Merge pull request #206864 from MicrosoftDocs/main

8/03 PM Publish

Author: huypub

articles/active-directory/devices/device-management-azure-portal.md

@@ -107,6 +107,25 @@ To view or copy BitLocker keys, you need to be the owner of the device or have o
 - Security Administrator
 - Security Reader
 
+## Block users from viewing their BitLocker keys (preview)
+In this preivew, admins can block self-service BitLocker key access to the registered owner of the device. Default users without the BitLocker read permission will be unable to view or copy their BitLocker key(s) for their owned devices.
+
+To disable/enable self-service BitLocker recovery:
+
+```PowerShell
+Connect-MgGraph -Scopes Policy.ReadWrite.Authorization
+$authPolicyUri = "https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy"
+$body = @{
+    defaultUserRolePermissions = @{
+        allowedToReadBitlockerKeysForOwnedDevice = $false #Set this to $true to allow BitLocker self-service recovery
+    }
+}| ConvertTo-Json
+Invoke-MgGraphRequest -Uri $authPolicyUri -Method PATCH -Body $body
+# Show current policy setting
+$authPolicy = Invoke-MgGraphRequest -Uri $authPolicyUri
+$authPolicy.defaultUserRolePermissions
+```
+
 ## View and filter your devices (preview)
 
 In this preview, you have the ability to infinitely scroll, reorder columns, and select all devices. You can filter the device list by these device attributes:

articles/active-directory/managed-identities-azure-resources/tutorial-linux-vm-access-nonaad.md

@@ -103,6 +103,7 @@ To complete these steps, you need an SSH client.  If you are using Windows, you
 2. **Connect** to the VM with the SSH client of your choice. 
 3. In the terminal window, use CURL to make a request to the local managed identities for Azure resources endpoint to get an access token for Azure Key Vault.  
 
+ 
     The CURL request for the access token is below.  
 
     ```bash
@@ -147,4 +148,4 @@ Alternatively you may also do this via [PowerShell or the CLI](../../azure-resou
 In this tutorial, you learned how to use a Linux VM system-assigned managed identity to access Azure Key Vault.  To learn more about Azure Key Vault see:
 
 > [!div class="nextstepaction"]
->[Azure Key Vault](../../key-vault/general/overview.md)
+>[Azure Key Vault](../../key-vault/general/overview.md)

articles/active-directory/saas-apps/sonarqube-tutorial.md

@@ -1,6 +1,6 @@
 ---
-title: 'Tutorial: Azure AD SSO integration with Sonarqube'
-description: Learn how to configure single sign-on between Azure Active Directory and Sonarqube.
+title: 'Tutorial: Azure AD SSO integration with SonarQube'
+description: Learn how to configure single sign-on between Azure Active Directory and SonarQube.
 services: active-directory
 author: jeevansd
 manager: CelesteDG
@@ -13,59 +13,62 @@ ms.date: 06/25/2021
 ms.author: jeedes
 ---
 
-# Tutorial: Azure AD SSO integration with Sonarqube
+# Tutorial: Azure AD SSO integration with SonarQube
 
-In this tutorial, you'll learn how to integrate Sonarqube with Azure Active Directory (Azure AD). When you integrate Sonarqube with Azure AD, you can:
+In this tutorial, you'll learn how to integrate SonarQube with Azure Active Directory (Azure AD). When you integrate SonarQube with Azure AD, you can:
 
-* Control in Azure AD who has access to Sonarqube.
-* Enable your users to be automatically signed-in to Sonarqube with their Azure AD accounts.
+* Control in Azure AD who has access to SonarQube.
+* Enable your users to be automatically signed-in to SonarQube with their Azure AD accounts.
 * Manage your accounts in one central location - the Azure portal.
 
 ## Prerequisites
 
 To get started, you need the following items:
 
 * An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
-* Sonarqube single sign-on (SSO) enabled subscription.
+* SonarQube single sign-on (SSO) enabled subscription.
+
+> [!NOTE]
+> Help on installing SonarQube can be found in the [online documentation](https://docs.sonarqube.org/latest/setup/install-server/).
 
 ## Scenario description
 
 In this tutorial, you configure and test Azure AD SSO in a test environment.
 
-* Sonarqube supports **SP** initiated SSO.
+* SonarQube supports **SP** initiated SSO.
 
 > [!NOTE]
 > Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
 
-## Add Sonarqube from the gallery
+## Add SonarQube from the gallery
 
-To configure the integration of Sonarqube into Azure AD, you need to add Sonarqube from the gallery to your list of managed SaaS apps.
+To configure the integration of SonarQube into Azure AD, you need to add SonarQube from the gallery to your list of managed SaaS apps.
 
 1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
 1. On the left navigation pane, select the **Azure Active Directory** service.
 1. Navigate to **Enterprise Applications** and then select **All Applications**.
 1. To add new application, select **New application**.
-1. In the **Add from the gallery** section, type **Sonarqube** in the search box.
-1. Select **Sonarqube** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
+1. In the **Add from the gallery** section, type **SonarQube** in the search box.
+1. Select **SonarQube** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
 
-## Configure and test Azure AD SSO for Sonarqube
+## Configure and test Azure AD SSO for SonarQube
 
-Configure and test Azure AD SSO with Sonarqube using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Sonarqube.
+Configure and test Azure AD SSO with SonarQube using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in SonarQube.
 
-To configure and test Azure AD SSO with Sonarqube, perform the following steps:
+To configure and test Azure AD SSO with SonarQube, perform the following steps:
 
 1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
     1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
     1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
-1. **[Configure Sonarqube SSO](#configure-sonarqube-sso)** - to configure the single sign-on settings on application side.
-    1. **[Create Sonarqube test user](#create-sonarqube-test-user)** - to have a counterpart of B.Simon in Sonarqube that is linked to the Azure AD representation of user.
+1. **[Configure SonarQube SSO](#configure-sonarqube-sso)** - to configure the single sign-on settings on application side.
+    1. **[Create SonarQube test user](#create-sonarqube-test-user)** - to have a counterpart of B.Simon in SonarQube that is linked to the Azure AD representation of user.
 1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
 
 ## Configure Azure AD SSO
 
 Follow these steps to enable Azure AD SSO in the Azure portal.
 
-1. In the Azure portal, on the **Sonarqube** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **SonarQube** application integration page, find the **Manage** section and select **single sign-on**.
 1. On the **Select a single sign-on method** page, select **SAML**.
 1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
 
@@ -93,7 +96,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
 	![The Certificate download link](common/certificatebase64.png)
 
-1. On the **Set up Sonarqube** section, copy the appropriate URL(s) based on your requirement.
+1. On the **Set up SonarQube** section, copy the appropriate URL(s) based on your requirement.
 
 	![Copy configuration URLs](common/copy-configuration-urls.png)
 
@@ -111,19 +114,19 @@ In this section, you'll create a test user in the Azure portal called B.Simon.
 
 ### Assign the Azure AD test user
 
-In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Sonarqube.
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to SonarQube.
 
 1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
-1. In the applications list, select **Sonarqube**.
+1. In the applications list, select **SonarQube**.
 1. In the app's overview page, find the **Manage** section and select **Users and groups**.
 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
 1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
 1. In the **Add Assignment** dialog, click the **Assign** button.
 
-## Configure Sonarqube SSO
+## Configure SonarQube SSO
 
-1. Open a new web browser window and sign into your Sonarqube company site as an administrator.
+1. Open a new web browser window and sign into your SonarQube company site as an administrator.
 
 1. Click on **Administration > Configuration > Security** and go to the **SAML Plugin** perform the following steps.
 
@@ -160,20 +163,20 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 
 	j. Click **Save**.
 
-### Create Sonarqube test user
+### Create SonarQube test user
 
-In this section, you create a user called B.Simon in Sonarqube. Work with [Sonarqube Client support team](https://sonarsource.com/company/contact/) to add the users in the Sonarqube platform. Users must be created and activated before you use single sign-on. 
+In this section, you create a user called B.Simon in SonarQube. Work with [SonarQube Client support team](https://sonarsource.com/company/contact/) to add the users in the SonarQube platform. Users must be created and activated before you use single sign-on. 
 
 ## Test SSO 
 
 In this section, you test your Azure AD single sign-on configuration with following options. 
 
-* Click on **Test this application** in Azure portal. This will redirect to Sonarqube Sign-on URL where you can initiate the login flow. 
+* Click on **Test this application** in Azure portal. This will redirect to SonarQube Sign-on URL where you can initiate the login flow. 
 
-* Go to Sonarqube Sign-on URL directly and initiate the login flow from there.
+* Go to SonarQube Sign-on URL directly and initiate the login flow from there.
 
-* You can use Microsoft My Apps. When you click the Sonarqube tile in the My Apps, this will redirect to Sonarqube Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
+* You can use Microsoft My Apps. When you click the SonarQube tile in the My Apps, this will redirect to SonarQube Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
 
 ## Next steps
 
-* Once you configure the Sonarqube you can enforce session controls, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session controls extends from Conditional Access. [Learn how to enforce session control with Microsoft Defender for Cloud Apps](/cloud-app-security/proxy-deployment-any-app).
+* Once you configure SonarQube, you can enforce session controls, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session controls extends from Conditional Access. [Learn how to enforce session control with Microsoft Defender for Cloud Apps](/cloud-app-security/proxy-deployment-any-app).

articles/aks/TOC.yml

@@ -10,7 +10,7 @@
       href: supported-kubernetes-versions.md
     - name: Add-ons, extensions, and other integrations
       href: integrations.md
-      displayName: add-on, extensions, prometheus, grafana, openfaas, spark, istio, linkerd, consul
+      displayName: add-on, extensions, prometheus, grafana, openfaas, spark, istio, linkerd, consul, github, actions
     - name: Solution architectures
       href: /azure/architecture/reference-architectures/containers/aks-start-here?bc=%2fazure%2faks%2fbreadcrumb%2ftoc.json&toc=%2fazure%2faks%2ftoc.json?WT.mc_id=AKSDOCSTOC
 - name: Quickstarts

articles/aks/cluster-configuration.md

@@ -31,9 +31,9 @@ By using `containerd` for AKS nodes, pod startup latency improves and node resou
 `Containerd` works on every GA version of Kubernetes in AKS, and in every upstream kubernetes version above v1.19, and supports all Kubernetes and AKS features.
 
 > [!IMPORTANT]
-> Clusters with Linux node pools created on Kubernetes v1.19 or greater default to `containerd` for its container runtime. Clusters with node pools on a earlier supported Kubernetes versions receive Docker for their container runtime. Linux node pools will be updated to `containerd` once the node pool Kubernetes version is updated to a version that supports `containerd`. You can still use Docker node pools and clusters on versions below 1.23, but Docker is no longer supported as of September 2022.
+> Clusters with Linux node pools created on Kubernetes v1.19 or greater default to `containerd` for its container runtime. Clusters with node pools on a earlier supported Kubernetes versions receive Docker for their container runtime. Linux node pools will be updated to `containerd` once the node pool Kubernetes version is updated to a version that supports `containerd`. 
 > 
-> Using `containerd` with Windows Server 2019 node pools is generally available, and will be the only container runtime option in Kubernetes 1.21 and greater. For more details, see [Add a Windows Server node pool with `containerd`][/learn/aks-add-np-containerd].
+> Using `containerd` with Windows Server 2019 node pools is generally available, and will be the only container runtime option in Kubernetes 1.21 and greater. You can still use Docker node pools and clusters on versions below 1.23, but Docker is no longer supported as of September 2022. For more details, see [Add a Windows Server node pool with `containerd`][aks-add-np-containerd].
 > 
 > It is highly recommended to test your workloads on AKS node pools with `containerd` prior to using clusters with a Kubernetes version that supports `containerd` for your node pools.
 
@@ -232,4 +232,4 @@ az aks show -n aks -g myResourceGroup --query "oidcIssuerProfile.issuerUrl" -ots
 [az-feature-register]: /cli/azure/feature#az_feature_register
 [az-feature-list]: /cli/azure/feature#az_feature_list
 [az-provider-register]: /cli/azure/provider#az_provider_register
-[aks-add-np-containerd]: windows-container-cli.md#add-a-windows-server-node-pool-with-containerd
+[aks-add-np-containerd]: ./learn/quick-windows-container-deploy-cli.md#add-a-windows-server-node-pool-with-containerd

articles/aks/index.yml

@@ -28,6 +28,10 @@ landingContent:
         links:
           - text: Use CVM (Preview)
             url: use-cvm.md
+          - text: AKS GitHub Actions
+            url: kubernetes-action.md
+          - text: FIPS support for Windows Server node pools
+            url: enable-fips-nodes.md#create-a-fips-enabled-windows-node-pool
           - text: Automatically upgrade an AKS cluster
             url: auto-upgrade-cluster.md
           - text: Start/stop node pools
@@ -40,7 +44,8 @@ landingContent:
             url: use-network-policies.md#create-an-aks-cluster-for-calico-network-policies
           - text: API Server VNet integration (preview)
             url: api-server-vnet-integration.md
-            
+          - text: GitHub Actions for AKS
+            url: integrations.md#github-actions
       - linkListType: concept
         links:
           - text: Kubernetes core concepts for AKS
@@ -182,4 +187,6 @@ landingContent:
           - text: Dapr cluster extension
             url: dapr.md
           - text: Cluster extensions
-            url: cluster-extensions.md
+            url: cluster-extensions.md
+          - text: GitHub Actions for AKS
+            url: integrations.md#github-actions

articles/aks/integrations.md

@@ -13,7 +13,7 @@ Azure Kubernetes Service (AKS) provides additional, supported functionality for
 
 ## Add-ons
 
-Add-ons are a fully-supported way to provide extra capabilities for your AKS cluster. Add-ons' installation, configuration, and lifecycle is managed by AKS. Use `az aks addon` to install an add-on or manage the add-ons for your cluster.
+Add-ons are a fully supported way to provide extra capabilities for your AKS cluster. Add-ons' installation, configuration, and lifecycle is managed by AKS. Use `az aks addon` to install an add-on or manage the add-ons for your cluster.
 
 The following rules are used by AKS for applying updates to installed add-ons:
 
@@ -44,6 +44,10 @@ Cluster extensions build on top of certain Helm charts and provide an Azure Reso
 
 Both extensions and add-ons are supported ways to add functionality to your AKS cluster. When you install an add-on, the functionality is added as part of the AKS resource provider in the Azure API. When you install an extension, the functionality is added as part of a separate resource provider in the Azure API.
 
+## GitHub Actions
+
+GitHub Actions helps you automate your software development workflows from within GitHub. For more details on using GitHub Actions with Azure, see [What is GitHub Actions for Azures][github-actions]. For an example of using GitHub Actions with an AKS cluster, see [Build, test, and deploy containers to Azure Kubernetes Service using GitHub Actions][github-actions-aks].
+
 ## Open source and third-party integrations
 
 You can install many open source and third-party integrations on your AKS cluster, but these open-source and third-party integrations are not covered by the [AKS support policy][aks-support-policy].
@@ -99,4 +103,17 @@ The below table shows a few examples of open-source and third-party integrations
 [keda]: keda-about.md
 [web-app-routing]: web-app-routing.md
 [maintenance-windows]: planned-maintenance.md
-[release-tracker]: release-tracker.md
+[release-tracker]: release-tracker.md
+[github-actions]: /azure/developer/github/github-actions
+[azure/aks-set-context]: https://github.com/Azure/aks-set-context
+[azure/k8s-set-context]: https://github.com/Azure/k8s-set-context
+[azure/k8s-bake]: https://github.com/Azure/k8s-bake
+[azure/k8s-create-secret]: https://github.com/Azure/k8s-create-secret
+[azure/k8s-deploy]: https://github.com/Azure/k8s-deploy
+[azure/k8s-lint]: https://github.com/Azure/k8s-lint
+[azure/setup-helm]: https://github.com/Azure/setup-helm
+[azure/setup-kubectl]: https://github.com/Azure/setup-kubectl
+[azure/k8s-artifact-substitute]: https://github.com/Azure/k8s-artifact-substitute
+[azure/aks-create-action]: https://github.com/Azure/aks-create-action
+[azure/aks-github-runner]: https://github.com/Azure/aks-github-runner
+[github-actions-aks]: kubernetes-action.md