Merge pull request #223761 from MicrosoftDocs/main

Merge main to live, 4AM

Author: v-ccolin

articles/active-directory/app-provisioning/sap-successfactors-integration-reference.md

@@ -71,7 +71,7 @@ For every user in SuccessFactors, Azure AD provisioning service retrieves the fo
 | 26 | Manager User                           | employmentNav/jobInfoNav/managerUserNav | Only if `managerUserNav` is mapped |
 
 ## How full sync works
-Based on the attribute-mapping, during full sync Azure AD provisioning service sends the following "GET" OData API query to fetch effective data of all active users. 
+Based on the attribute-mapping, during full sync Azure AD provisioning service sends the following "GET" OData API query to fetch effective data of all active and terminated workers. 
 
 > [!div class="mx-tdCol2BreakAll"]
 >| Parameter | Description |
@@ -216,9 +216,11 @@ Extending this scenario:
 
 ### Mapping employment status to account status
 
-By default, the Azure AD SuccessFactors connector uses the `activeEmploymentsCount` field of the `PersonEmpTerminationInfo` object to set account status. There is a known SAP SuccessFactors issue documented in [knowledge base article 3047486](https://launchpad.support.sap.com/#/notes/3047486) that at times this may disable the account of a terminated worker one day prior to the termination on the last day of work. 
+By default, the Azure AD SuccessFactors connector uses the `activeEmploymentsCount` field of the `PersonEmpTerminationInfo` object to set account status. You may encounter one of the following issues with this attribute. 
+1. There is a known SAP SuccessFactors issue documented in [knowledge base article 3047486](https://launchpad.support.sap.com/#/notes/3047486) that at times this may disable the account of a terminated worker one day prior to the termination on the last day of work. 
+1. If the `PersonEmpTerminationInfo` object gets set to null, during termination, then AD account disabling will not work, as the provisioning engine filters out records where `personEmpTerminationInfoNav` object is set to null. 
 
-If you are running into this issue or prefer mapping employment status to  account status, you can update the mapping to expand the `emplStatus` field and use the employment status code present in the field `emplStatus.externalCode`. Based on [SAP support note 2505526](https://launchpad.support.sap.com/#/notes/2505526), here is a list of employment status codes that you can retrieve in the provisioning app. 
+If you are running into any of these issues or prefer mapping employment status to account status, you can update the mapping to expand the `emplStatus` field and use the employment status code present in the field `emplStatus.externalCode`. Based on [SAP support note 2505526](https://launchpad.support.sap.com/#/notes/2505526), here is a list of employment status codes that you can retrieve in the provisioning app. 
 * A = Active 
 * D = Dormant
 * U = Unpaid Leave

articles/active-directory/develop/permissions-consent-overview.md

@@ -52,7 +52,7 @@ There are other ways in which applications can be granted authorization for app-
 
 ### Comparison of delegated and application permissions
 
-| <!-- No header--> | Delegated permissions | Application permissions |
+| | Delegated permissions | Application permissions |
 |--|--|--|
 | Types of apps | Web / Mobile / single-page app (SPA) | Web / Daemon |
 | Access context | Get access on behalf of a user | Get access without a user |

articles/active-directory/develop/whats-new-docs.md

@@ -5,7 +5,7 @@ services: active-directory
 author: henrymbuguakiarie
 manager: CelesteDG
 
-ms.date: 01/05/2023
+ms.date: 01/11/2023
 ms.service: active-directory
 ms.subservice: develop
 ms.topic: reference
@@ -27,14 +27,14 @@ Welcome to what's new in the Microsoft identity platform documentation. This art
 
 ### Updated articles
 
-- [Quickstart: Protect an ASP.NET Core web API with the Microsoft identity platform](quickstart-v2-aspnet-core-web-api.md)
+- [A web API that calls web APIs: Code configuration](scenario-web-api-call-api-app-configuration.md)
 - [Quickstart: Get a token and call the Microsoft Graph API by using a console app's identity](quickstart-v2-netcore-daemon.md)
+- [Quickstart: Protect an ASP.NET Core web API with the Microsoft identity platform](quickstart-v2-aspnet-core-web-api.md)
+- [Tutorial: Create a Blazor Server app that uses the Microsoft identity platform for authentication](tutorial-blazor-server.md)
 - [Tutorial: Sign in users and call a protected API from a Blazor WebAssembly app](tutorial-blazor-webassembly.md)
-- [A web API that calls web APIs: Code configuration](scenario-web-api-call-api-app-configuration.md)
-- [Web app that signs in users: Code configuration](scenario-web-app-sign-user-app-configuration.md)
 - [Web app that signs in users: App registration](scenario-web-app-sign-user-app-registration.md)
-- [Microsoft identity platform docs: What's new](whats-new-docs.md)
-- [Tutorial: Create a Blazor Server app that uses the Microsoft identity platform for authentication](tutorial-blazor-server.md)
+- [Web app that signs in users: Code configuration](scenario-web-app-sign-user-app-configuration.md)
+
 ## November 2022
 
 ### New articles

articles/aks/configure-kubenet.md

@@ -138,10 +138,23 @@ You can create an AKS cluster using a system-assigned managed identity by runnin
 az aks create \
     --resource-group myResourceGroup \
     --name myAKSCluster \
-    --node-count 3 \
     --network-plugin kubenet \
-    --vnet-subnet-id $SUBNET_ID 
+    --service-cidr 10.0.0.0/16 \
+    --dns-service-ip 10.0.0.10 \
+    --pod-cidr 10.244.0.0/16 \
+    --docker-bridge-address 172.17.0.1/16 \
+    --vnet-subnet-id $SUBNET_ID    
 ```
+* The *--service-cidr* is optional. This address is used to assign internal services in the AKS cluster an IP address. This IP address range should be an address space that isn't in use elsewhere in your network environment, including any on-premises network ranges if you connect, or plan to connect, your Azure virtual networks using Express Route or a Site-to-Site VPN connection.
+
+* The *--dns-service-ip* is optional. The address should be the *.10* address of your service IP address range.
+
+* The *--pod-cidr*  is optional. This address should be a large address space that isn't in use elsewhere in your network environment. This range includes any on-premises network ranges if you connect, or plan to connect, your Azure virtual networks using Express Route or a Site-to-Site VPN connection.
+    * This address range must be large enough to accommodate the number of nodes that you expect to scale up to. You can't change this address range once the cluster is deployed if you need more addresses for additional nodes.
+    * The pod IP address range is used to assign a */24* address space to each node in the cluster. In the following example, the *--pod-cidr* of *10.244.0.0/16* assigns the first node *10.244.0.0/24*, the second node *10.244.1.0/24*, and the third node *10.244.2.0/24*.
+    * As the cluster scales or upgrades, the Azure platform continues to assign a pod IP address range to each new node.
+
+* The *--docker-bridge-address* is optional. The address lets the AKS nodes communicate with the underlying management platform. This IP address must not be within the virtual network IP address range of your cluster, and shouldn't overlap with other address ranges in use on your network.
 
 > [!Note]
 > If you wish to enable an AKS cluster to include a [Calico network policy][calico-network-policies] you can use the following command.

articles/api-management/api-management-howto-configure-custom-domain-gateway.md

@@ -16,6 +16,8 @@ ms.author: danlep
 
 When you provision a [self-hosted Azure API Management gateway](self-hosted-gateway-overview.md), it is not assigned a host name and has to be referenced by its IP address. This article shows how to map an existing custom DNS name (also referred to as hostname) to a self-hosted gateway.
 
+[!INCLUDE [api-management-availability-premium-dev](../../includes/api-management-availability-premium-dev.md)]
+
 ## Prerequisites
 
 To perform the steps described in this article, you must have:

articles/api-management/api-management-howto-provision-self-hosted-gateway.md

@@ -20,6 +20,8 @@ ms.author: danlep
 
 Provisioning a gateway resource in your Azure API Management instance is a prerequisite for deploying a self-hosted gateway. This article walks through the steps to provision a gateway resource in API Management.
 
+[!INCLUDE [api-management-availability-premium-dev](../../includes/api-management-availability-premium-dev.md)]
+
 ## Prerequisites
 
 Complete the following quickstart: [Create an Azure API Management instance](get-started-create-service-instance.md)

articles/api-management/how-to-configure-cloud-metrics-logs.md

@@ -22,6 +22,8 @@ This article provides details for configuring cloud metrics and logs for the [se
 
 The self-hosted gateway has to be associated with an API management service and requires outbound TCP/IP connectivity to Azure on port 443. The gateway leverages the outbound connection to send telemetry to Azure, if configured to do so. 
 
+[!INCLUDE [api-management-availability-premium-dev](../../includes/api-management-availability-premium-dev.md)]
+
 ## Metrics
 By default, the self-hosted gateway emits a number of metrics through [Azure Monitor](https://azure.microsoft.com/services/monitor/), same as the managed gateway [in the cloud](api-management-howto-use-azure-monitor.md). 
 

articles/api-management/how-to-configure-local-metrics-logs.md

@@ -20,6 +20,8 @@ ms.author: danlep
 
 This article provides details for configuring local metrics and logs for the [self-hosted gateway](./self-hosted-gateway-overview.md) deployed on a Kubernetes cluster. For configuring cloud metrics and logs, see [this article](how-to-configure-cloud-metrics-logs.md).
 
+[!INCLUDE [api-management-availability-premium-dev](../../includes/api-management-availability-premium-dev.md)]
+
 ## Metrics
 
 The self-hosted gateway supports [StatsD](https://github.com/statsd/statsd), which has become a unifying protocol for metrics collection and aggregation. This section walks through the steps for deploying StatsD to Kubernetes, configuring the gateway to emit metrics via StatsD, and using [Prometheus](https://prometheus.io/) to monitor the metrics.

articles/api-management/how-to-deploy-self-hosted-gateway-azure-arc.md

@@ -19,6 +19,8 @@ Deploying the API Management gateway on an Azure Arc-enabled Kubernetes cluster
 > [!NOTE]
 > You can also deploy the self-hosted gateway [directly to Kubernetes](./how-to-deploy-self-hosted-gateway-azure-kubernetes-service.md).
 
+[!INCLUDE [api-management-availability-premium-dev](../../includes/api-management-availability-premium-dev.md)]
+
 ## Prerequisites
 
 * [Connect your Kubernetes cluster](../azure-arc/kubernetes/quickstart-connect-cluster.md) within a supported Azure Arc region.

articles/api-management/how-to-deploy-self-hosted-gateway-azure-kubernetes-service.md

@@ -18,6 +18,8 @@ This article provides the steps for deploying self-hosted gateway component of A
 > [!NOTE]
 > You can also deploy self-hosted gateway to an [Azure Arc-enabled Kubernetes cluster](how-to-deploy-self-hosted-gateway-azure-arc.md) as a [cluster extension](../azure-arc/kubernetes/extensions.md).
 
+[!INCLUDE [api-management-availability-premium-dev](../../includes/api-management-availability-premium-dev.md)]
+
 ## Prerequisites
 
 - [Create an Azure API Management instance](get-started-create-service-instance.md)