Merge pull request #180092 from MicrosoftDocs/repo_sync_working_branch

huypub · web-flow · commit 3153d3454967 · 2021-11-16T14:45:43.000-08:00
Confirm merge from repo_sync_working_branch to master to sync with https://github.com/MicrosoftDocs/azure-docs (branch master)
diff --git a/articles/active-directory/hybrid/how-to-connect-health-diagnose-sync-errors.md b/articles/active-directory/hybrid/how-to-connect-health-diagnose-sync-errors.md
@@ -105,8 +105,8 @@ For the **orphaned object scenario**, only the single user **Joe Johnson** is pr
 This question checks an incoming conflicting user and the existing user object in Azure AD to see if they belong to the same user.  
 1. The conflicting object is newly synced to Azure Active Directory. Compare the objects' attributes:  
    - Display Name
-   - User Principal Name
-   - Object ID
+   - UserPrincipalName or SignInName
+   - ObjectID
 2. If Azure AD fails to compare them, check whether Active Directory has objects with the provided **UserPrincipalNames**. Answer **No** if you find both.
 
 In the following example, the two objects belong to the same user **Joe Johnson**.
@@ -157,4 +157,4 @@ The specific settings such as [UserWriteback in Azure AD Connect](./how-to-conne
 
 
 **Q.** If the existing object is soft deleted, will the diagnosis process make the object active again?  
-**A.** No, the fix won't update object attributes other than **Source Anchor**.
+**A.** No, the fix won't update object attributes other than **Source Anchor**.
diff --git a/articles/active-directory/hybrid/how-to-connect-sync-configure-filtering.md b/articles/active-directory/hybrid/how-to-connect-sync-configure-filtering.md
@@ -209,6 +209,8 @@ You can apply [inbound](#inbound-filtering) filtering from Active Directory to t
 ### Inbound filtering
 Inbound filtering uses the default configuration, where objects going to Azure AD must have the metaverse attribute cloudFiltered not set to a value to be synchronized. If this attribute's value is set to **True**, then the object isn't synchronized. It shouldn't be set to **False**, by design. To make sure other rules have the ability to contribute a value, this attribute is only supposed to have the values **True** or **NULL** (absent).
 
+Note that Azure AD Connect is designed to clean up the objects it was responsible to provision in Azure AD. If the system hasn't provisioned the object in Azure AD in the past, but it gets the Azure AD object during an import step, it correctly assumes that this object was created in Azure AD by some other system. Azure AD Connect doesn't clean up these types of Azure AD objects, even when the metaverse attribute `cloudFiltered` is set to **True**.
+
 In inbound filtering, you use the power of **scope** to determine which objects to synchronize or not synchronize. This is where you make adjustments to fit your own organization's requirements. The scope module has a **group** and a **clause** to determine when a sync rule is in scope. A group contains one or many clauses. There is a logical "AND" between multiple clauses, and a logical "OR" between multiple groups.
 
 Let us look at an example:  
diff --git a/articles/active-directory/hybrid/how-to-connect-sync-feature-prevent-accidental-deletes.md b/articles/active-directory/hybrid/how-to-connect-sync-feature-prevent-accidental-deletes.md
@@ -59,11 +59,10 @@ If this was unexpected, then investigate and take corrective actions. To see whi
 ## If all deletes are desired
 If all the deletes are desired, then do the following:
 
-1. To retrieve the current deletion threshold, run the PowerShell cmdlet `Get-ADSyncExportDeletionThreshold`. Provide an Azure AD Global Administrator account and password. The default value is 500.
-2. To temporarily disable this protection and let those deletes go through, run the PowerShell cmdlet: `Disable-ADSyncExportDeletionThreshold`. Provide an Azure AD Global Administrator account and password.
-   ![Screenshot shows a dialog box for entering the Azure AD Global Administrator user name and password.](./media/how-to-connect-sync-feature-prevent-accidental-deletes/credentials.png)
+1. To retrieve the current deletion threshold, run the PowerShell cmdlet `Get-ADSyncExportDeletionThreshold`. The default value is 500.
+2. To temporarily disable this protection and let those deletes go through, run the PowerShell cmdlet: `Disable-ADSyncExportDeletionThreshold`.
 3. With the Azure Active Directory Connector still selected, select the action **Run** and select **Export**.
-4. To re-enable the protection, run the PowerShell cmdlet: `Enable-ADSyncExportDeletionThreshold -DeletionThreshold 500`. Replace 500 with the value you noticed when retrieving the current deletion threshold. Provide an Azure AD Global Administrator account and password.
+4. To re-enable the protection, run the PowerShell cmdlet: `Enable-ADSyncExportDeletionThreshold -DeletionThreshold 500`. Replace 500 with the value you noticed when retrieving the current deletion threshold.
 
 ## Next steps
 **Overview topics**
diff --git a/articles/active-directory/hybrid/reference-connect-version-history.md b/articles/active-directory/hybrid/reference-connect-version-history.md
diff --git a/articles/active-directory/hybrid/tshoot-connect-sync-errors.md b/articles/active-directory/hybrid/tshoot-connect-sync-errors.md
@@ -128,7 +128,9 @@ The most common reason for the ObjectTypeMismatch error is two objects of differ
 #### Description
 Azure Active Directory schema does not allow two or more objects to have the same value of the following attributes. That is each object in Azure AD is forced to have a unique value of these attributes at a given instance.
 
+* Mail
 * ProxyAddresses
+* SignInName
 * UserPrincipalName
 
 If Azure AD Connect attempts to add a new object or update an existing object with a value for the above attributes that is already assigned to another object in Azure Active Directory, the operation results in the "AttributeValueMustBeUnique" sync error.
diff --git a/articles/active-directory/hybrid/whatis-azure-ad-connect.md b/articles/active-directory/hybrid/whatis-azure-ad-connect.md
@@ -7,15 +7,17 @@ manager: daveba
 ms.service: active-directory
 ms.workload: identity
 ms.topic: overview
-ms.date: 01/08/2020
+ms.date: 10/06/2021
 ms.subservice: hybrid
 ms.author: billmath
 ms.collection: M365-identity-device-management
 ---
 
 # What is Azure AD Connect?
 
-Azure AD Connect is the Microsoft tool designed to meet and accomplish your hybrid identity goals.  It provides the following features:
+Azure AD Connect is an on-premises Microsoft application that's designed to meet and accomplish your hybrid identity goals. If you're evaluating how to best meet your goals, you should also consider the cloud-managed solution [Azure AD Connect cloud sync](../cloud-sync/what-is-cloud-sync.md).
+
+Azure AD Connect provides the following features:
      
 - [Password hash synchronization](whatis-phs.md) - A sign-in method that synchronizes a hash of a users on-premises AD password with Azure AD.
 - [Pass-through authentication](how-to-connect-pta.md) - A sign-in method that allows users to use the same password on-premises and in the cloud, but doesn't require the additional infrastructure of a federated environment.
diff --git a/articles/api-management/api-management-howto-integrate-internal-vnet-appgateway.md b/articles/api-management/api-management-howto-integrate-internal-vnet-appgateway.md
@@ -434,6 +434,8 @@ $managementRule = New-AzApplicationGatewayRequestRoutingRule -Name "managementru
 
 Configure the number of instances and size for the application gateway. In this example, we are using the [WAF_v2 SKU](../web-application-firewall/ag/ag-overview.md) for increased security of the API Management resource.
 
+We recommend using a minimum of two instances (_Capacity_) for production workloads. However, you might want to use only one instance for non-production scenarios or for general experimentation. For more information, see [Azure Application Gateway pricing](../application-gateway/understanding-pricing.md#instance-count).
+
 ```powershell
 $sku = New-AzApplicationGatewaySku -Name "WAF_v2" -Tier "WAF_v2" -Capacity 2
 ```
@@ -446,6 +448,14 @@ Configure WAF to be in "Prevention" mode.
 $config = New-AzApplicationGatewayWebApplicationFirewallConfiguration -Enabled $true -FirewallMode "Prevention"
 ```
 
+### Step 13
+
+Because TLS 1.0 currently is the default, it's a good idea to set the application gateway to use the most recent [TLS 1.2 policy](../application-gateway/application-gateway-ssl-policy-overview.md#appgwsslpolicy20170401s).
+
+```powershell
+$policy = New-AzApplicationGatewaySslPolicy -PolicyType Predefined -PolicyName AppGwSslPolicy20170401S
+```
+
 ## Create Application Gateway
 
 Create an Application Gateway with all the configuration objects from the preceding steps.
@@ -459,7 +469,8 @@ $appgw = New-AzApplicationGateway -Name $appgwName -ResourceGroupName $resGroupN
   -HttpListeners $gatewayListener,$portalListener,$managementListener `
   -RequestRoutingRules $gatewayRule,$portalRule,$managementRule `
   -Sku $sku -WebApplicationFirewallConfig $config -SslCertificates $certGateway,$certPortal,$certManagement `
-  -TrustedRootCertificate $trustedRootCert -Probes $apimGatewayProbe,$apimPortalProbe,$apimManagementProbe
+  -TrustedRootCertificate $trustedRootCert -Probes $apimGatewayProbe,$apimPortalProbe,$apimManagementProbe `
+  -SslPolicy $policy
 ```
 
 After deployment of the application gateway completes, confirm the health status of the API Management backends in the portal or by running the following command:
diff --git a/articles/applied-ai-services/form-recognizer/quickstarts/try-v3-rest-api.md b/articles/applied-ai-services/form-recognizer/quickstarts/try-v3-rest-api.md
@@ -106,7 +106,7 @@ In this quickstart you'll use following features to analyze and extract data and
 #### Request
 
 ```bash
- curl -v -i POST "https://{endpoint}/formrecognizer/documentModels/prebuilt-document:analyze?api-version=2021-09-30-preview HTTP/1.1" -H "Content-Type: application/json" -H "Ocp-Apim-Subscription-Key: {subscription key}" --data-ascii "{​​​​​​​'source': '{your-document-url}'}​​​​​​​​"
+curl -v -i POST "https://{endpoint}/formrecognizer/documentModels/prebuilt-document:analyze?api-version=2021-09-30-preview" -H "Content-Type: application/json" -H "Ocp-Apim-Subscription-Key: {subscription key}" --data-ascii "{'source': '{your-document-url}'}"
 ```
 
 #### Operation-Location
@@ -363,8 +363,8 @@ The `"analyzeResults"` node contains all of the recognized text. Text is organiz
 #### Request
 
 ```bash
-bash
- curl -v -i POST "https://{endpoint}/formrecognizer/documentModels/prebuilt-layout:analyze?api-version=2021-09-30-preview HTTP/1.1" -H "Content-Type: application/json" -H "Ocp-Apim-Subscription-Key: {subscription key}" --data-ascii "{'source': '{your-document-url}'}"
+curl -v -i POST "https://{endpoint}/formrecognizer/documentModels/prebuilt-layout:analyze?api-version=2021-09-30-preview" -H "Content-Type: application/json" -H "Ocp-Apim-Subscription-Key: {subscription key}" --data-ascii "{'source': '{your-document-url}'}"
+
 ```
 
 #### Operation-Location
@@ -422,7 +422,7 @@ Before you run the command, make these changes:
 #### Request
 
 ```bash
- curl -v -i POST "https://{endpoint}/formrecognizer/documentModels/prebuilt-invoice:analyze?api-version=2021-09-30-preview HTTP/1.1" -H "Content-Type: application/json" -H "Ocp-Apim-Subscription-Key: {subscription key}" --data-ascii "{​​​​​​​'source': '{your-document-url}'}​​​​​​​​"
+curl -v -i POST "https://{endpoint}/formrecognizer/documentModels/prebuilt-invoice:analyze?api-version=2021-09-30-preview" -H "Content-Type: application/json" -H "Ocp-Apim-Subscription-Key: {subscription key}" --data-ascii "{'source': '{your-document-url}'}"
 ```
 
 #### Operation-Location
diff --git a/articles/automanage/automanage-virtual-machines.md b/articles/automanage/automanage-virtual-machines.md
@@ -127,7 +127,7 @@ Custom profiles allow you to customize the services and settings that you want t
 > If you want to change the configuration profile of a machine, you can simply reenable it with the desired configuration profile. However, if your machine status is "Needs Upgrade" then you will need to disable first and then reenable Automanage. 
 
 For the complete list of participating Azure services and if they support preferences, see here:
-- [Automanage for Linux](automanage-windows-server.md)
+- [Automanage for Linux](automanage-linux.md)
 - [Automanage for Windows Server](automanage-windows-server.md)
 
 
diff --git a/articles/azure-functions/functions-best-practices.md b/articles/azure-functions/functions-best-practices.md
@@ -103,6 +103,8 @@ Consider these options for a successful deployment:
 
 + For [Premium plan hosting](functions-premium-plan.md), consider adding a warmup trigger to reduce latency when new instances are added. To learn more, see [Azure Functions warm-up trigger](functions-bindings-warmup.md). 
 
++ To minimize deployment downtime and to be able to roll back deployments, consider using deployment slots. To learn more, see [Azure Functions deployment slots](functions-deployment-slots.md).
+
 ## Write robust functions
 
 There are several design principles you can following when writing your function code that help with general performance and availability of your functions. These principles include:
diff --git a/articles/azure-sql/database/long-term-retention-overview.md b/articles/azure-sql/database/long-term-retention-overview.md
@@ -50,13 +50,13 @@ Examples of the LTR policy:
 
    Each weekly full backup will be kept for 12 weeks.
 
-- W=6, M=12, Y=10, WeekOfYear=16
+- W=6, M=12, Y=10, WeekOfYear=20
 
-   Each weekly full backup will be kept for six weeks. Except first full backup of each month, which will be kept for 12 months. Except the full backup taken on 16th week of year, which will be kept for 10 years. 
+   Each weekly full backup will be kept for six weeks. Except first full backup of each month, which will be kept for 12 months. Except the full backup taken on 20th week of year, which will be kept for 10 years. 
 
 The following table illustrates the cadence and expiration of the long-term backups for the following policy:
 
-W=12 weeks (84 days), M=12 months (365 days), Y=10 years (3650 days), WeekOfYear=15 (week after April 15)
+W=12 weeks (84 days), M=12 months (365 days), Y=10 years (3650 days), WeekOfYear=20 (week after May 13)
 
    ![ltr example](./media/long-term-retention-overview/ltr-example.png)
 
diff --git a/articles/container-apps/scale-app.md b/articles/container-apps/scale-app.md
@@ -61,7 +61,7 @@ With an HTTP scaling rule, you have control over the threshold that determines w
             "name": "http-rule",
             "http": {
               "metadata": {
-                  "concurrentRequests": 100
+                  "concurrentRequests": "100"
               }
             }
           }]
diff --git a/articles/healthcare-apis/iot/iot-data-flow.md b/articles/healthcare-apis/iot/iot-data-flow.md
@@ -17,7 +17,11 @@ ms.author: jasteppe
 
 This article provides an overview of IoT connector data flow. You'll learn about the different data processing stages within IoT connector that transform device data into Fast Healthcare Interoperability Resources (FHIR&#174;)-based [Observation](https://www.hl7.org/fhir/observation.html) resources.
 
-Below are different stages that data goes through once received by IoT connector.
+Data from health-related devices or medical devices flows through a path in which the IoT connector transforms data into FHIR, and then data is stored on and accessed from the FHIR server. The health data path follows these steps in this order: ingest, normalize, group, transform, and persist. In this data flow, health data is retrieved from the device in the first step of ingestion. After the data is received, it's processed or normalized per user-selected or user-created schema templates, so the health data is simpler to process and can be grouped. Health data is grouped into three sperate parameters. After the health data is normalized and grouped, it can be processed or transformed through FHIR mapping, and then saved or persisted on the FHIR server.
+
+This article goes into more depth about each step in the data flow. The next steps are [how to deploy an IoT connector](deploy-iot-connector-in-azure.md) by using a device mapper (the normalization step) and how to use an FHIR device mapper (the transform step).
+
+The next sections describe the stages that data goes through after the IoT connector receives the data.
 
 ## Ingest
 Ingest is the first stage where device data is received into IoT connector. The ingestion endpoint for device data is hosted on an [Azure Event Hub](../../event-hubs/index.yml). Azure Event Hub platform supports high scale and throughput with ability to receive and process millions of messages per second. It also enables IoT connector to consume messages asynchronously, removing the need for devices to wait while device data gets processed.
diff --git a/articles/spatial-anchors/concepts/coarse-reloc.md b/articles/spatial-anchors/concepts/coarse-reloc.md
@@ -61,7 +61,7 @@ This table summarizes the availability of the sensor data on supported platforms
 | **BLE beacons** | Yes<sup>6</sup> | Yes<sup>6</sup> | Yes<sup>6</sup>|
 
 
-<sup>1</sup> An external GPS device can be associated with HoloLens. Contact [our support](../spatial-anchor-support.md) if you'd be willing to use HoloLens with a GPS tracker.<br/>
+<sup>1</sup> An external GPS device can be associated with HoloLens. Handle the [UpdatedSensorFingerprintRequired](/dotnet/api/microsoft.azure.spatialanchors.cloudspatialanchorsession.updatedsensorfingerprintrequired) event to submit [GeoLocation](/dotnet/api/microsoft.azure.spatialanchors.geolocation) readings if you are using HoloLens with an external GPS tracker.<br/>
 <sup>2</sup> Supported through [LocationManager][3] APIs (both GPS and NETWORK).<br/>
 <sup>3</sup> Supported through [CLLocationManager][4] APIs.<br/>
 <sup>4</sup> Supported at a rate of approximately one scan every 3 seconds. <br/>
