Merge remote-tracking branch 'refs/remotes/MicrosoftDocs/master' into nitinme-retire-services

nitinme · nitinme · commit 12d57e417952 · 2020-01-24T12:29:48.000-08:00
diff --git a/articles/azure-resource-manager/management/region-move-support.md b/articles/azure-resource-manager/management/region-move-support.md
@@ -4,7 +4,7 @@ description: Lists the Azure resource types that can be moved across Azure regio
 author: rayne-wiselman
 ms.service: azure-resource-manager
 ms.topic: reference
-ms.date: 11/21/2019
+ms.date: 01/20/2020
 ms.author: raynew
 ---
 
@@ -181,7 +181,7 @@ Jump to a resource provider namespace:
 > [!div class="mx-tableFixed"]
 > | Resource type | Region move | 
 > | ------------- | ----------- |
-> | service | No |
+> | service |  Yes | 
 
 ## Microsoft.AppConfiguration
 
@@ -996,7 +996,7 @@ Jump to a resource provider namespace:
 > [!div class="mx-tableFixed"]
 > | Resource type | Region move | 
 > | ------------- | ----------- |
-> | vaults | Yes (for Backup vaults I think? | 
+> | vaults | No. [Disable vault and recreate](https://docs.microsoft.com/azure/site-recovery/move-vaults-across-regions) for Site Recovery  | 
 
 
 ## Microsoft.Relay
@@ -1137,7 +1137,7 @@ Jump to a resource provider namespace:
 > [!div class="mx-tableFixed"]
 > | Resource type | Region move | 
 > | ------------- | ----------- |
-> | storageaccounts | Yes?? | 
+> | storageaccounts | Yes | 
 
 ## Microsoft.StorageCache
 
diff --git a/articles/cosmos-db/secure-access-to-data.md b/articles/cosmos-db/secure-access-to-data.md
@@ -1,11 +1,11 @@
 ---
 title: Learn how to secure access to data in Azure Cosmos DB
 description: Learn about access control concepts in Azure Cosmos DB, including master keys, read-only keys, users, and permissions.
-author: markjbrown
-ms.author: mjbrown
+author: thomasweiss
+ms.author: thweiss
 ms.service: cosmos-db
 ms.topic: conceptual
-ms.date: 05/21/2019
+ms.date: 01/21/2020
 
 ---
 # Secure access to data in Azure Cosmos DB
@@ -21,15 +21,16 @@ Azure Cosmos DB uses two types of keys to authenticate users and provide access
 
 <a id="master-keys"></a>
 
-## Master keys 
+## Master keys
+
+Master keys provide access to all the administrative resources for the database account. Master keys:
 
-Master keys provide access to all the administrative resources for the database account. Master keys:  
 - Provide access to accounts, databases, users, and permissions. 
 - Cannot be used to provide granular access to containers and documents.
 - Are created during the creation of an account.
 - Can be regenerated at any time.
 
-Each account consists of two Master keys: a primary key and secondary key. The purpose of dual keys is so that you can regenerate, or roll keys, providing continuous access to your account and data. 
+Each account consists of two Master keys: a primary key and secondary key. The purpose of dual keys is so that you can regenerate, or roll keys, providing continuous access to your account and data.
 
 In addition to the two master keys for the Cosmos DB account, there are two read-only keys. These read-only keys only allow read operations on the account. Read-only keys do not provide access to read permissions resources.
 
@@ -43,37 +44,29 @@ The process of rotating your master key is simple. Navigate to the Azure portal
 
 ### Code sample to use a master key
 
-The following code sample illustrates how to use a Cosmos DB account endpoint and master key to instantiate a DocumentClient and create a database. 
+The following code sample illustrates how to use a Cosmos DB account endpoint and master key to instantiate a DocumentClient and create a database.
 
 ```csharp
 //Read the Azure Cosmos DB endpointUrl and authorization keys from config.
 //These values are available from the Azure portal on the Azure Cosmos DB account blade under "Keys".
-//NB > Keep these values in a safe and secure location. Together they provide Administrative access to your DocDB account.
+//Keep these values in a safe and secure location. Together they provide Administrative access to your Azure Cosmos DB account.
 
 private static readonly string endpointUrl = ConfigurationManager.AppSettings["EndPointUrl"];
 private static readonly string authorizationKey = ConfigurationManager.AppSettings["AuthorizationKey"];
 
-client = new DocumentClient(new Uri(endpointUrl), authorizationKey);
-
-// Create Database
-Database database = await client.CreateDatabaseAsync(
-    new Database
-    {
-        Id = databaseName
-    });
+CosmosClient client = new CosmosClient(endpointUrl, authorizationKey);
 ```
 
-<a id="resource-tokens"></a>
-
-## Resource tokens
+## Resource tokens <a id="resource-tokens"></a>
 
 Resource tokens provide access to the application resources within a database. Resource tokens:
+
 - Provide access to specific containers, partition keys, documents, attachments, stored procedures, triggers, and UDFs.
 - Are created when a [user](#users) is granted [permissions](#permissions) to a specific resource.
 - Are recreated when a permission resource is acted upon on by POST, GET, or PUT call.
 - Use a hash resource token specifically constructed for the user, resource, and permission.
-- Are time bound with a customizable validity period. The default valid timespan is one hour. Token lifetime, however, may be explicitly specified, up to a maximum of five hours.
-- Provide a safe alternative to giving out the master key. 
+- Are time bound with a customizable validity period. The default valid time span is one hour. Token lifetime, however, may be explicitly specified, up to a maximum of five hours.
+- Provide a safe alternative to giving out the master key.
 - Enable clients to read, write, and delete resources in the Cosmos DB account according to the permissions they've been granted.
 
 You can use a resource token (by creating Cosmos DB users and permissions) when you want to provide access to resources in your Cosmos DB account to a client that cannot be trusted with the master key.  
@@ -82,90 +75,69 @@ Cosmos DB resource tokens provide a safe alternative that enables clients to rea
 
 Here is a typical design pattern whereby resource tokens may be requested, generated, and delivered to clients:
 
-1. A mid-tier service is set up to serve a mobile application to share user photos. 
+1. A mid-tier service is set up to serve a mobile application to share user photos.
 2. The mid-tier service possesses the master key of the Cosmos DB account.
-3. The photo app is installed on end-user mobile devices. 
+3. The photo app is installed on end-user mobile devices.
 4. On login, the photo app establishes the identity of the user with the mid-tier service. This mechanism of identity establishment is purely up to the application.
 5. Once the identity is established, the mid-tier service requests permissions based on the identity.
 6. The mid-tier service sends a resource token back to the phone app.
-7. The phone app can continue to use the resource token to directly access Cosmos DB resources with the permissions defined by the resource token and for the interval allowed by the resource token. 
+7. The phone app can continue to use the resource token to directly access Cosmos DB resources with the permissions defined by the resource token and for the interval allowed by the resource token.
 8. When the resource token expires, subsequent requests receive a 401 unauthorized exception.  At this point, the phone app re-establishes the identity and requests a new resource token.
 
     ![Azure Cosmos DB resource tokens workflow](./media/secure-access-to-data/resourcekeyworkflow.png)
 
-Resource token generation and management is handled by the native Cosmos DB client libraries; however, if you use REST you must construct the request/authentication headers. For more information on creating authentication headers for REST, see [Access Control on Cosmos DB Resources](https://docs.microsoft.com/rest/api/cosmos-db/access-control-on-cosmosdb-resources) or the [source code for our SDKs](https://github.com/Azure/azure-documentdb-node/blob/master/source/lib/auth.js).
+Resource token generation and management is handled by the native Cosmos DB client libraries; however, if you use REST you must construct the request/authentication headers. For more information on creating authentication headers for REST, see [Access Control on Cosmos DB Resources](https://docs.microsoft.com/rest/api/cosmos-db/access-control-on-cosmosdb-resources) or the source code for our [.NET SDK](https://github.com/Azure/azure-cosmos-dotnet-v3/blob/master/Microsoft.Azure.Cosmos/src/AuthorizationHelper.cs) or [Node.js SDK](https://github.com/Azure/azure-cosmos-js/blob/master/src/auth.ts).
 
 For an example of a middle tier service used to generate or broker resource tokens, see the [ResourceTokenBroker app](https://github.com/Azure/azure-documentdb-dotnet/tree/master/samples/xamarin/UserItems/ResourceTokenBroker/ResourceTokenBroker/Controllers).
 
-<a id="users"></a>
+## Users<a id="users"></a>
 
-## Users
-Cosmos DB users are associated with a Cosmos database.  Each database can contain zero or more Cosmos DB users.  The following code sample shows how to create a Cosmos DB user resource.
+Azure Cosmos DB users are associated with a Cosmos database.  Each database can contain zero or more Cosmos DB users. The following code sample shows how to create a Cosmos DB user  using the [Azure Cosmos DB .NET SDK v3](https://github.com/Azure/azure-cosmos-dotnet-v3/tree/master/Microsoft.Azure.Cosmos.Samples/Usage/UserManagement).
 
 ```csharp
 //Create a user.
-User docUser = new User
-{
-    Id = "mobileuser"
-};
+Database database = benchmark.client.GetDatabase("SalesDatabase");
 
-docUser = await client.CreateUserAsync(UriFactory.CreateDatabaseUri("db"), docUser);
+User user = await database.CreateUserAsync("User 1");
 ```
 
 > [!NOTE]
-> Each Cosmos DB user has a PermissionsLink property that can be used to retrieve the list of [permissions](#permissions) associated with the user.
-> 
-> 
+> Each Cosmos DB user has a ReadAsync() method that can be used to retrieve the list of [permissions](#permissions) associated with the user.
 
-<a id="permissions"></a>
+## Permissions<a id="permissions"></a>
 
-## Permissions
-A Cosmos DB permission resource is associated with a Cosmos DB user.  Each user may contain zero or more Cosmos DB permissions.  A permission resource provides access to a security token that the user needs when trying to access a specific application resource.
-There are two available access levels that may be provided by a permission resource:
+A permission resource is associated with a user and assigned at the container as well as partition key level. Each user may contain zero or more permissions. A permission resource provides access to a security token that the user needs when trying to access a specific container or data in a specific partition key. There are two available access levels that may be provided by a permission resource:
 
-* All: The user has full permission on the resource.
-* Read: The user can only read the contents of the resource but cannot perform write, update, or delete operations on the resource.
+- All: The user has full permission on the resource.
+- Read: The user can only read the contents of the resource but cannot perform write, update, or delete operations on the resource.
 
 > [!NOTE]
-> In order to run Cosmos DB stored procedures the user must have the All permission on the container in which the stored procedure will be run.
-> 
-> 
+> In order to run stored procedures the user must have the All permission on the container in which the stored procedure will be run.
 
 ### Code sample to create permission
 
 The following code sample shows how to create a permission resource, read the resource token of the permission resource, and associate the permissions with the [user](#users) created above.
 
 ```csharp
-// Create a permission.
-Permission docPermission = new Permission
-{
-    PermissionMode = PermissionMode.Read,
-    ResourceLink = UriFactory.CreateDocumentCollectionUri("db", "collection"),
-    Id = "readperm"
-};
-  
-docPermission = await client.CreatePermissionAsync(UriFactory.CreateUserUri("db", "user"), docPermission);
-Console.WriteLine(docPermission.Id + " has token of: " + docPermission.Token);
+// Create a permission on a container and specific partition key value
+Container container = client.GetContainer("SalesDatabase", "OrdersContainer");
+user.CreatePermissionAsync(
+    new PermissionProperties(
+        id: "permissionUser1Orders",
+        permissionMode: PermissionMode.All,
+        container: benchmark.container,
+        resourcePartitionKey: new PartitionKey("012345")));
 ```
 
-If you have specified a partition key for your collection, then the permission for collection, document, and attachment resources must also include the ResourcePartitionKey in addition to the ResourceLink.
+### Code sample to read permission for user
 
-### Code sample to read permissions for user
-
-To easily obtain all permission resources associated with a particular user, Cosmos DB makes available a permission feed for each user object.  The following code snippet shows how to retrieve the permission associated with the user created above, construct a permission list, and instantiate a new DocumentClient on behalf of the user.
+The following code snippet shows how to retrieve the permission associated with the user created above and instantiate a new CosmosClient on behalf of the user, scoped to a single partition key.
 
 ```csharp
-//Read a permission feed.
-FeedResponse<Permission> permFeed = await client.ReadPermissionFeedAsync(
-  UriFactory.CreateUserUri("db", "myUser"));
- List<Permission> permList = new List<Permission>();
-
-foreach (Permission perm in permFeed)
-{
-    permList.Add(perm);
-}
+//Read a permission, create user client session.
+PermissionProperties permissionProperties = await user.GetPermission("permissionUser1Orders")
 
-DocumentClient userClient = new DocumentClient(new Uri(endpointUrl), permList);
+CosmosClient client = new CosmosClient(accountEndpoint: "MyEndpoint", authKeyOrResourceToken: permissionProperties.Token);
 ```
 
 ## Add users and assign roles
@@ -183,11 +155,14 @@ To add Azure Cosmos DB account reader access to your user account, have a subscr
 The entity can now read Azure Cosmos DB resources.
 
 ## Delete or export user data
+
 Azure Cosmos DB enables you to search, select, modify and delete any personal data located in database or collections. Azure Cosmos DB provides APIs to find and delete personal data however, it’s your responsibility to use the APIs and define logic required to erase the personal data. 
 Each multi-model API (SQL, MongoDB, Gremlin, Cassandra, Table) provides different language SDKs that contain methods to search and delete personal data. You can also enable the [time to live (TTL)](time-to-live.md) feature to delete data automatically after a specified period, without incurring any additional cost.
 
 [!INCLUDE [GDPR-related guidance](../../includes/gdpr-dsr-and-stp-note.md)]
 
 ## Next steps
-* To learn more about Cosmos database security, see [Cosmos DB: Database security](database-security.md).
-* To learn how to construct Azure Cosmos DB authorization tokens, see [Access Control on Azure Cosmos DB Resources](https://docs.microsoft.com/rest/api/cosmos-db/access-control-on-cosmosdb-resources).
+
+- To learn more about Cosmos database security, see [Cosmos DB Database security](database-security.md).
+- To learn how to construct Azure Cosmos DB authorization tokens, see [Access Control on Azure Cosmos DB Resources](https://docs.microsoft.com/rest/api/cosmos-db/access-control-on-cosmosdb-resources).
+- User management samples with users and permissions, [.NET SDK v3 user management samples](https://github.com/Azure/azure-cosmos-dotnet-v3/blob/master/Microsoft.Azure.Cosmos.Samples/Usage/UserManagement/UserManagementProgram.cs)
diff --git a/articles/dms/tutorial-oracle-azure-postgresql-online.md b/articles/dms/tutorial-oracle-azure-postgresql-online.md
@@ -11,7 +11,7 @@ ms.service: dms
 ms.workload: data-services
 ms.custom: "seo-lt-2019"
 ms.topic: article
-ms.date: 01/08/2020
+ms.date: 01/24/2020
 ---
 
 # Tutorial: Migrate Oracle to Azure Database for PostgreSQL online using DMS (Preview)
@@ -44,7 +44,7 @@ To complete this tutorial, you need to:
 
 * Download and install [Oracle 11g Release 2 (Standard Edition, Standard Edition One, or Enterprise Edition)](https://www.oracle.com/technetwork/database/enterprise-edition/downloads/index.html).
 * Download the sample **HR** database from [here](https://docs.oracle.com/database/121/COMSC/installation.htm#COMSC00002).
-* Download and install ora2pg on either [Windows](https://github.com/Microsoft/DataMigrationTeam/blob/master/Whitepapers/Steps%20to%20Install%20ora2pg%20on%20Windows.pdf) or [Linux](https://github.com/Microsoft/DataMigrationTeam/blob/master/Whitepapers/Steps%20to%20Install%20ora2pg%20on%20Linux.pdf).
+* Download and [install ora2pg on either Windows or Linux](https://github.com/microsoft/DataMigrationTeam/blob/master/Whitepapers/Steps%20to%20Install%20ora2pg%20on%20Windows%20and%20Linux.pdf).
 * [Create an instance in Azure Database for PostgreSQL](https://docs.microsoft.com/azure/postgresql/quickstart-create-server-database-portal).
 * Connect to the instance and create a database using the instruction in this [document](https://docs.microsoft.com/azure/postgresql/tutorial-design-database-using-azure-portal).
 * Create a Microsoft Azure Virtual Network for Azure Database Migration Service by using the Azure Resource Manager deployment model, which provides site-to-site connectivity to your on-premises source servers by using either [ExpressRoute](https://docs.microsoft.com/azure/expressroute/expressroute-introduction) or [VPN](https://docs.microsoft.com/azure/vpn-gateway/vpn-gateway-about-vpngateways). For more information about creating a virtual network, see the [Virtual Network Documentation](https://docs.microsoft.com/azure/virtual-network/), and especially the quickstart articles with step-by-step details.
@@ -193,7 +193,7 @@ To configure and run ora2pg for schema conversion, see the **Migration: Schema a
 
 You can choose to convert Oracle table schemas, stored procedures, packages, and other database objects to make them Postgres compatible by using ora2pg before starting a migration pipeline in Azure Database Migration Service. See the links below for how to work with ora2pg:
 
-* [Install ora2pg on Windows](https://github.com/Microsoft/DataMigrationTeam/blob/master/Whitepapers/Steps%20to%20Install%20ora2pg%20on%20Windows.pdf)
+* [Install ora2pg on Windows](https://github.com/microsoft/DataMigrationTeam/blob/master/Whitepapers/Steps%20to%20Install%20ora2pg%20on%20Windows%20and%20Linux.pdf)
 * [Oracle to Azure PostgreSQL Migration Cookbook](https://github.com/Microsoft/DataMigrationTeam/blob/master/Whitepapers/Oracle%20to%20Azure%20PostgreSQL%20Migration%20Cookbook.pdf)
 
 Azure Database Migration Service can also create the PostgreSQL table schema. The service accesses the table schema in the connected Oracle source and creates a compatible table schema in Azure Database for PostgreSQL. Be sure to validate and check the schema format in Azure Database for PostgreSQL after Azure Database Migration Service finishes creating the schema and moving the data.
diff --git a/articles/sql-database/sql-database-monitoring-tuning-index.yml b/articles/sql-database/sql-database-monitoring-tuning-index.yml
@@ -12,7 +12,7 @@ metadata:
   ms.collection: performance # Optional; Remove if no collection is used.
   author: CarlRabeler #Required; your GitHub user alias, with correct capitalization.
   ms.author: carlrab #Required; microsoft alias of author; optional team alias.
-  ms.date: 01/24/2020 #Required; mm/dd/yyyy format.
+  ms.date: 01/25/2020 #Required; mm/dd/yyyy format.
 
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
 
@@ -64,7 +64,7 @@ landingContent:
     linkLists:
       - linkListType: overview
         links: 
-          - text: Using artificial intelligence in the Azure portal to tune performance
+          - text: Monitor and tune using AI 
             url: sql-database-performance.md
       - linkListType: concept
         links:
@@ -104,6 +104,8 @@ landingContent:
             url: sql-database-xevent-db-diff-from-svr.md
           - text: Hyperscale performance diagnostics
             url: sql-database-hyperscale-performance-diagnostics.md
+          - text: Intelligent query processing
+            url: https://docs.microsoft.com/sql/relational-databases/performance/intelligent-query-processing
 
   # Card
   - title: Resource scaling
diff --git a/articles/sql-database/sql-database-service-tier-hyperscale.md b/articles/sql-database/sql-database-service-tier-hyperscale.md
diff --git a/articles/storage/blobs/scalability-targets-premium-page-blobs.md b/articles/storage/blobs/scalability-targets-premium-page-blobs.md
