Merge pull request #178734 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to master to sync with https://github.com/MicrosoftDocs/azure-docs (branch master)

Author: huypub

articles/active-directory/manage-apps/tenant-restrictions.md

@@ -73,7 +73,7 @@ The headers should include the following elements:
 
 - For *Restrict-Access-To-Tenants*, use a value of \<permitted tenant list\>, which is a comma-separated list of tenants you want to allow users to access. Any domain that is registered with a tenant can be used to identify the tenant in this list, as well as the directory ID itself. For an example of all three ways of describing a tenant, the name/value pair to allow Contoso, Fabrikam, and Microsoft looks like: `Restrict-Access-To-Tenants: contoso.com,fabrikam.onmicrosoft.com,72f988bf-86f1-41af-91ab-2d7cd011db47`
 
-- For *Restrict-Access-Context*, use a value of a single directory ID, declaring which tenant is setting the tenant restrictions. For example, to declare Contoso as the tenant that set the tenant restrictions policy, the name/value pair looks like: `Restrict-Access-Context: 456ff232-35l2-5h23-b3b3-3236w0826f3d`.  You **must** use your own directory ID in this spot in order to get logs for these authentications.
+- For *Restrict-Access-Context*, use a value of a single directory ID, declaring which tenant is setting the tenant restrictions. For example, to declare Contoso as the tenant that set the tenant restrictions policy, the name/value pair looks like: `Restrict-Access-Context: 456ff232-35l2-5h23-b3b3-3236w0826f3d`. You *must* use your own directory ID here to get logs for these authentications. If you use any directory ID other than your own, those sign-in logs *will* appear in someone else’s tenant, with all personal information removed. For more information, see [Admin experience](#admin-experience).
 
 > [!TIP]
 > You can find your directory ID in the [Azure Active Directory portal](https://aad.portal.azure.com/). Sign in as an administrator, select **Azure Active Directory**, then select **Properties**.

articles/aks/quotas-skus-regions.md

@@ -22,7 +22,7 @@ This article details the default resource limits for Azure Kubernetes Service (A
 All other network, compute, and storage limitations apply to the provisioned infrastructure. For the relevant limits, see [Azure subscription and service limits](../azure-resource-manager/management/azure-subscription-service-limits.md).
 
 > [!IMPORTANT]
-> When you upgrade an AKS cluster, extra resources are temporarily consumed. These resources include include available IP addresses in a virtual network subnet or virtual machine vCPU quota. 
+> When you upgrade an AKS cluster, extra resources are temporarily consumed. These resources include available IP addresses in a virtual network subnet or virtual machine vCPU quota. 
 >
 > For Windows Server containers, you can perform an upgrade operation to apply the latest node updates. If you don't have the available IP address space or vCPU quota to handle these temporary resources, the cluster upgrade process will fail. For more information on the Windows Server node upgrade process, see [Upgrade a node pool in AKS][nodepool-upgrade].
 

articles/iot-edge/how-to-provision-devices-at-scale-linux-on-windows-symmetric.md

@@ -76,7 +76,7 @@ For Windows Admin Center, use the following steps:
 
 ---
 
-## Verify successful configuration
+## Verify successful installation
 
 Verify that IoT Edge for Linux on Windows was successfully installed and configured on your IoT Edge device.
 

articles/iot-edge/how-to-provision-devices-at-scale-linux-on-windows-tpm.md

@@ -81,9 +81,9 @@ The IoT Edge for Linux on Windows VM has a TPM feature that can be enabled or di
 
 # [Physical TPM](#tab/physical-tpm)
 
-To provision your device, you need to gather information from your TPM chip and provide it to your instance of the device provisioning service so that the service can recognize your device when it tries to connect.
+To provision your device, you need an **Endorsement key** for your TPM chip and **Registration ID** for your device. You provide this information to your instance of the device provisioning service so that the service can recognize your device when it tries to connect.
 
-First, you need to determine the endorsement key, which is unique to each TPM chip and is obtained from the TPM chip manufacturer associated with it. Then, you need to provide a registration ID for your device. You can derive a unique registration ID for your TPM device by, for example, creating an SHA-256 hash of the endorsement key.
+The endorsement key is unique to each TPM chip. It is obtained from the TPM chip manufacturer associated with it. You can derive a unique registration ID for your TPM device by, for example, creating an SHA-256 hash of the endorsement key.
 
 IoT Edge for Linux on Windows provides a PowerShell script to help retrieve this information from your TPM. To use the script, follow these steps on your device:
 
@@ -128,7 +128,7 @@ Simulated TPM samples:
 1. Provision your device by using the **Scope ID** that you collected from your instance of the device provisioning service.
 
    ```powershell
-   Provision-EflowVM -provisioningType "DpsTpm" -scopeId "<scope id>"
+   Provision-EflowVM -provisioningType "DpsTpm" -scopeId "SCOPE_ID_HERE"
    ```
 
 # [Windows Admin Center](#tab/windowsadmincenter)
@@ -146,7 +146,7 @@ Simulated TPM samples:
 
 ---
 
-## Verify successful configuration
+## Verify successful installation
 
 Verify that IoT Edge for Linux on Windows was successfully installed and configured on your IoT Edge device.
 
@@ -202,4 +202,4 @@ Use the following commands on your device to verify that the IoT Edge installed
 
 The device provisioning service enrollment process lets you set the device ID and device twin tags at the same time as you provision the new device. You can use those values to target individual devices or groups of devices by using automatic device management.
 
-Learn how to [deploy and monitor IoT Edge modules at scale by using the Azure portal](how-to-deploy-at-scale.md) or [the Azure CLI](how-to-deploy-cli-at-scale.md).
+Learn how to [deploy and monitor IoT Edge modules at scale by using the Azure portal](how-to-deploy-at-scale.md) or [the Azure CLI](how-to-deploy-cli-at-scale.md).

articles/iot-edge/how-to-provision-devices-at-scale-linux-on-windows-x509.md

@@ -84,7 +84,7 @@ You can use either PowerShell or Windows Admin Center to provision your IoT Edge
 For PowerShell, run the following command with the placeholder values updated with your own values:
 
 ```powershell
-Provision-EflowVm -provisioningType DpsX509 -​scopeId PASTE_YOUR_ID_SCOPE_HERE -registrationId PASTE_YOUR_REGISTRATION_ID_HERE -identityCertPath PASTE_ABSOLUTE_PATH_TO_IDENTITY_CERTIFICATE_HERE -identityPrivateKey PASTE_ABSOLUTE_PATH_TO_IDENTITY_PRIVATE_KEY_HERE
+Provision-EflowVm -provisioningType DpsX509 -scopeId PASTE_YOUR_ID_SCOPE_HERE -registrationId PASTE_YOUR_REGISTRATION_ID_HERE -identityCertPath PASTE_ABSOLUTE_PATH_TO_IDENTITY_CERTIFICATE_HERE -identityPrivateKey PASTE_ABSOLUTE_PATH_TO_IDENTITY_PRIVATE_KEY_HERE
 ```
 
 # [Windows Admin Center](#tab/windowsadmincenter)
@@ -103,7 +103,7 @@ For Windows Admin Center, use the following steps:
 
 ---
 
-## Verify successful configuration
+## Verify successful installation
 
 Verify that IoT Edge for Linux on Windows was successfully installed and configured on your IoT Edge device.
 

articles/iot-edge/how-to-provision-devices-at-scale-linux-tpm.md

@@ -54,7 +54,7 @@ A physical Linux device to be the IoT Edge device.
 
 # [Virtual machine](#tab/virtual-machine)
 
-* A Windows development machine with [Hyper-V enabled](/virtualization/hyper-v-on-windows/quick-start/enable-hyper-v). This article uses Windows 10 running an Ubuntu Server VM.
+A Windows development machine with [Hyper-V enabled](/virtualization/hyper-v-on-windows/quick-start/enable-hyper-v). This article uses Windows 10 running an Ubuntu Server VM.
 
 ---
 
@@ -192,10 +192,10 @@ After the runtime is installed on your device, configure the device with the inf
    provisioning:
      source: "dps"
      global_endpoint: "https://global.azure-devices-provisioning.net"
-     scope_id: "<SCOPE_ID>"
+     scope_id: "SCOPE_ID_HERE"
      attestation:
        method: "tpm"
-       registration_id: "<REGISTRATION_ID>"
+       registration_id: "REGISTRATION_ID_HERE"
    # always_reprovision_on_startup: true
    # dynamic_reprovisioning: false
    ```
@@ -233,11 +233,11 @@ After the runtime is installed on your device, configure the device with the inf
    [provisioning]
    source = "dps"
    global_endpoint = "https://global.azure-devices-provisioning.net"
-   id_scope = "<SCOPE_ID>"
+   id_scope = "SCOPE_ID_HERE"
 
    [provisioning.attestation]
    method = "tpm"
-   registration_id = "<REGISTRATION_ID>"
+   registration_id = "REGISTRATION_ID_HERE"
    ```
 
 1. Update the values of `id_scope` and `registration_id` with your device provisioning service and device information. The `scope_id` value is the **ID Scope** from your device provisioning service instance's overview page.
@@ -369,7 +369,7 @@ You can give access to the TPM by overriding the systemd settings so that the `a
 :::moniker-end
 <!-- end 1.2 -->
 
-## Restart IoT Edge and verify successful installation
+## Verify successful installation
 
 <!-- 1.1 -->
 :::moniker range="iotedge-2018-06"
@@ -445,4 +445,4 @@ You can verify that the individual enrollment that you created in the device pro
 
 The device provisioning service enrollment process lets you set the device ID and device twin tags at the same time as you provision the new device. You can use those values to target individual devices or groups of devices by using automatic device management.
 
-Learn how to [deploy and monitor IoT Edge modules at scale by using the Azure portal](how-to-deploy-at-scale.md) or [the Azure CLI](how-to-deploy-cli-at-scale.md).
+Learn how to [deploy and monitor IoT Edge modules at scale by using the Azure portal](how-to-deploy-at-scale.md) or [the Azure CLI](how-to-deploy-cli-at-scale.md).

articles/iot-edge/how-to-provision-devices-at-scale-linux-x509.md

@@ -101,12 +101,12 @@ Have the following information ready:
    provisioning:
      source: "dps"
      global_endpoint: "https://global.azure-devices-provisioning.net"
-     scope_id: "<SCOPE_ID>"
+     scope_id: "SCOPE_ID_HERE"
      attestation:
        method: "x509"
-   #   registration_id: "<OPTIONAL REGISTRATION ID. LEAVE COMMENTED OUT TO REGISTER WITH CN OF identity_cert>"
-       identity_cert: "<REQUIRED URI TO DEVICE IDENTITY CERTIFICATE>"
-       identity_pk: "<REQUIRED URI TO DEVICE IDENTITY PRIVATE KEY>"
+   #   registration_id: "OPTIONAL_REGISTRATION_ID_LEAVE_COMMENTED_OUT_TO_REGISTER_WITH_CN_OF_IDENTITY_CERT"
+       identity_cert: "REQUIRED_URI_TO_DEVICE_IDENTITY_CERTIFICATE_HERE"
+       identity_pk: "REQUIRED_URI_TO_DEVICE_IDENTITY_PRIVATE_KEY_HERE"
    #  always_reprovision_on_startup: true
    #  dynamic_reprovisioning: false
    ```
@@ -155,15 +155,15 @@ Have the following information ready:
    [provisioning]
    source = "dps"
    global_endpoint = "https://global.azure-devices-provisioning.net"
-   id_scope = "<SCOPE_ID>"
+   id_scope = "SCOPE_ID_HERE"
 
    [provisioning.attestation]
    method = "x509"
-   registration_id = "<REGISTRATION ID>"
+   registration_id = "REGISTRATION_ID_HERE"
 
-   identity_cert = "<DEVICE IDENTITY CERTIFICATE>"
+   identity_cert = "DEVICE_IDENTITY_CERTIFICATE_HERE"
 
-   identity_pk = "<DEVICE IDENTITY PRIVATE KEY>"
+   identity_pk = "DEVICE_IDENTITY_PRIVATE_KEY_HERE"
    ```
 
 1. Update the value of `id_scope` with the scope ID you copied from your instance of DPS.

articles/iot-edge/how-to-provision-devices-at-scale-windows-symmetric.md

@@ -16,6 +16,13 @@ monikerRange: "=iotedge-2018-06"
 
 This article provides end-to-end instructions for autoprovisioning one or more Windows IoT Edge devices using symmetric keys. You can automatically provision Azure IoT Edge devices with the [Azure IoT Hub device provisioning service](../iot-dps/index.yml) (DPS). If you're unfamiliar with the process of autoprovisioning, review the [provisioning overview](../iot-dps/about-iot-dps.md#provisioning-process) before continuing.
 
+>[!NOTE]
+>Azure IoT Edge with Windows containers will not be supported starting with version 1.2 of Azure IoT Edge.
+>
+>Consider using the new method for running IoT Edge on Windows devices, [Azure IoT Edge for Linux on Windows](iot-edge-for-linux-on-windows.md).
+>
+>If you want to use Azure IoT Edge for Linux on Windows, you can follow the steps in the [equivalent how-to guide](how-to-provision-devices-at-scale-linux-on-windows-symmetric.md).
+
 The tasks are as follows:
 
 1. Create either an **individual enrollment** for a single device or a **group enrollment** for a set of devices.
@@ -54,13 +61,11 @@ Have the following information ready:
 
 1. The **Initialize-IoTEdge** command configures the IoT Edge runtime on your machine. The command defaults to manual provisioning with Windows containers, so use the `-DpsSymmetricKey` flag to use automatic provisioning with symmetric key authentication.
 
-   Replace the placeholder values for `{scope_id}`, `{registration_id}`, and `{symmetric_key}` with the data you collected earlier.
-
-   Add the `-RegistrationId {registration_id}` parameter if you want to set the device ID as something other than the CN name of the identity certificate.
+   Replace the placeholder values for `paste_scope_id_here`, `paste_registration_id_here`, and `paste_symmetric_key_here` with the data you collected earlier.
 
    ```powershell
    . {Invoke-WebRequest -useb https://aka.ms/iotedge-win} | Invoke-Expression; `
-   Initialize-IoTEdge -DpsSymmetricKey -ScopeId {scope ID} -RegistrationId {registration ID} -SymmetricKey {symmetric key}
+   Initialize-IoTEdge -DpsSymmetricKey -ScopeId paste_scope_id_here -RegistrationId paste_registration_id_here -SymmetricKey paste_symmetric key_here
    ```
 
 ## Verify successful installation

articles/iot-edge/how-to-provision-devices-at-scale-windows-tpm.md

@@ -16,6 +16,13 @@ monikerRange: "=iotedge-2018-06"
 
 This article provides instructions for autoprovisioning an Azure IoT Edge for Windows device by using a Trusted Platform Module (TPM). You can automatically provision IoT Edge devices with the [Azure IoT Hub device provisioning service](../iot-dps/index.yml). If you're unfamiliar with the process of autoprovisioning, review the [provisioning overview](../iot-dps/about-iot-dps.md#provisioning-process) before you continue.
 
+>[!NOTE]
+>Azure IoT Edge with Windows containers will not be supported starting with version 1.2 of Azure IoT Edge.
+>
+>Consider using the new method for running IoT Edge on Windows devices, [Azure IoT Edge for Linux on Windows](iot-edge-for-linux-on-windows.md).
+>
+>If you want to use Azure IoT Edge for Linux on Windows, you can follow the steps in the [equivalent how-to guide](how-to-provision-devices-at-scale-linux-on-windows-tpm.md).
+
 This article outlines two methodologies. Select your preference based on the architecture of your solution:
 
 - Autoprovision a Windows device with physical TPM hardware.
@@ -117,11 +124,11 @@ After the runtime is installed on your device, configure the device with the inf
 
 1. The `Initialize-IoTEdge` command configures the IoT Edge runtime on your machine. The command defaults to manual provisioning with Windows containers. Use the `-Dps` flag to use the device provisioning service instead of manual provisioning.
 
-   Replace the placeholder values for `{scope_id}` and `{registration_id}` with the data you collected earlier.
+   Replace the placeholder values for `paste_scope_id_here` and `paste_registration_id_here` with the data you collected earlier.
 
    ```powershell
    . {Invoke-WebRequest -useb https://aka.ms/iotedge-win} | Invoke-Expression; `
-   Initialize-IoTEdge -Dps -ScopeId {scope ID} -RegistrationId {registration ID}
+   Initialize-IoTEdge -Dps -ScopeId paste_scope_id_here -RegistrationId paste_registration_id_here
    ```
 
 ## Verify successful installation
@@ -150,4 +157,4 @@ If the runtime started successfully, go into your IoT hub and start deploying Io
 
 The device provisioning service enrollment process lets you set the device ID and device twin tags at the same time as you provision the new device. You can use those values to target individual devices or groups of devices by using automatic device management.
 
-Learn how to [deploy and monitor IoT Edge modules at scale by using the Azure portal](how-to-deploy-at-scale.md) or [the Azure CLI](how-to-deploy-cli-at-scale.md).
+Learn how to [deploy and monitor IoT Edge modules at scale by using the Azure portal](how-to-deploy-at-scale.md) or [the Azure CLI](how-to-deploy-cli-at-scale.md).

articles/iot-edge/how-to-provision-devices-at-scale-windows-x509.md

@@ -17,6 +17,13 @@ monikerRange: "=iotedge-2018-06"
 
 This article provides end-to-end instructions for autoprovisioning one or more Windows IoT Edge devices using X.509 certificates. You can automatically provision Azure IoT Edge devices with the [Azure IoT Hub device provisioning service](../iot-dps/index.yml) (DPS). If you're unfamiliar with the process of autoprovisioning, review the [provisioning overview](../iot-dps/about-iot-dps.md#provisioning-process) before continuing.
 
+>[!NOTE]
+>Azure IoT Edge with Windows containers will not be supported starting with version 1.2 of Azure IoT Edge.
+>
+>Consider using the new method for running IoT Edge on Windows devices, [Azure IoT Edge for Linux on Windows](iot-edge-for-linux-on-windows.md).
+>
+>If you want to use Azure IoT Edge for Linux on Windows, you can follow the steps in the [equivalent how-to guide](how-to-provision-devices-at-scale-linux-on-windows-x509.md).
+
 The tasks are as follows:
 
 1. Generate certificates and keys.
@@ -82,13 +89,13 @@ Have the following information ready:
 
 1. The **Initialize-IoTEdge** command configures the IoT Edge runtime on your machine. The command defaults to manual provisioning with Windows containers, so use the `-DpsX509` flag to use automatic provisioning with X.509 certificate authentication.
 
-   Replace the placeholder values for `{scope_id}`, `{identity cert chain path}`, and `{identity key path}` with the appropriate values from your DPS instance and the file paths on your device.
+   Replace the placeholder values for `scope_id`, `identity cert chain path`, and `identity key path` with the appropriate values from your DPS instance and the file paths on your device.
 
-   Add the `-RegistrationId {registration_id}` parameter if you want to set the device ID as something other than the CN name of the identity certificate.
+   Add the `-RegistrationId paste_registration_id_here` parameter if you want to set the device ID as something other than the CN name of the identity certificate.
 
    ```powershell
    . {Invoke-WebRequest -useb https://aka.ms/iotedge-win} | Invoke-Expression; `
-   Initialize-IoTEdge -DpsX509 -ScopeId {scope ID} -X509IdentityCertificate {identity cert chain path} -X509IdentityPrivateKey {identity key path}
+   Initialize-IoTEdge -DpsX509 -ScopeId paste_scope_id_here -X509IdentityCertificate paste_identity_cert_chain_path_here -X509IdentityPrivateKey paste_identity_key_path_here
    ```
 
    >[!TIP]