MicrosoftDocs
diff --git a/‎articles/aks/developer-best-practices-pod-security.md
Lines changed: 9 additions & 6 deletions b/‎articles/aks/developer-best-practices-pod-security.md
Lines changed: 9 additions & 6 deletions
diff --git a/‎articles/aks/egress-outboundtype.md
Lines changed: 0 additions & 3 deletions b/‎articles/aks/egress-outboundtype.md
Lines changed: 0 additions & 3 deletions
diff --git a/‎articles/aks/uptime-sla.md
Lines changed: 9 additions & 11 deletions b/‎articles/aks/uptime-sla.md
Lines changed: 9 additions & 11 deletions
diff --git a/‎articles/aks/use-network-policies.md
Lines changed: 4 additions & 4 deletions b/‎articles/aks/use-network-policies.md
Lines changed: 4 additions & 4 deletions
diff --git a/‎articles/cognitive-services/Speech-Service/language-support.md
Lines changed: 2 additions & 0 deletions b/‎articles/cognitive-services/Speech-Service/language-support.md
Lines changed: 2 additions & 0 deletions
diff --git a/‎articles/cosmos-db/manage-cassandra-with-resource-manager.md
Lines changed: 210 additions & 4 deletions b/‎articles/cosmos-db/manage-cassandra-with-resource-manager.md
Lines changed: 210 additions & 4 deletions
@@ -66,14 +66,17 @@ Work with your cluster operator to determine what security context settings you
 
 To limit the risk of credentials being exposed in your application code, avoid the use of fixed or shared credentials. Credentials or keys shouldn't be included directly in your code. If these credentials are exposed, the application needs to be updated and redeployed. A better approach is to give pods their own identity and way to authenticate themselves, or automatically retrieve credentials from a digital vault.
 
-The following [associated AKS open source projects][aks-associated-projects] let you automatically authenticate pods or request credentials and keys from a digital vault:
+### Use Azure Container Compute Upstream projects
 
-* Managed identities for Azure resources, and
-* [Azure Key Vault Provider for Secrets Store CSI Driver](https://github.com/Azure/secrets-store-csi-driver-provider-azure#usage)
+> [!IMPORTANT]
+> Associated AKS open source projects are not supported by Azure technical support. They are provided for users to self-install into clusters and gather feedback from our community.
 
-Associated AKS open source projects are not supported by Azure technical support. They are provided to gather feedback and bugs from our community. These projects are not recommended for production use.
+The following [associated AKS open source projects][aks-associated-projects] let you automatically authenticate pods or request credentials and keys from a digital vault. These projects are maintained by the Azure Container Compute Upstream team and are part of a [broader list of projects available for use](https://github.com/Azure/container-compute-upstream/blob/master/README.md#support).
 
-### Use pod managed identities
+ * [Azure Active Directory Pod Identity][aad-pod-identity]
+ * [Azure Key Vault Provider for Secrets Store CSI Driver](https://github.com/Azure/secrets-store-csi-driver-provider-azure#usage)
+
+#### Use pod managed identities
 
 A managed identity for Azure resources lets a pod authenticate itself against Azure services that support it, such as Storage or SQL. The pod is assigned an Azure Identity that lets them authenticate to Azure Active Directory and receive a digital token. This digital token can be presented to other Azure services that check if the pod is authorized to access the service and perform the required actions. This approach means that no secrets are required for database connection strings, for example. The simplified workflow for pod managed identity is shown in the following diagram:
 
@@ -83,7 +86,7 @@ With a managed identity, your application code doesn't need to include credentia
 
 For more information about pod identities, see [Configure an AKS cluster to use pod managed identities and with your applications][aad-pod-identity]
 
-### Use Azure Key Vault with Secrets Store CSI Driver
+#### Use Azure Key Vault with Secrets Store CSI Driver
 
 Using the pod identity project enables authentication against supporting Azure services. For your own services or applications without managed identities for Azure resources, you can still authenticate using credentials or keys. A digital vault can be used to store these secret contents.
 
 
@@ -117,9 +117,6 @@ DEVSUBNET_NAME="${PREFIX}dev"
 Next, set subscription IDs.
 
 ```azure-cli
-# Get ARM Access Token and Subscription ID - This will be used for AuthN later.
-
-ACCESS_TOKEN=$(az account get-access-token -o tsv --query 'accessToken')
 
 # NOTE: Update Subscription Name
 # Set Default Azure Subscription to be Used via Subscription ID
 
@@ -1,25 +1,25 @@
 ---
-title: Azure Kubernetes Service (AKS) high availability with Uptime SLA
-description: Learn about the optional high availability Uptime SLA offering for the Azure Kubernetes Service (AKS) API Server.
+title: Azure Kubernetes Service (AKS) with Uptime SLA
+description: Learn about the optional Uptime SLA offering for the Azure Kubernetes Service (AKS) API Server.
 services: container-service
 ms.topic: conceptual
 ms.date: 05/11/2020
 ---
 
 # Azure Kubernetes Service (AKS) Uptime SLA
 
-Uptime SLA is an optional feature to enable financially backed higher SLA for a cluster. Uptime SLA guarantees 99.95% availability of the Kubernetes API server endpoint for clusters that use [Availability Zone][availability-zones] and 99.9% of availability for clusters that don't use availability zones. AKS uses master node replicas across update and fault domains to ensure SLA requirements are met.
+Uptime SLA is an optional feature to enable a financially backed, higher SLA for a cluster. Uptime SLA guarantees 99.95% availability of the Kubernetes API server endpoint for clusters that use [Availability Zones][availability-zones] and 99.9% of availability for clusters that don't use Availability Zones. AKS uses master node replicas across update and fault domains to ensure SLA requirements are met.
 
-Customers needing SLA for compliance reasons or extending SLA's to their customers should turn on this feature. Customers with critical workloads who need higher availability with an option of SLA benefit from enabling this feature. Enable the feature with Availability Zones to obtain higher availability of the Kubernetes API server.  
+Customers needing an SLA to meet compliance requirements or require extending an SLA to their end-users should enable this feature. Customers with critical workloads that will benefit from a higher uptime SLA may also benefit. Using the Uptime SLA feature with Availability Zones enables a higher availability for the uptime of the Kubernetes API server.  
 
-Customers can create unlimited free clusters with a service level objective (SLO) of 99.5%.
+Customers can still create unlimited free clusters with a service level objective (SLO) of 99.5% and opt for the preferred SLO or SLA Uptime as needed.
 
 > [!Important]
 > For clusters with egress lockdown, see [limit egress traffic](limit-egress-traffic.md) to open appropriate ports for Uptime SLA.
 
 ## SLA terms and conditions
 
-Uptime SLA is a paid feature and enabled per cluster. Uptime SLA pricing is determined by the number of clusters, and not by the size of the clusters. You can view [Uptime SLA pricing details](https://azure.microsoft.com/pricing/details/kubernetes-service/) for more information.
+Uptime SLA is a paid feature and enabled per cluster. Uptime SLA pricing is determined by the number of discrete clusters, and not by the size of the individual clusters. You can view [Uptime SLA pricing details](https://azure.microsoft.com/pricing/details/kubernetes-service/) for more information.
 
 ## Region Availability
 
@@ -59,19 +59,17 @@ After a few minutes, the command completes and returns JSON-formatted informatio
     "name": "Basic",
     "tier": "Paid"
   },
-  "tags": null,
-  "type": "Microsoft.ContainerService/ManagedClusters",
-  "windowsProfile": null
 ```
 
 ## Limitations
 
-* You can't currently add Uptime SLA to existing clusters.
-* Currently, there is no way to remove Uptime SLA from an AKS cluster.  
+* Currently, cannot convert as existing cluster to enable the Uptime SLA.
+* Currently, there is no way to remove Uptime SLA from an AKS cluster after creation with it enabled.  
 
 ## Next steps
 
 Use [Availability Zones][availability-zones] to increase high availability with your AKS cluster workloads.
+Configure your cluster to [limit egress traffic](limit-egress-traffic.md).
 
 <!-- LINKS - External -->
 [azure-support]: https://ms.portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest
 
@@ -77,7 +77,7 @@ The following example script:
 * Creates an Azure Active Directory (Azure AD) service principal for use with the AKS cluster.
 * Assigns *Contributor* permissions for the AKS cluster service principal on the virtual network.
 * Creates an AKS cluster in the defined virtual network and enables network policy.
-    * The *azure* network policy option is used. To use Calico as the network policy option instead, use the `--network-policy calico` parameter. Note: Calico could be used with either `--network-plugin azure` or `--network-plugin kubenet`.
+    * The _Azure Network_ policy option is used. To use Calico as the network policy option instead, use the `--network-policy calico` parameter. Note: Calico could be used with either `--network-plugin azure` or `--network-plugin kubenet`.
 
 Note that instead of using a service principal, you can use a managed identity for permissions. For more information, see [Use managed identities](use-managed-identity.md).
 
@@ -142,7 +142,7 @@ az aks get-credentials --resource-group $RESOURCE_GROUP_NAME --name $CLUSTER_NAM
 
 ## Deny all inbound traffic to a pod
 
-Before you define rules to allow specific network traffic, first create a network policy to deny all traffic. This policy gives you a starting point to begin to whitelist only the  desired traffic. You can also clearly see that traffic is dropped when the network policy is applied.
+Before you define rules to allow specific network traffic, first create a network policy to deny all traffic. This policy gives you a starting point to begin to create an allow list for only the desired traffic. You can also clearly see that traffic is dropped when the network policy is applied.
 
 For the sample application environment and traffic rules, let's first create a namespace called *development* to run the example pods:
 
@@ -470,9 +470,9 @@ To learn more about policies, see [Kubernetes network policies][kubernetes-netwo
 [policy-rules]: https://kubernetes.io/docs/concepts/services-networking/network-policies/#behavior-of-to-and-from-selectors
 [aks-github]: https://github.com/azure/aks/issues
 [tigera]: https://www.tigera.io/
-[calicoctl]: https://docs.projectcalico.org/v3.9/reference/calicoctl/
+[calicoctl]: https://docs.projectcalico.org/reference/calicoctl/
 [calico-support]: https://www.tigera.io/tigera-products/calico/
-[calico-logs]: https://docs.projectcalico.org/v3.9/maintenance/component-logs
+[calico-logs]: https://docs.projectcalico.org/maintenance/troubleshoot/component-logs
 [calico-aks-cleanup]: https://github.com/Azure/aks-engine/blob/master/docs/topics/calico-3.3.1-cleanup-after-upgrade.yaml
 
 <!-- LINKS - internal -->
 
@@ -34,7 +34,9 @@ https://cris.ai -> Click on Adaptation Data -> scroll down to section "Pronuncia
 | `ar-AE` | Arabic (UAE)                      | Yes       | No                                                |
 | `ar-BH` | Arabic (Bahrain), modern standard | Yes       | Language model                                    |
 | `ar-EG` | Arabic (Egypt)                    | Yes       | Language model                                    |
+| `ar-IL` | Arabic (Israel)                   | Yes       | No                                                |
 | `ar-KW` | Arabic (Kuwait)                   | Yes       | No                                                |
+| `ar-PS` | Arabic (Palestine)                | Yes       | No                                                |
 | `ar-QA` | Arabic (Qatar)                    | Yes       | No                                                |
 | `ar-SA` | Arabic (Saudi Arabia)             | Yes       | No                                                |
 | `ar-SY` | Arabic (Syria)                    | Yes       | Language model                                    |
 
@@ -4,7 +4,7 @@ description: Use Azure Resource Manager templates to create and configure Azure
 author: markjbrown
 ms.service: cosmos-db
 ms.topic: conceptual
-ms.date: 04/30/2020
+ms.date: 05/12/2020
 ms.author: mjbrown
 ---
 
@@ -26,11 +26,217 @@ To create any of the Azure Cosmos DB resources below, copy the following example
 
 ## Azure Cosmos account for Cassandra with autoscale provisioned throughput
 
-This template creates an Azure Cosmos account in two regions with options for consistency and failover, with a keyspace and table configured for autoscale throughput. This template is also available for one-click deploy from Azure Quickstart Templates Gallery.
+This template creates an Azure Cosmos account in two regions with options for consistency and failover, with a keyspace and table configured for autoscale throughput. 
 
-[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2F101-cosmosdb-cassandra-autosscale%2Fazuredeploy.json)
+```json
+{
+   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+   "contentVersion": "1.0.0.0",
+   "parameters": {
+      "accountName": {
+         "type": "string",
+         "defaultValue": "[concat('cassandra-', uniqueString(resourceGroup().id))]",
+         "metadata": {
+            "description": "Cosmos DB account name, max length 44 characters"
+         }
+      },
+      "location": {
+         "type": "string",
+         "defaultValue": "[resourceGroup().location]",   
+         "metadata": {
+            "description": "Location for the Cosmos DB account."
+         }
+      },
+      "primaryRegion":{
+         "type":"string",
+         "metadata": {
+            "description": "The primary replica region for the Cosmos DB account."
+         }
+      },
+      "secondaryRegion":{
+         "type":"string",
+         "metadata": {
+           "description": "The secondary replica region for the Cosmos DB account."
+        }
+      },
+      "defaultConsistencyLevel": {
+         "type": "string",
+         "defaultValue": "Session",
+         "allowedValues": [ "Eventual", "ConsistentPrefix", "Session", "BoundedStaleness", "Strong" ],
+         "metadata": {
+            "description": "The default consistency level of the Cosmos DB account."
+         }
+      },
+      "maxStalenessPrefix": {
+         "type": "int",
+         "defaultValue": 100000,
+         "minValue": 10,
+         "maxValue": 1000000,
+         "metadata": {
+            "description": "Max stale requests. Required for BoundedStaleness. Valid ranges, Single Region: 10 to 1000000. Multi Region: 100000 to 1000000."
+         }
+      },
+      "maxIntervalInSeconds": {
+         "type": "int",
+         "defaultValue": 300,
+         "minValue": 5,
+         "maxValue": 86400,
+         "metadata": {
+            "description": "Max lag time (seconds). Required for BoundedStaleness. Valid ranges, Single Region: 5 to 84600. Multi Region: 300 to 86400."
+         }
+      },
+      "automaticFailover": {
+         "type": "bool",
+         "defaultValue": true,
+         "allowedValues": [ true, false ],
+         "metadata": {
+            "description": "Enable automatic failover for regions"
+         }
+      },
+      "keyspaceName": {
+         "type": "string",
+         "metadata": {
+            "description": "The name for the Cassandra Keyspace"
+         }
+      },
+      "tableName": {
+         "type": "string",
+         "metadata": {
+            "description": "The name for the Cassandra table"
+         }
+      },
+      "throughputPolicy":{
+            "type": "string",
+            "defaultValue": "Autoscale",
+            "allowedValues": [ "Manual", "Autoscale" ],
+            "metadata": {
+                "description": "The throughput policy for the Cassandra table"
+            }
+        },
+        "manualProvisionedThroughput": {
+            "type": "int",
+            "defaultValue": 400,
+            "minValue": 400,
+            "maxValue": 1000000,
+            "metadata": {
+                "description": "Throughput value when using Provisioned Throughput Policy for the Cassandra table"
+            }
+        },
+        "autoscaleMaxThroughput": {
+            "type": "int",
+            "defaultValue": 4000,
+            "minValue": 4000,
+            "maxValue": 1000000,
+            "metadata": {
+                "description": "Maximum throughput when using Autoscale Throughput Policy for the Cassandra table"
+            }
+        }
+   },
+   "variables": {
+      "accountName": "[toLower(parameters('accountName'))]",
+      "consistencyPolicy": {
+         "Eventual": {
+            "defaultConsistencyLevel": "Eventual"
+         },
+         "ConsistentPrefix": {
+            "defaultConsistencyLevel": "ConsistentPrefix"
+         },
+         "Session": {
+            "defaultConsistencyLevel": "Session"
+         },
+         "BoundedStaleness": {
+            "defaultConsistencyLevel": "BoundedStaleness",
+            "maxStalenessPrefix": "[parameters('maxStalenessPrefix')]",
+            "maxIntervalInSeconds": "[parameters('maxIntervalInSeconds')]"
+         },
+         "Strong": {
+            "defaultConsistencyLevel": "Strong"
+         }
+      },
+      "locations":
+      [
+        {
+            "locationName": "[parameters('primaryRegion')]",
+            "failoverPriority": 0,
+            "isZoneRedundant": false
+        },
+        {
+            "locationName": "[parameters('secondaryRegion')]",
+            "failoverPriority": 1,
+            "isZoneRedundant": false
+        }
+      ],
+      "throughputPolicy": {
+            "Manual": {
+                  "throughput": "[parameters('manualProvisionedThroughput')]"
+            },
+            "Autoscale": {
+                  "autoscaleSettings": { "maxThroughput": "[parameters('autoscaleMaxThroughput')]" }
+            }
+        },
+        "throughputPolicyToUse": "[if(equals(parameters('throughputPolicy'), 'Manual'), variables('throughputPolicy').Manual, variables('throughputPolicy').Autoscale)]"
+   },
+   "resources":
+   [
+      {
+        "type": "Microsoft.DocumentDB/databaseAccounts",
+        "name": "[variables('accountName')]",
+        "apiVersion": "2020-04-01",
+        "location": "[parameters('location')]",
+        "kind": "GlobalDocumentDB",
+        "properties": {
+            "capabilities": [{ "name": "EnableCassandra" }],
+            "consistencyPolicy": "[variables('consistencyPolicy')[parameters('defaultConsistencyLevel')]]",
+            "locations": "[variables('locations')]",
+            "databaseAccountOfferType": "Standard",
+            "enableAutomaticFailover": "[parameters('automaticFailover')]"
+        }
+      },
+      {
+        "type": "Microsoft.DocumentDB/databaseAccounts/cassandraKeyspaces",
+        "name": "[concat(variables('accountName'), '/', parameters('keyspaceName'))]",
+        "apiVersion": "2020-04-01",
+        "dependsOn": [ "[resourceId('Microsoft.DocumentDB/databaseAccounts/', variables('accountName'))]" ],
+        "properties":{
+            "resource":{
+               "id": "[parameters('keyspaceName')]"
+            }
+        }
+      },
+      {
+        "type": "Microsoft.DocumentDb/databaseAccounts/cassandraKeyspaces/tables",
+        "name": "[concat(variables('accountName'), '/', parameters('keyspaceName'), '/', parameters('tableName'))]",
+        "apiVersion": "2020-04-01",
+        "dependsOn": [ "[resourceId('Microsoft.DocumentDB/databaseAccounts/cassandraKeyspaces', variables('accountName'), parameters('keyspaceName'))]" ],
+        "properties":
+        {
+            "resource":{
+                "id":  "[parameters('tableName')]",
+                "schema": {
+                  "columns": [
+                    { "name": "loadid", "type": "uuid" },
+                    { "name": "machine", "type": "uuid" },
+                    { "name": "cpu", "type": "int" },
+                    { "name": "mtime", "type": "int" },
+                    { "name": "load", "type": "float" }
+                  ],
+                  "partitionKeys": [
+                    { "name": "machine" },
+                    { "name": "cpu" },
+                    { "name": "mtime" }
+                  ],
+                  "clusterKeys": [
+                    { "name": "loadid", "orderBy": "asc" }
+                  ]
+                }
+            },
+            "options": "[variables('throughputPolicyToUse')]"
+        }
+      }
+   ]
+}
 
-:::code language="json" source="~/quickstart-templates/101-cosmosdb-cassandra-autoscale/azuredeploy.json":::
+```
 
 <a id="create-manual"></a>