Merge pull request #112054 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to master to sync with https://github.com/Microsoft/azure-docs (branch master)

Author: huypub

articles/active-directory/users-groups-roles/roles-delegate-by-task.md

@@ -73,9 +73,9 @@ Configure company properties | Global Administrator |
 
 Task | Least privileged role | Additional roles
 ---- | --------------------- | ----------------
-Passthrough authentication | Global Administrator | 
-Read all configuration | Global reader | 
-Seamless single sign-on | Global Administrator | 
+Passthrough authentication | Hybrid Identity Administrator | 
+Read all configuration | Global reader | Hybrid Identity Administrator |
+Seamless single sign-on | Hybrid Identity Administrator | 
 
 ## Connect Health
 

articles/app-service/containers/configure-language-php.md

@@ -83,7 +83,7 @@ The default PHP image for App Service uses Apache, and it doesn't let you custom
 <IfModule mod_rewrite.c>
     RewriteEngine on
 
-    RewriteRule ^.*$ /public/$1 [NC,L,QSA]
+    RewriteRule ^(.*)$ /public/$1 [NC,L,QSA]
 </IfModule>
 ```
 

articles/application-gateway/application-gateway-faq.md

@@ -67,7 +67,7 @@ For the v2 SKU, open the public IP resource and select **Configuration**. The **
 
 *Keep-Alive timeout* governs how long the Application Gateway will wait for a client to send another HTTP request on a persistent connection before reusing it or closing it. *TCP idle timeout* governs how long a TCP connection is kept open in case of no activity. 
 
-The *Keep-Alive timeout* in the Application Gateway v1 SKU is 120 seconds and in the v2 SKU it's 75 seconds. The *TCP idle timeout* is a 4-minute default on the frontend virtual IP (VIP) of both v1 and v2 SKU of Application Gateway. 
+The *Keep-Alive timeout* in the Application Gateway v1 SKU is 120 seconds and in the v2 SKU it's 75 seconds. The *TCP idle timeout* is a 4-minute default on the frontend virtual IP (VIP) of both v1 and v2 SKU of Application Gateway. You can't change these values.
 
 ### Does the IP or DNS name change over the lifetime of the application gateway?
 

articles/hdinsight/kafka/rest-proxy.md

@@ -69,7 +69,7 @@ For REST proxy endpoint requests, client applications should get an OAuth token.
 You can use the python code below to interact with the REST proxy on your Kafka cluster. To use the code sample, follow these steps:
 
 1. Save the sample code on a machine with Python installed.
-1. Install required python dependencies by executing `pip3 install adal` and `pip install msrestazure`.
+1. Install required python dependencies by executing `pip3 install msal`.
 1. Modify the code section **Configure these properties** and update the following properties for your environment:
 
     |Property |Description |
@@ -79,7 +79,7 @@ You can use the python code below to interact with the REST proxy on your Kafka
     |Client Secret|The secret for the application that you registered in the security group.|
     |Kafkarest_endpoint|Get this value from the **Properties** tab in the cluster overview as described in the [deployment section](#create-a-kafka-cluster-with-rest-proxy-enabled). It should be in the following format – `https://<clustername>-kafkarest.azurehdinsight.net`|
 
-1. From the command line, execute the python file by executing `python <filename.py>`
+1. From the command line, execute the python file by executing `sudo python3 <filename.py>`
 
 This code does the following action:
 
@@ -90,13 +90,9 @@ For more information on getting OAuth tokens in python, see [Python Authenticati
 
 ```python
 #Required python packages
-#pip3 install adal
-#pip install msrestazure
+#pip3 install msal
 
-import adal
-from msrestazure.azure_active_directory import AdalAuthentication
-from msrestazure.azure_cloud import AZURE_PUBLIC_CLOUD
-import requests
+import msal
 
 #--------------------------Configure these properties-------------------------------#
 # Tenant ID for your Azure Subscription
@@ -109,19 +105,24 @@ client_secret = 'password'
 kafkarest_endpoint = "https://<clustername>-kafkarest.azurehdinsight.net"
 #--------------------------Configure these properties-------------------------------#
 
-#getting token
-login_endpoint = AZURE_PUBLIC_CLOUD.endpoints.active_directory
-resource = "https://hib.azurehdinsight.net"
-context = adal.AuthenticationContext(login_endpoint + '/' + tenant_id)
+# Scope
+scope = 'https://hib.azurehdinsight.net/.default'
+#Authority
+authority = 'https://login.microsoftonline.com/' + tenant_id
 
-token = context.acquire_token_with_client_credentials(
-    resource,
-    client_id,
-    client_secret)
+# Create a preferably long-lived app instance which maintains a token cache.
+app = msal.ConfidentialClientApplication(
+    client_id , client_secret, authority,
+    #cache - For details on how look at this example: https://github.com/Azure-Samples/ms-identity-python-webapp/blob/master/app.py
+    )
 
-accessToken = 'Bearer ' + token['accessToken']
+# The pattern to acquire a token looks like this.
+result = None
 
-print(accessToken)
+result = app.acquire_token_for_client(scopes=[scope])
+
+print(result)
+accessToken = result['access_token']
 
 # relative url
 getstatus = "/v1/metadata/topics"
@@ -132,10 +133,10 @@ response = requests.get(request_url, headers={'Authorization': accessToken})
 print(response.content)
 ```
 
-Find below another sample on how to get a token from Azure for REST proxy using a curl command. Notice that we need the `resource=https://hib.azurehdinsight.net` specified while getting a token.
+Find below another sample on how to get a token from Azure for REST proxy using a curl command. **Notice that we need the `scope=https://hib.azurehdinsight.net/.default` specified while getting a token.**
 
 ```cmd
-curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'client_id=<clientid>&client_secret=<clientsecret>&grant_type=client_credentials&resource=https://hib.azurehdinsight.net' 'https://login.microsoftonline.com/<tenantid>/oauth2/token'
+curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'client_id=<clientid>&client_secret=<clientsecret>&grant_type=client_credentials&scope=https://hib.azurehdinsight.net/.default' 'https://login.microsoftonline.com/<tenantid>/oauth2/v2.0/token'
 ```
 
 ## Next steps

articles/service-fabric/service-fabric-tutorial-dotnet-app-enable-https-endpoint.md

@@ -36,7 +36,7 @@ In this tutorial series you learn how to:
 Before you begin this tutorial:
 
 * If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F)
-* [Install Visual Studio 2019](https://www.visualstudio.com/) version 15.5 or later with the **Azure development** and **ASP.NET and web development** workloads.
+* [Install Visual Studio 2019](https://www.visualstudio.com/) version 16.5 or later with the **Azure development** and **ASP.NET and web development** workloads.
 * [Install the Service Fabric SDK](service-fabric-get-started.md)
 
 ## Obtain a certificate or create a self-signed development certificate

articles/virtual-machines/custom-data.md

@@ -49,7 +49,7 @@ In Azure Resource Manager (ARM), there is a [base64 function](https://docs.micro
         "computerName": "[parameters('virtualMachineName')]",
         "adminUsername": "[parameters('adminUsername')]",
         "adminPassword": "[parameters('adminPassword')]",
-        "customDataBase64": "[variables('customData')]"
+        "customData": "[variables('customDataBase64')]"
     	},
 ```
 

articles/virtual-machines/linux/redhat-create-upload-vhd.md

@@ -112,7 +112,7 @@ This section assumes that you have already obtained an ISO file from the Red Hat
 
 1. Run the following commands to deprovision the virtual machine and prepare it for provisioning on Azure:
 
-        # Mote: if you are migrating a specific virtual machine and do not wish to create a generalized image,
+        # Note: if you are migrating a specific virtual machine and do not wish to create a generalized image,
         # skip the deprovision step
         # sudo waagent -force -deprovision