema
         href: ../event-grid/event-schema-api-management.md?toc=/azure/api-management/toc.json&bc=/azure/api-management/breadcrumb/toc.json
+      - name: Virtual network reference
+        href: virtual-network-reference.md
 - name: Resources
   items:
       - name: FAQ