Merge pull request #109006 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to master to sync with https://github.com/Microsoft/azure-docs (branch master)

Author: huypub

articles/active-directory/managed-identities-azure-resources/services-support-managed-identities.md

@@ -27,8 +27,8 @@ The following Azure services support managed identities for Azure resources:
 
 | Managed identity type | All Generally Available<br>Global Azure Regions | Azure Government | Azure Germany | Azure China 21Vianet |
 | --- | :-: | :-: | :-: | :-: |
-| System assigned | ![Available][check] | Preview | Preview | Preview | 
-| User assigned | ![Available][check] | Preview | Preview | Preview |
+| System assigned | ![Available][check] | ![Available][check] | Preview | Preview | 
+| User assigned | ![Available][check] | ![Available][check] | Preview | Preview |
 
 Refer to the following list to configure managed identity for Azure Virtual Machines (in regions where available):
 

articles/aks/node-auto-repair.md

@@ -11,7 +11,7 @@ ms.date: 03/10/2020
 AKS continuously checks the health state of worker nodes and performs automatic repair of the nodes if they become unhealthy. This documentation describes how Azure Kubernetes Service (AKS) monitors worker nodes, and repairs unhealthy worker nodes.  The documentation is to inform AKS operators on the behavior of node repair functionality. It is also important to note that Azure platform [performs maintenance on Virtual Machines][vm-updates] that experience issues. AKS and Azure work together to minimize service disruptions for your clusters.
 
 > [!Important]
-> Noe auto-repair functionality isn't currently supported for Windows Server node pools.
+> Node auto-repair functionality isn't currently supported for Windows Server node pools.
 
 ## How AKS checks for unhealthy nodes
 
@@ -51,4 +51,4 @@ Use [Availability Zones][availability-zones] to increase high availability with
 
 <!-- LINKS - Internal -->
 [availability-zones]: ./availability-zones.md
-[vm-updates]: ../virtual-machines/maintenance-and-updates.md
+[vm-updates]: ../virtual-machines/maintenance-and-updates.md

articles/application-gateway/ssl-overview.md

@@ -17,7 +17,7 @@ Secure Sockets Layer (SSL) is the standard security technology for establishing
 
 Application Gateway supports SSL termination at the gateway, after which traffic typically flows unencrypted to the backend servers. There are a number of advantages of doing SSL termination at the application gateway:
 
-- **Improved performance** – The biggest performance hit when doing SSL decryption is the initial handshake. To improve performance, the server doing the decryption caches SSL session IDs and manages TLS session tickets. If this is done at the application gateway, all requests from the same client can use the cached values. If it’s done on the backend servers, then each time the client’s requests go to a different server the client has to re‑authenticate. The use of TLS tickets can help mitigate this issue, but they are not supported by all clients and can be difficult to configure and manage.
+- **Improved performance** – The biggest performance hit when doing SSL decryption is the initial handshake. To improve performance, the server doing the decryption caches SSL session IDs and manages TLS session tickets. If this is done at the application gateway, all requests from the same client can use the cached values. If it’s done on the backend servers, then each time the client’s requests go to a different server the client must re‑authenticate. The use of TLS tickets can help mitigate this issue, but they are not supported by all clients and can be difficult to configure and manage.
 - **Better utilization of the backend servers** – SSL/TLS processing is very CPU intensive, and is becoming more intensive as key sizes increase. Removing this work from the backend servers allows them to focus on what they are most efficient at, delivering content.
 - **Intelligent routing** – By decrypting the traffic, the application gateway has access to the request content, such as headers, URI, and so on, and can use this data to route requests.
 - **Certificate management** – Certificates only need to be purchased and installed on the application gateway and not all backend servers. This saves both time and money.
@@ -38,7 +38,7 @@ For the SSL connection to work, you need to ensure that the SSL certificate meet
 Application gateway supports the following types of certificates:
 
 - CA (Certificate Authority) certificate: A CA certificate is a digital certificate issued by a certificate authority (CA)
-- EV (Extended Validation) certificate: An EV certificate is an industry standard certificate guidelines. This will turn the browser locator bar green and publish company name as well.
+- EV (Extended Validation) certificate: An EV certificate is a certificate that conforms to industry standard certificate guidelines. This will turn the browser locator bar green and publish the company name as well.
 - Wildcard Certificate: This certificate supports any number of subdomains based on *.site.com, where your subdomain would replace the *. It doesn’t, however, support site.com, so in case the users are accessing your website without typing the leading "www", the wildcard certificate will not cover that.
 - Self-Signed certificates: Client browsers do not trust these certificates and will warn the user that the virtual service’s certificate is not part of a trust chain. Self-signed certificates are good for testing or environments where administrators control the clients and can safely bypass the browser’s security alerts. Production workloads should never use self-signed certificates.
 
@@ -90,7 +90,7 @@ Authentication Certificates have been deprecated and replaced by Trusted Root Ce
 
 > [!NOTE] 
 >
-> In order for an SSL certificate to be trusted, that certificate of the backend server must have been issued by a CA that is included in the trusted store of the Application Gateway.If the certificate was not issued by a trusted CA, the Application Gateway will then check to see if the certificate of the issuing CA was issued by a trusted CA, and so on until either a trusted CA is found (at which point a trusted, secure connection will be established) or no trusted CA can be found (at which point the Application Gateway will mark the backend unhealthy). Therefore, it is recommended the backend server certificate contain both the root and intermidiate CAs.
+> In order for an SSL certificate to be trusted, that certificate of the backend server must have been issued by a CA that is included in the trusted store of the Application Gateway.If the certificate was not issued by a trusted CA, the Application Gateway will then check to see if the certificate of the issuing CA was issued by a trusted CA, and so on until either a trusted CA is found (at which point a trusted, secure connection will be established) or no trusted CA can be found (at which point the Application Gateway will mark the backend unhealthy). Therefore, it is recommended the backend server certificate contain both the root and intermediate CAs.
 
 - If the certificate is self-signed, or signed by unknown intermediaries, then to enable end to end SSL in v2 SKU a trusted root certificate must be defined. Application Gateway will only communicate with backends whose Server certificate’s root certificate matches one of the list of trusted root certificates in the backend http setting associated with the pool.
 

articles/azure-functions/functions-create-first-azure-function-azure-cli.md

@@ -31,7 +31,7 @@ Before you begin, you must have the following:
 ::: zone-end
 
 ::: zone pivot="programming-language-python"
-+ [Python 3.8](https://www.python.org/downloads/release/python-382/), [Python 3.7](https://www.python.org/downloads/release/python-375/), [Python 3.6](https://www.python.org/downloads/release/python-368/), which are supported by Azure Functions. 
++ [Python 3.8](https://www.python.org/downloads/release/python-382/), [Python 3.7](https://www.python.org/downloads/release/python-375/), [Python 3.6](https://www.python.org/downloads/release/python-368/), which are supported by Azure Functions (x64).
 ::: zone-end
 ::: zone pivot="programming-language-powershell"
 + [PowerShell Core](/powershell/scripting/install/installing-powershell-core-on-windows)

articles/azure-functions/functions-create-first-function-vs-code.md

@@ -27,7 +27,7 @@ Before you get started, make sure you have the following requirements in place:
 + [Node.js](https://nodejs.org/), Active LTS and Maintenance LTS versions (10.14.1 recommended). Use the `npm --version` command to check your version.
 ::: zone-end 
 ::: zone pivot="programming-language-python"
-+ [Python 3.8](https://www.python.org/downloads/release/python-381/), [Python 3.7](https://www.python.org/downloads/release/python-375/), [Python 3.6](https://www.python.org/downloads/release/python-368/) are supported by Azure Functions.
++ [Python 3.8](https://www.python.org/downloads/release/python-381/), [Python 3.7](https://www.python.org/downloads/release/python-375/), [Python 3.6](https://www.python.org/downloads/release/python-368/) are supported by Azure Functions (x64).
 ::: zone-end   
 ::: zone pivot="programming-language-powershell"
 + [PowerShell Core](/powershell/scripting/install/installing-powershell-core-on-windows)

articles/azure-monitor/app/asp-net-core.md

@@ -24,7 +24,7 @@ The [Application Insights SDK for ASP.NET Core](https://nuget.org/packages/Micro
 * **IDE**: Visual Studio, VS Code, or command line.
 
 > [!NOTE]
-> If you are using ASP.NET Core 3.0 along with Application Insights, please use the [2.8.0](https://www.nuget.org/packages/Microsoft.ApplicationInsights.AspNetCore/2.8.0) version or higher. This is the only version that supports ASP.NET Core 3.0.
+> If you are using ASP.NET Core 3.X along with Application Insights, please use the [2.8.0](https://www.nuget.org/packages/Microsoft.ApplicationInsights.AspNetCore/2.8.0) version or higher. This is the only version that supports ASP.NET Core 3.X.
 
 ## Prerequisites
 
@@ -137,7 +137,7 @@ Support for [performance counters](https://azure.microsoft.com/documentation/art
 
 ### EventCounter
 
-`EventCounterCollectionModule` is enabled by default, and it will collect a default set of counters from .NET Core 3.0 apps. The [EventCounter](eventcounters.md) tutorial lists the default set of counters collected. It also has instructions on customizing the list.
+`EventCounterCollectionModule` is enabled by default, and it will collect a default set of counters from .NET Core 3.X apps. The [EventCounter](eventcounters.md) tutorial lists the default set of counters collected. It also has instructions on customizing the list.
 
 ## Enable client-side telemetry for web applications
 
@@ -360,11 +360,11 @@ The above does not prevent any auto collection modules from collecting telemetry
 
 ## Frequently asked questions
 
-### Does Application Insights support ASP.NET Core 3.0?
+### Does Application Insights support ASP.NET Core 3.X?
 
-Yes. Update to [Application Insights SDK for ASP.NET Core](https://nuget.org/packages/Microsoft.ApplicationInsights.AspNetCore) version 2.8.0 or higher. Older versions of the SDK do not support ASP.NET Core 3.0.
+Yes. Update to [Application Insights SDK for ASP.NET Core](https://nuget.org/packages/Microsoft.ApplicationInsights.AspNetCore) version 2.8.0 or higher. Older versions of the SDK do not support ASP.NET Core 3.X.
 
-Also, if you are using Visual Studio based instructions from [here](#enable-application-insights-server-side-telemetry-visual-studio), update to the latest version of Visual Studio 2019 (16.3.0) to onboard. Previous versions of Visual Studio do not support automatic onboarding for ASP.NET Core 3.0 apps.
+Also, if you are using Visual Studio based instructions from [here](#enable-application-insights-server-side-telemetry-visual-studio), update to the latest version of Visual Studio 2019 (16.3.0) to onboard. Previous versions of Visual Studio do not support automatic onboarding for ASP.NET Core 3.X apps.
 
 ### How can I track telemetry that's not automatically collected?
 
@@ -397,7 +397,7 @@ For more information about custom data reporting in Application Insights, see [A
 
 ### Some Visual Studio templates used the UseApplicationInsights() extension method on IWebHostBuilder to enable Application Insights. Is this usage still valid?
 
-While the extension method `UseApplicationInsights()` is still supported, it is marked obsolete in Application Insights SDK version 2.8.0 onwards. It will be removed in the next major version of the SDK. The recommended way to enable Application Insights telemetry is by using `AddApplicationInsightsTelemetry()` because it provides overloads to control some configuration. Also, in ASP.NET Core 3.0 apps, `services.AddApplicationInsightsTelemetry()` is the only way to enable application insights.
+While the extension method `UseApplicationInsights()` is still supported, it is marked obsolete in Application Insights SDK version 2.8.0 onwards. It will be removed in the next major version of the SDK. The recommended way to enable Application Insights telemetry is by using `AddApplicationInsightsTelemetry()` because it provides overloads to control some configuration. Also, in ASP.NET Core 3.X apps, `services.AddApplicationInsightsTelemetry()` is the only way to enable application insights.
 
 ### I'm deploying my ASP.NET Core application to Web Apps. Should I still enable the Application Insights extension from Web Apps?
 
@@ -444,9 +444,9 @@ using Microsoft.ApplicationInsights.WindowsServer.TelemetryChannel;
     }
 ```
 
-### Is this SDK supported for the new .NET Core 3.0 Worker Service template applications?
+### Is this SDK supported for the new .NET Core 3.X Worker Service template applications?
 
-This SDK requires `HttpContext`, and hence does not work in any non-HTTP applications, including the .NET Core 3.0 Worker Service applications. Refer to [this](worker-service.md) document for enabling application insights in such applications, using the newly released Microsoft.ApplicationInsights.WorkerService SDK.
+This SDK requires `HttpContext`, and hence does not work in any non-HTTP applications, including the .NET Core 3.X Worker Service applications. Refer to [this](worker-service.md) document for enabling application insights in such applications, using the newly released Microsoft.ApplicationInsights.WorkerService SDK.
 
 ## Open-source SDK
 

articles/azure-monitor/app/ilogger.md

@@ -322,22 +322,20 @@ The following examples apply filter rules to ApplicationInsightsLoggerProvider.
 
 ### Create filter rules in configuration with appsettings.json
 
-For ApplicationInsightsLoggerProvider, the provider alias is `ApplicationInsights`. The following section of *appsettings.json* configures logs for *Warning* and above from all categories and *Error* and above from categories that start with "Microsoft" to be sent to `ApplicationInsightsLoggerProvider`.
+For ApplicationInsightsLoggerProvider, the provider alias is `ApplicationInsights`. The following section of *appsettings.json* instructs logging providers generally to log at level *Warning* and above. It then overrides the `ApplicationInsightsLoggerProvider` to log categories that start with "Microsoft" at level *Error* and above.
 
 ```json
 {
   "Logging": {
+    "LogLevel": {
+      "Default": "Warning"
+    },
     "ApplicationInsights": {
       "LogLevel": {
-        "Default": "Warning",
         "Microsoft": "Error"
       }
-    },
-    "LogLevel": {
-      "Default": "Warning"
     }
-  },
-  "AllowedHosts": "*"
+  }
 }
 ```
 

articles/azure-resource-manager/templates/toc.yml

@@ -242,17 +242,17 @@
     - name: InvalidTemplate
       href: error-invalid-template.md
     - name: Linux deployment issues
-      href: ../../virtual-machines/linux/troubleshoot-deploy-vm.md
+      href: ../../virtual-machines/troubleshooting/troubleshoot-deploy-vm-linux.md
     - name: NoRegisteredProviderFound
       href: error-register-resource-provider.md
     - name: NotFound
       href: error-not-found.md
     - name: ParentResourceNotFound
       href: error-parent-resource.md
     - name: Provisioning and allocation issues for Linux
-      href: ../../virtual-machines/linux/troubleshoot-deployment-new-vm.md
+      href: ../../virtual-machines/troubleshooting/troubleshoot-deployment-new-vm-linux.md
     - name: Provisioning and allocation issues for Windows
-      href: ../../virtual-machines/windows/troubleshoot-deployment-new-vm.md
+      href: ../../virtual-machines/troubleshooting/troubleshoot-deployment-new-vm-windows.md
     - name: RequestDisallowedByPolicy
       href: error-policy-requestdisallowedbypolicy.md
     - name: ReservedResourceName
@@ -262,7 +262,7 @@
     - name: SkuNotAvailable
       href: error-sku-not-available.md
     - name: Windows deployment issues
-      href: ../../virtual-machines/windows/troubleshoot-deploy-vm.md
+      href: ../../virtual-machines/troubleshooting/troubleshoot-deploy-vm-windows.md
 - name: Reference
   items:
   - name: Template reference
@@ -308,4 +308,4 @@
   - name: Stack Overflow
     href: https://stackoverflow.com/questions/tagged/azure-resource-manager
   - name: Videos
-    href: https://azure.microsoft.com/documentation/videos/index/?services=azure-resource-manager
+    href: https://azure.microsoft.com/documentation/videos/index/?services=azure-resource-manager

articles/container-registry/container-registry-health-error-reference.md

@@ -92,6 +92,10 @@ This error means that the CLI was unable to find the login server of the given r
 
 *Potential solutions*: Verify that the spelling is correct and that the registry exists; verify that user has the right permissions on the registry, and that the clouds of the registry and the CLI environment match; update Azure CLI to the latest version.
 
+## NOTARY_VERSION_ERROR
+
+This error means that the CLI is not compatible with the currently installed version of Docker/Notary. Try downgrading your notary.exe version to a version earlier than 0.6.0 by replacing your Docker installation's Notary client manually to resolve this issue.
+
 ## Next steps
 
 For options to check the health of a registry, see [Check the health of an Azure container registry](container-registry-check-health.md).

articles/private-link/create-private-endpoint-webapp-portal.md

@@ -167,7 +167,7 @@ In this section, you will connect privately to the Web App using the Private End
 
 1. Copy the Private IP of your Private Endpoint and the FQDN of your Web App, in our case webappdemope.azurewebsites.net 10.10.2.4
 
-1. In the myVM, verify that the Web App is not accessible through the public IP. Open a browser and copy the Web App name, you must have a 403 forbidden error page
+1. In the myVM, verify that the Web App is not accessible through the public IP. Open a browser and paste the Web App name, you must have a 403 forbidden error page
 
    > [!div class="mx-imgBorder"]
    >![Forbidden][17]