Merge pull request #103741 from MicrosoftDocs/master

Merge master to live Sunday 3:00 PM

Author: GitHubber17

articles/active-directory-b2c/identity-provider-azure-ad-multi-tenant-custom.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 02/06/2020
+ms.date: 02/10/2020
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -46,6 +46,19 @@ To enable sign-in for users from a specific Azure AD organization, you need to r
 1. Select **Certificates & secrets**, and then select **New client secret**.
 1. Enter a **Description** for the secret, select an expiration, and then select **Add**. Record the **Value** of the secret for use in a later step.
 
+## Configuring optional claims
+
+If you want to get the `family_name` and `given_name` claims from Azure AD, you can configure optional claims for your application in the Azure portal UI or application manifest. For more information, see [How to provide optional claims to your Azure AD app](../active-directory/develop/active-directory-optional-claims.md).
+
+1. Sign in to the [Azure portal](https://portal.azure.com). Search for and select **Azure Active Directory**.
+1. From the **Manage** section, select **App registrations**.
+1. Select the application you want to configure optional claims for in the list.
+1. From the **Manage** section, select **Token configuration (preview)**.
+1. Select **Add optional claim**.
+1. Select the token type you want to configure.
+1. Select the optional claims to add.
+1. Click **Add**.
+
 ## Create a policy key
 
 You need to store the application key that you created in your Azure AD B2C tenant.
@@ -60,19 +73,6 @@ You need to store the application key that you created in your Azure AD B2C tena
 1. For **Key usage**, select `Signature`.
 1. Select **Create**.
 
-## Configuring optional claims
-
-If you want to get the `family_name` and `given_name` claims from Azure AD, you can configure optional claims for your application in the Azure portal UI or application manifest. For more information, see [How to provide optional claims to your Azure AD app](../active-directory/develop/active-directory-optional-claims.md).
-
-1. Sign in to the [Azure portal](https://portal.azure.com). Search for and select **Azure Active Directory**.
-1. From the **Manage** section, select **App registrations**.
-1. Select the application you want to configure optional claims for in the list.
-1. From the **Manage** section, select **Token configuration (preview)**.
-1. Select **Add optional claim**.
-1. Select the token type you want to configure.
-1. Select the optional claims to add.
-1. Click **Add**.
-
 ## Add a claims provider
 
 If you want users to sign in by using Azure AD, you need to define Azure AD as a claims provider that Azure AD B2C can communicate with through an endpoint. The endpoint provides a set of claims that are used by Azure AD B2C to verify that a specific user has authenticated.

articles/active-directory/manage-apps/application-proxy-integrate-with-power-bi.md

@@ -135,9 +135,6 @@ Before the Power BI mobile app can connect and access Report Services, you must
 
 ## Step 5: Configure Intune policy for managed devices (optional)
 
-> [!NOTE]
-> This functionality is currently only available on iOS.
-
 You can use Microsoft Intune to manage the client apps that your company's workforce uses. Intune allows you to use capabilities such as data encryption and additional access requirements. To learn more about app management through Intune, see Intune App Management. To enable the Power BI mobile application to work with the Intune policy, use the following steps.
 
 1. Go to **Azure Active Directory** and then **App Registrations**.

articles/aks/configure-azure-cni.md

@@ -48,9 +48,9 @@ The IP address plan for an AKS cluster consists of a virtual network, at least o
 | --------- | ------------- |
 | Virtual network | The Azure virtual network can be as large as /8, but is limited to 65,536 configured IP addresses. |
 | Subnet | Must be large enough to accommodate the nodes, pods, and all Kubernetes and Azure resources that might be provisioned in your cluster. For example, if you deploy an internal Azure Load Balancer, its front-end IPs are allocated from the cluster subnet, not public IPs. The subnet size should also take into account upgrade operations or future scaling needs.<p />To calculate the *minimum* subnet size including an additional node for upgrade operations: `(number of nodes + 1) + ((number of nodes + 1) * maximum pods per node that you configure)`<p/>Example for a 50 node cluster: `(51) + (51  * 30 (default)) = 1,581` (/21 or larger)<p/>Example for a 50 node cluster that also includes provision to scale up an additional 10 nodes: `(61) + (61 * 30 (default)) = 1,891` (/21 or larger)<p>If you don't specify a maximum number of pods per node when you create your cluster, the maximum number of pods per node is set to *30*. The minimum number of IP addresses required is based on that value. If you calculate your minimum IP address requirements on a different maximum value, see [how to configure the maximum number of pods per node](#configure-maximum---new-clusters) to set this value when you deploy your cluster. |
-| Kubernetes service address range | This range should not be used by any network element on or connected to this virtual network. Service address CIDR must be smaller than /12. |
+| Kubernetes service address range | This range should not be used by any network element on or connected to this virtual network. Service address CIDR must be smaller than /12. You can reuse this range across different AKS clusters. |
 | Kubernetes DNS service IP address | IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). Don't use the first IP address in your address range, such as .1. The first address in your subnet range is used for the *kubernetes.default.svc.cluster.local* address. |
-| Docker bridge address | The Docker bridge network address represents the default *docker0* bridge network address present in all Docker installations. While *docker0* bridge is not used by AKS clusters or the pods themselves, you must set this address to continue to support scenarios such as *docker build* within the AKS cluster. It is required to select a CIDR for the Docker bridge network address because otherwise Docker will pick a subnet automatically which could conflict with other CIDRs. You must pick an address space that does not collide with the rest of the CIDRs on your networks, including the cluster's service CIDR and pod CIDR. Default of 172.17.0.1/16. |
+| Docker bridge address | The Docker bridge network address represents the default *docker0* bridge network address present in all Docker installations. While *docker0* bridge is not used by AKS clusters or the pods themselves, you must set this address to continue to support scenarios such as *docker build* within the AKS cluster. It is required to select a CIDR for the Docker bridge network address because otherwise Docker will pick a subnet automatically which could conflict with other CIDRs. You must pick an address space that does not collide with the rest of the CIDRs on your networks, including the cluster's service CIDR and pod CIDR. Default of 172.17.0.1/16. You can reuse this range across different AKS clusters. |
 
 ## Maximum pods per node
 

articles/automation/automation-dsc-diagnostics.md

@@ -71,11 +71,9 @@ Set-AzDiagnosticSetting -ResourceId <AutomationResourceId> -WorkspaceId <Workspa
 
 ## View the State Configuration logs
 
-After you set up integration with Azure Monitor logs for your Automation State Configuration data, a
-**Log search** button will appear on the **DSC Nodes** blade of your automation account. Click the
-**Log Search** button to view the logs for DSC node data.
+After you set up integration with Azure Monitor logs for your Automation State Configuration data, they can be viewed by selecting **Logs** in the **Monitoring** section in the left pane of the State Configuration (DSC) page.  
 
-![Log search button](media/automation-dsc-diagnostics/log-search-button.png)
+![Logs](media/automation-dsc-diagnostics/automation-dsc-logs-toc-item.png)
 
 The **Log Search** blade opens, and you see a **DscNodeStatusData** operation for each State
 Configuration node, and a **DscResourceStatusData** operation for each [DSC
@@ -85,13 +83,14 @@ The **DscResourceStatusData** operation contains error information for any DSC r
 
 Click each operation in the list to see the data for that operation.
 
-You can also view the logs by searching in Azure Monitor logs.
-See [Find data using log searches](../log-analytics/log-analytics-log-searches.md).
-Type the following query to find your State Configuration logs:
-`Type=AzureDiagnostics ResourceProvider='MICROSOFT.AUTOMATION' Category='DscNodeStatus'`
+You can also view the logs by searching in Azure Monitor logs. See [Find data using log searches](https://docs.microsoft.com/azure/azure-monitor/log-query/log-query-overview). Type the following query to find your State Configuration logs.
 
-You can also narrow the query by the operation name. For example:
-`Type=AzureDiagnostics ResourceProvider='MICROSOFT.AUTOMATION' Category='DscNodeStatus' OperationName='DscNodeStatusData'`
+```
+AzureDiagnostics
+| where Category == 'DscNodeStatus' 
+| where OperationName contains 'DSCNodeStatusData'
+| where ResultType != 'Compliant'
+```
 
 ### Send an email when a State Configuration compliance check fails
 
@@ -155,11 +154,11 @@ Diagnostics from Azure Automation creates two categories of records in Azure Mon
 | SourceSystem | How Azure Monitor logs collected the data. Always *Azure* for Azure diagnostics. |
 | ResourceId |Specifies the Azure Automation account. |
 | ResultDescription | The description for this operation. |
-| SubscriptionId | The Azure subscription Id (GUID) for the Automation account. |
+| SubscriptionId | The Azure subscription ID (GUID) for the Automation account. |
 | ResourceGroup | Name of the resource group for the Automation account. |
 | ResourceProvider | MICROSOFT.AUTOMATION |
 | ResourceType | AUTOMATIONACCOUNTS |
-| CorrelationId |GUID that is the Correlation Id of the compliance report. |
+| CorrelationId |GUID that is the Correlation ID of the compliance report. |
 
 ### DscResourceStatusData
 
@@ -186,11 +185,11 @@ Diagnostics from Azure Automation creates two categories of records in Azure Mon
 | SourceSystem | How Azure Monitor logs collected the data. Always *Azure* for Azure diagnostics. |
 | ResourceId |Specifies the Azure Automation account. |
 | ResultDescription | The description for this operation. |
-| SubscriptionId | The Azure subscription Id (GUID) for the Automation account. |
+| SubscriptionId | The Azure subscription ID (GUID) for the Automation account. |
 | ResourceGroup | Name of the resource group for the Automation account. |
 | ResourceProvider | MICROSOFT.AUTOMATION |
 | ResourceType | AUTOMATIONACCOUNTS |
-| CorrelationId |GUID that is the Correlation Id of the compliance report. |
+| CorrelationId |GUID that is the Correlation ID of the compliance report. |
 
 ## Summary
 

articles/automation/automation-windows-hrw-install.md

@@ -10,6 +10,9 @@ ms.topic: conceptual
 
 You can use the Hybrid Runbook Worker feature of Azure Automation to run runbooks directly on the computer that's hosting the role and against resources in the environment to manage those local resources. Runbooks are stored and managed in Azure Automation and then delivered to one or more designated computers. This article describes how to install the Hybrid Runbook Worker on a Windows machine.
 
+> [!NOTE]
+This article has been updated to use the new Azure PowerShell Az module. You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. To learn more about the new Az module and AzureRM compatibility, see [Introducing the new Azure PowerShell Az module](https://docs.microsoft.com/powershell/azure/new-azureps-module-az?view=azps-3.3.0). For Az module installation instructions, see [Install the Azure PowerShell module](https://docs.microsoft.com/powershell/azure/install-az-ps?view=azps-3.4.0).
+
 ## Installing the Windows Hybrid Runbook Worker
 
 To install and configure a Windows Hybrid Runbook Worker, you can use one of the three following methods:
@@ -25,12 +28,12 @@ To install and configure a Windows Hybrid Runbook Worker, you can use one of the
 
 The minimum requirements for a Windows Hybrid Runbook Worker are:
 
-* Windows Server 2012 or later.
-* Windows PowerShell 5.1 or later ([download WMF 5.1](https://www.microsoft.com/download/details.aspx?id=54616)).
-* .NET Framework 4.6.2 or later.
-* Two cores.
-* 4 GB of RAM.
-* Port 443 (outbound).
+* Windows Server 2012 or later
+* Windows PowerShell 5.1 or later ([download WMF 5.1](https://www.microsoft.com/download/details.aspx?id=54616))
+* .NET Framework 4.6.2 or later
+* Two cores
+* 4 GB of RAM
+* Port 443 (outbound)
 
 To get more networking requirements for the Hybrid Runbook Worker, see [Configuring your network](automation-hybrid-runbook-worker.md#network-planning).
 
@@ -45,17 +48,18 @@ After you successfully deploy a runbook worker, review [Run runbooks on a Hybrid
 
 Perform the following steps to automate the installation and configuration of the Windows Hybrid Worker role:
 
-1. Download the New-OnPremiseHybridWorker.ps1 script from the [PowerShell Gallery](https://www.powershellgallery.com/packages/New-OnPremiseHybridWorker) directly from the computer running the Hybrid Runbook Worker role or from another computer in your environment. Copy the script to the worker.
-
-   The New-OnPremiseHybridWorker.ps1 script requires the following parameters during execution:
+1. Download the New-OnPremiseHybridWorker.ps1 script from the 
+[PowerShell Gallery](https://www.powershellgallery.com/packages/New-OnPremiseHybridWorker) directly from the computer running the Hybrid Runbook Worker role or from another computer in your environment. Copy the script to the worker. The New-OnPremiseHybridWorker.ps1 script requires the following parameters during execution:
 
-   * *AutomationAccountName* (mandatory): The name of your Automation account.
    * *AAResourceGroupName* (mandatory): The name of the resource group that's associated with your Automation account.
    * *OMSResourceGroupName* (optional): The name of the resource group for the Log Analytics workspace. If this resource group is not specified, *AAResourceGroupName* is used.
-   * *HybridGroupName* (mandatory): The name of a Hybrid Runbook Worker group that you specify as a target for the runbooks that support this scenario.
-   * *SubscriptionID* (mandatory): The Azure subscription ID that your Automation account is in.
+   * *SubscriptionID* (mandatory): The Azure subscription ID that your Automation Account is in.
+   * *TenantID* (optional): The identifier of the tenant organization associated with your Automation Account.
    * *WorkspaceName* (optional): The Log Analytics workspace name. If you don't have a Log Analytics workspace, the script creates and configures one.
-
+   * *AutomationAccountName* (mandatory): The name of your Automation Account.
+   * *HybridGroupName* (mandatory): The name of a Hybrid Runbook Worker group that you specify as a target for the runbooks that support this scenario.
+   * *Credential* (optional): The credentials to use when logging in to the Azure environment.
+  
    > [!NOTE]
    > When enabling solutions, only certain regions are supported for linking a Log Analytics workspace and an Automation Account.
    >
@@ -75,7 +79,7 @@ Perform the following steps to automate the installation and configuration of th
 
 4. You're prompted to agree to install NuGet, and you're prompted to authenticate with your Azure credentials.
 
-5. After the script is finished, the **Hybrid Worker Groups** page shows the new group and the number of members. If it's an existing group, the number of members is incremented. You can select the group from the list on the **Hybrid Worker Groups** page and select the **Hybrid Workers** tile. On the **Hybrid Workers** page, you see each member of the group listed.
+5. After the script is finished, the **Hybrid Worker Groups** page shows the new group and the number of members. If it's an existing group, the number of members is incremented. You can select the group from the list on the **Hybrid Worker Groups**  page and select the **Hybrid Workers** tile. On the **Hybrid Workers** page, you see each member of the group listed.
 
 ### Manual deployment
 
@@ -91,10 +95,10 @@ If you don't already have a Log Analytics workspace, first review the [Azure Mon
 
 The Automation solution adds functionality for Azure Automation, including support for Hybrid Runbook Worker. When you add the solution to your Log Analytics workspace, it automatically pushes worker components to the agent computer that you will install in the next step.
 
-To add the **Automation** solution to your workspace, run the following PowerShell.
+To add the **Automation** solution to your workspace, run the following PowerShell cmdlet.
 
 ```powershell-interactive
-Set-AzureRmOperationalInsightsIntelligencePack -ResourceGroupName <logAnalyticsResourceGroup> -WorkspaceName <LogAnalyticsWorkspaceName> -IntelligencePackName "AzureAutomation" -Enabled $true
+Set-AzOperationalInsightsIntelligencePack -ResourceGroupName <logAnalyticsResourceGroup> -WorkspaceName <LogAnalyticsWorkspaceName> -IntelligencePackName "AzureAutomation" -Enabled $true -DefaultProfile <IAzureContextContainer>
 ```
 
 #### 3. Install the Log Analytics agent for Windows
@@ -103,15 +107,15 @@ The Log Analytics agent for Windows connects computers to an Azure Monitor Log A
 
 To install the agent on the computer, follow the instructions at [Connect Windows computers to Azure Monitor logs](../log-analytics/log-analytics-windows-agent.md). You can repeat this process for multiple computers to add multiple workers to your environment.
 
-When the agent has successfully connected to your Log Analytics workspace, after a few minutes you can run the following query to verify it is sending heartbeat data to the workspace:
+When the agent has successfully connected to your Log Analytics workspace after a few minutes, you can run the following query to verify that it is sending heartbeat data to the workspace:
 
 ```kusto
 Heartbeat 
 | where Category == "Direct Agent" 
 | where TimeGenerated > ago(30m)
 ```
 
-In the search results returned, you should see heartbeat records for the computer indicating it is connected and reporting to the service. The heartbeat record is forwarded from every agent by default to its assigned workspace. You can verify that the agent has correctly downloaded the Automation solution when it has a folder called **AzureAutomationFiles** in C:\Program Files\Microsoft Monitoring Agent\Agent. To confirm the version of the Hybrid Runbook Worker, you can browse to C:\Program Files\Microsoft Monitoring Agent\Agent\AzureAutomation\ and note the \\*version* subfolder.
+In the search results returned, you should see heartbeat records for the computer indicating it is connected and reporting to the service. The heartbeat record is forwarded from every agent by default to its assigned workspace. You can verify that the agent has correctly downloaded the Automation solution when it has a folder called **AzureAutomationFiles** in C:\Program Files\Microsoft Monitoring Agent\Agent. To confirm the version of the Hybrid Runbook Worker, browse to C:\Program Files\Microsoft Monitoring Agent\Agent\AzureAutomation\ and note the \\*version* subfolder.
 
 #### 4. Install the runbook environment and connect to Azure Automation
 
@@ -146,7 +150,7 @@ Runbooks can use any of the activities and cmdlets defined in the modules that a
 
 Because the primary purpose of the Hybrid Runbook Worker feature is to manage local resources, you most likely need to install the modules that support these resources. For information on installing Windows PowerShell modules, see [Installing Modules](/powershell/scripting/developer/windows-powershell). 
 
-Modules that are installed must be in a location referenced by the **PSModulePath** environment variable so that the hybrid worker can automatically import them. For more information, see [Modifying the PSModulePath Installation Path](/powershell/scripting/developer/windows-powershell).
+Modules that are installed must be in a location referenced by the **PSModulePath**  environment variable so that the hybrid worker can automatically import them. For more information, see [Modifying the PSModulePath Installation Path](/powershell/scripting/developer/windows-powershell).
 
 ## Next steps