Merge pull request #217060 from MicrosoftDocs/repo_sync_working_branch

huypub · web-flow · commit 377efdaf1a23 · 2022-11-03T14:46:25.000-07:00
Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)
diff --git a/articles/active-directory/governance/entitlement-management-organization.md b/articles/active-directory/governance/entitlement-management-organization.md
@@ -76,22 +76,22 @@ To add an external Azure AD directory or domain as a connected organization, fol
 
 1. Select the **Directory + domain** tab, and then select **Add directory + domain**.
 
-    The **Select directories + domains** pane opens.
+    Then **Select directories + domains** pane opens.
 
-1. In the search box, enter a domain name to search for the Azure AD directory or domain. Be sure to enter the entire domain name.
+1. In the search box, enter a domain name to search for the Azure AD directory or domain. You can also add domains that are not in Azure AD. Be sure to enter the entire domain name.
 
-1. Confirm that the organization name and authentication type are correct. User sign in, prior to being able to access the MyAccess portal, depends on the authentication type for their organization.  If the authentication type for a connected organization is Azure AD, all users with an account in any verified domain of that Azure AD directory will sign into their directory, and then can request access to access packages that allow that connected organization. If the authentication type is One-time passcode, this allows users with email addresses from just that domain to visit the MyAccess portal. After they authenticate with the passcode, the user can make a request.
+1. Confirm that the organization name(s) and authentication type(s) are correct. User sign in, prior to being able to access the MyAccess portal, depends on the authentication type for their organization.  If the authentication type for a connected organization is Azure AD, all users with an account in any verified domain of that Azure AD directory will sign into their directory, and then can request access to access packages that allow that connected organization. If the authentication type is One-time passcode, this allows users with email addresses from just that domain to visit the MyAccess portal. After they authenticate with the passcode, the user can make a request.
 
     ![The "Select directories + domains" pane](./media/entitlement-management-organization/organization-select-directories-domains.png)
 
     > [!NOTE]
     > Access from some domains could be blocked by the Azure AD business to business (B2B) allow or deny list. For more information, see [Allow or block invitations to B2B users from specific organizations](../external-identities/allow-deny-list.md).
 
-1. Select **Add** to add the Azure AD directory or domain. Currently, you can add only one Azure AD directory or domain per connected organization.
+1. Select **Add** to add the Azure AD directory or domain. **You can add multiple Azure AD directories and domains**.
 
-1. After you've added the Azure AD directory or domain, select **Select**.
+1. After you've added the Azure AD directories or domains, select **Select**.
 
-    The organization appears in the list.
+    The organization(s) appears in the list.
 
     ![The "Directory + domain" pane](./media/entitlement-management-organization/organization-directory-domain.png)
 
diff --git a/articles/azure-monitor/app/statsbeat.md b/articles/azure-monitor/app/statsbeat.md
@@ -9,7 +9,7 @@ ms.reviwer: heya
 
 # Statsbeat in Azure Application Insights
 
-Statsbeat collects essential and non-essential [custom metric](../essentials/metrics-custom-overview.md) about Application Insights SDKs and auto-instrumentation. Statsbeat serves three benefits for Azure Monitor Application insights customers:
+Statsbeat collects essential and non-essential [custom metric](../essentials/metrics-custom-overview.md) about Application Insights SDKs and auto-instrumentation. Statsbeat serves three benefits for Azure Monitor Application Insights customers:
 -	Service Health and Reliability (outside-in monitoring of connectivity to ingestion endpoint)
 -	Support Diagnostics (self-help insights and CSS insights)
 -	Product Improvement (insights for design optimizations)
diff --git a/articles/azure-vmware/includes/vmware-software-versions.md b/articles/azure-vmware/includes/vmware-software-versions.md
@@ -19,9 +19,9 @@ The VMware solution software versions used in new deployments of Azure VMware So
 | ESXi                  |    7.0 U3c   | 
 | vSAN                  |    7.0 U3c   |
 | vSAN on-disk format   |    10        |
-| HCX                   |    4.3.3     |
+| HCX                   |    4.4.2     |
 | NSX-T Data Center <br />**NOTE:** NSX-T Data Center is the only supported version of NSX Data Center.               |      [[!INCLUDE [nsxt-version](nsxt-version.md)]](https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/rn/VMware-NSX-T-Data-Center-312-Release-Notes.html)     |
 
 
-The currently running software version is applied to new clusters added to an existing private cloud. For more information, see the [VMware software version requirements for HCX](https://docs.vmware.com/en/VMware-HCX/4.3/hcx-user-guide/GUID-54E5293B-8707-4D29-BFE8-EE63539CC49B.html) and [Understanding vSAN on-disk format versions and compatibility](https://kb.vmware.com/s/article/2148493).
+The currently running software version is applied to new clusters added to an existing private cloud. For more information, see the [VMware software version requirements for HCX](https://docs.vmware.com/en/VMware-HCX/4.4.2/rn/vmware-hcx-442-release-notes/index.html) and [Understanding vSAN on-disk format versions and compatibility](https://kb.vmware.com/s/article/2148493).
 
diff --git a/articles/container-registry/container-registry-transfer-troubleshooting.md b/articles/container-registry/container-registry-transfer-troubleshooting.md
@@ -9,36 +9,36 @@ ms.topic: article
 
 # ACR Transfer troubleshooting
 
-* **Template deployment failures or errors**
+## Template deployment failures or errors
   * If a pipeline run fails, look at the `pipelineRunErrorMessage` property of the run resource.
   * For common template deployment errors, see [Troubleshoot ARM template deployments](../azure-resource-manager/templates/template-tutorial-troubleshoot.md)
-* **Problems accessing Key Vault**<a name="problems-accessing-key-vault"></a>
+## Problems accessing Key Vault
   * If your pipelineRun deployment fails with a `403 Forbidden` error when accessing Azure Key Vault, verify that your pipeline managed identity has adequate permissions.
   * A pipelineRun uses the exportPipeline or importPipeline managed identity to fetch the SAS token secret from your Key Vault. ExportPipelines and importPipelines are provisioned with either a system-assigned or user-assigned managed identity. This managed identity is required to have `secret get` permissions on the Key Vault in order to read the SAS token secret. Ensure that an access policy for the managed identity was added to the Key Vault. For more information, reference [Give the ExportPipeline identity keyvault policy access](./container-registry-transfer-cli.md#give-the-exportpipeline-identity-keyvault-policy-access) and [Give the ImportPipeline identity keyvault policy access](./container-registry-transfer-cli.md#give-the-importpipeline-identity-keyvault-policy-access).
-* **Problems accessing storage**<a name="problems-accessing-storage"></a>
+## Problems accessing storage
   * If you see a `403 Forbidden` error from storage, you likely have a problem with your SAS token.
   * The SAS token might not currently be valid. The SAS token might be expired or the storage account keys might have changed since the SAS token was created. Verify that the SAS token is valid by attempting to use the SAS token to authenticate for access to the storage account container. For example, put an existing blob endpoint followed by the SAS token in the address bar of a new Microsoft Edge InPrivate window or upload a blob to the container with the SAS token by using `az storage blob upload`.
   * The SAS token might not have sufficient Allowed Resource Types. Verify that the SAS token has been given permissions to Service, Container, and Object under Allowed Resource Types (`srt=sco` in the SAS token).
   * The SAS token might not have sufficient permissions. For export pipelines, the required SAS token permissions are Read, Write, List, and Add. For import pipelines, the required SAS token permissions are Read, Delete, and List. (The Delete permission is required only if the import pipeline has the `DeleteSourceBlobOnSuccess` option enabled.)
   * The SAS token might not be configured to work with HTTPS only. Verify that the SAS token is configured to work with HTTPS only (`spr=https` in the SAS token).
-* **Problems with export or import of storage blobs**
+## Problems with export or import of storage blobs
   * SAS token may be invalid, or may have insufficient permissions for the specified export or import run. See [Problems accessing storage](#problems-accessing-storage).
   * Existing storage blob in source storage account might not be overwritten during multiple export runs. Confirm that the OverwriteBlob option is set in the export run and the SAS token has sufficient permissions.
   * Storage blob in target storage account might not be deleted after successful import run. Confirm that the DeleteBlobOnSuccess option is set in the import run and the SAS token has sufficient permissions.
   * Storage blob not created or deleted. Confirm that container specified in export or import run exists, or specified storage blob exists for manual import run.
-* **Problems with Source Trigger Imports**
+## Problems with Source Trigger Imports
   * The SAS token must have the List permission for Source Trigger imports to work.
   * Source Trigger imports will only fire if the Storage Blob has a Last Modified time within the last 60 days.
   * The Storage Blob must have a valid ContentMD5 property in order to be imported by the Source Trigger feature.
   * The Storage Blob must have the "category":"acr-transfer-blob" blob metadata in order to be imported by the Source Trigger feature. This metadata is added automatically during an Export Pipeline Run, but may be stripped when moved from storage account to storage account depending on the method of copy.
-* **AzCopy issues**
+## AzCopy issues
   * See [Troubleshoot AzCopy issues](../storage/common/storage-use-azcopy-configure.md).
-* **Artifacts transfer problems**
+## Artifacts transfer problems
   * Not all artifacts, or none, are transferred. Confirm spelling of artifacts in export run, and name of blob in export and import runs. Confirm you're transferring a maximum of 50 artifacts.
   * Pipeline run might not have completed. An export or import run can take some time.
   * For other pipeline issues, provide the deployment [correlation ID](../azure-resource-manager/templates/deployment-history.md) of the export run or import run to the Azure Container Registry team.
   * To create ACR Transfer resources such as `exportPipelines`,` importPipelines`, and `pipelineRuns`, the user must have at least Contributor access on the ACR subscription. Otherwise, they'll see authorization to perform the transfer denied or scope is invalid errors.
-* **Problems pulling the image in a physically isolated environment**
+## Problems pulling the image in a physically isolated environment
   * If you see errors regarding foreign layers or attempts to resolve mcr.microsoft.com when attempting to pull an image in a physically isolated environment, your image manifest likely has non-distributable layers. Due to the nature of a physically isolated environment, these images will often fail to pull. You can confirm that this is the case by checking the image manifest for any references to external registries. If so, you'll need to push the non-distributable layers to your public cloud ACR prior to deploying an export pipeline-run for that image. For guidance on how to do this, see [How do I push non-distributable layers to a registry?](./container-registry-faq.yml#how-do-i-push-non-distributable-layers-to-a-registry-)
 
   <!-- LINKS - External -->
diff --git a/articles/load-balancer/load-balancer-basic-upgrade-guidance.md b/articles/load-balancer/load-balancer-basic-upgrade-guidance.md
@@ -34,8 +34,6 @@ This section lists out some key differences between these two Load Balancer SKUs
 | ---- | ---- | ---- |
 | **Backend type** | IP based, NIC based | NIC based |
 | **Protocol** | TCP, UDP | TCP, UDP |
-| **[Frontend IP configurations](../azure-resource-manager/management/azure-subscription-service-limits.md#load-balancer)** | Supports up to 600 configurations | Supports up to 200 configurations |
-| **[Backend pool size](../azure-resource-manager/management/azure-subscription-service-limits.md#load-balancer)** | Supports up to 1000 instances | Supports up to 300 instances |
 | **Backend pool endpoints** | Any virtual machines or virtual machine scale sets in a single virtual network | Virtual machines in a single availability set or virtual machine scale set |
 | **[Health probe types](load-balancer-custom-probe-overview.md#probe-types)** | TCP, HTTP, HTTPS | TCP, HTTP |
 | **[Health probe down behavior](load-balancer-custom-probe-overview.md#probe-down-behavior)** | TCP connections stay alive on an instance probe down and on all probes down | TCP connections stay alive on an instance probe down. All TCP connections end when all probes are down |
diff --git a/articles/load-balancer/load-balancer-faqs.yml b/articles/load-balancer/load-balancer-faqs.yml
@@ -86,6 +86,11 @@ sections:
         answer: |
           Follow these [instructions](../firewall/integrate-lb.md) to configure your load balancer with an Azure Firewall.
           
+      - question: |
+          Can I use my custom IP address prefix (BYOIP) with Azure Load Balancer?
+        answer: |
+          Yes, this scenario is supported. You will need to create a public IP prefix and public IP address from your custom IP address prefix before using it with your load balancer. To learn more, visit [Manage a custom IP address prefix](/azure/virtual-network/ip-services/manage-custom-ip-address-prefix). 
+          
       - question: |
           How do I configure my load balancer with an Azure SQL Server Always On availability group?
         answer: |
diff --git a/articles/load-balancer/skus.md b/articles/load-balancer/skus.md
@@ -29,8 +29,6 @@ To compare and understand the differences between Basic and Standard SKU, see th
 | **Scenario** |  Equipped for load-balancing network layer traffic when high performance and ultra-low latency is needed. Routes traffic within and across regions, and to availability zones for high resiliency. | Equipped for small-scale applications that don't need high availability or redundancy. Not compatible with availability zones. |
 | **Backend type** | IP based, NIC based | NIC based |
 | **Protocol** | TCP, UDP | TCP, UDP |
-| **[Frontend IP Configurations](../azure-resource-manager/management/azure-subscription-service-limits.md#load-balancer)** | Supports up to 600 configurations | Supports up to 200 configurations |
-| **[Backend pool size](../azure-resource-manager/management/azure-subscription-service-limits.md#load-balancer)** | Supports up to 5000 instances | Supports up to 300 instances |
 | **Backend pool endpoints** | Any virtual machines or virtual machine scale sets in a single virtual network | Virtual machines in a single availability set or virtual machine scale set |
 | **[Health probes](./load-balancer-custom-probe-overview.md#probe-types)** | TCP, HTTP, HTTPS | TCP, HTTP |
 | **[Health probe down behavior](./load-balancer-custom-probe-overview.md#probe-down-behavior)** | TCP connections stay alive on an instance probe down __and__ on all probes down. | TCP connections stay alive on an instance probe down. All TCP connections end when all probes are down. |
diff --git a/articles/mysql/flexible-server/overview.md b/articles/mysql/flexible-server/overview.md
@@ -176,7 +176,7 @@ One advantage of running your workload in Azure is its global reach. The flexibl
 | Central US | :heavy_check_mark: | :heavy_check_mark: | :x: | :heavy_check_mark: |
 | China East 2 | :heavy_check_mark: | :heavy_check_mark: | :x: | :x: |
 | China North 2 | :heavy_check_mark: | :heavy_check_mark: | :x: | :x: |
-| China North 3 |:heavy_check_mark:  | :heavy_check_mark: | :x: | :x: |
+| China North 3 | :heavy_check_mark:  | :heavy_check_mark: | :x: | :x: |
 | East Asia (Hong Kong) | :heavy_check_mark: | :heavy_check_mark: | :x: | :heavy_check_mark: |
 | East US | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
 | East US 2 | :heavy_check_mark: | :heavy_check_mark: | :x: | :heavy_check_mark: |
diff --git a/articles/openshift/howto-create-private-cluster-4x.md b/articles/openshift/howto-create-private-cluster-4x.md
@@ -37,13 +37,19 @@ If you choose to install and use the CLI locally, this tutorial requires that yo
     az provider register -n Microsoft.RedHatOpenShift --wait
     ```
 
-1. Register the `Microsoft.Compute` resource provider:
+1. Register the `Microsoft.Compute` resource provider (if you haven't already):
 
     ```azurecli-interactive
     az provider register -n Microsoft.Compute --wait
     ```
 
-1. Register the `Microsoft.Storage` resource provider:
+1. Register the `Microsoft.Network` resource provider (if you haven't already):
+
+    ```azurecli-interactive
+    az provider register -n Microsoft.Network --wait
+    ```
+
+1. Register the `Microsoft.Storage` resource provider (if you haven't already):
 
     ```azurecli-interactive
     az provider register -n Microsoft.Storage --wait
@@ -190,7 +196,7 @@ After executing the `az aro create` command, it normally takes about 35 minutes
 >[!IMPORTANT]
 > If you choose to specify a custom domain, for example **foo.example.com**, the OpenShift console will be available at a URL such as `https://console-openshift-console.apps.foo.example.com`, instead of the built-in domain `https://console-openshift-console.apps.<random>.<location>.aroapp.io`.
 >
-> By default OpenShift uses self-signed certificates for all of the routes created on `*.apps.<random>.<location>.aroapp.io`.  If you choose Custom DNS, after connecting to the cluster, you will need to follow the OpenShift documentation to [configure a custom CA for your ingress controller](https://docs.openshift.com/container-platform/4.3/authentication/certificates/replacing-default-ingress-certificate.html) and [custom CA for your API server](https://docs.openshift.com/container-platform/4.3/authentication/certificates/api-server.html).
+> By default OpenShift uses self-signed certificates for all of the routes created on `*.apps.<random>.<location>.aroapp.io`.  If you choose Custom DNS, after connecting to the cluster, you will need to follow the OpenShift documentation to [configure a custom certificate for your ingress controller](https://docs.openshift.com/container-platform/4.8/security/certificates/replacing-default-ingress-certificate.html) and [custom certificate for your API server](https://docs.openshift.com/container-platform/4.8/security/certificates/api-server.html).
 
 ## Connect to the private cluster
 
diff --git a/articles/openshift/support-lifecycle.md b/articles/openshift/support-lifecycle.md
@@ -10,7 +10,7 @@ ms.date: 06/16/2021
 
 # Support lifecycle for Azure Red Hat OpenShift 4
 
-Red Hat releases minor versions of Red Hat OpenShift Container Platform (OCP) roughly every three months. These releases include new features and improvements. Patch releases are more frequent (typically weekly) and are only intended for critical bug fixes within a minor version. These patch releases may include fixes for security vulnerabilities or major bugs.
+Red Hat releases minor versions of Red Hat OpenShift Container Platform (OCP) roughly every four months. These releases include new features and improvements. Patch releases are more frequent (typically weekly) and are only intended for critical bug fixes within a minor version. These patch releases may include fixes for security vulnerabilities or major bugs.
 
 Azure Red Hat OpenShift is built from specific releases of OCP. This article covers the versions of OCP that are supported for Azure Red Hat OpenShift and details about upgrades, deprecations, and support policy.
 
diff --git a/articles/openshift/tutorial-create-cluster.md b/articles/openshift/tutorial-create-cluster.md
@@ -195,8 +195,7 @@ Next, you will create a virtual network containing two empty subnets. If you hav
      --resource-group $RESOURCEGROUP \
      --vnet-name aro-vnet \
      --name master-subnet \
-     --address-prefixes 10.0.0.0/23 \
-     --service-endpoints Microsoft.ContainerRegistry
+     --address-prefixes 10.0.0.0/23
    ```
 
 4. **Add an empty subnet for the worker nodes.**
@@ -206,18 +205,7 @@ Next, you will create a virtual network containing two empty subnets. If you hav
      --resource-group $RESOURCEGROUP \
      --vnet-name aro-vnet \
      --name worker-subnet \
-     --address-prefixes 10.0.2.0/23 \
-     --service-endpoints Microsoft.ContainerRegistry
-   ```
-
-5. **[Disable subnet private endpoint policies](../private-link/disable-private-link-service-network-policy.md) on the master subnet.** This is required for the service to be able to connect to and manage the cluster.
-
-   ```azurecli-interactive
-   az network vnet subnet update \
-     --name master-subnet \
-     --resource-group $RESOURCEGROUP \
-     --vnet-name aro-vnet \
-     --disable-private-link-service-network-policies true
+     --address-prefixes 10.0.2.0/23
    ```
 
 ## Create the cluster
diff --git a/articles/virtual-machines/workloads/sap/os-upgrade-hana-large-instance.md b/articles/virtual-machines/workloads/sap/os-upgrade-hana-large-instance.md
