Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Banani-Rath

articles/active-directory/develop/v2-oauth-ropc.md

@@ -20,9 +20,12 @@ ms.custom: aaddev
 ms.collection: M365-identity-device-management
 ---
 
-# Microsoft identity platform and the OAuth 2.0 resource owner password credential
+# Microsoft identity platform and the OAuth 2.0 Resource Owner Password Credentials
 
-Microsoft identity platform supports the [resource owner password credential (ROPC) grant](https://tools.ietf.org/html/rfc6749#section-4.3), which allows an application to sign in the user by directly handling their password. The ROPC flow requires a high degree of trust and user exposure and you should only use this flow when other, more secure, flows can't be used.
+Microsoft identity platform supports the [OAuth 2.0 Resource Owner Password Credentials (ROPC) grant](https://tools.ietf.org/html/rfc6749#section-4.3), which allows an application to sign in the user by directly handling their password.
+
+> [!WARNING]
+> Microsoft recommends you do _not_ use the ROPC flow. In most scenarios, more secure alternatives are available and recommended. This flow requires a very high degree of trust in the application, and carries risks which are not present in other flows. You should only use this flow when other more secure flows can't be used.
 
 > [!IMPORTANT]
 >

articles/active-directory/saas-apps/aws-multi-accounts-tutorial.md

@@ -360,6 +360,7 @@ For more information about the Access Panel, see [Introduction to the Access
 
 ## Additional resources
 
+* [How to configure provisioning using MS Graph APIs](https://docs.microsoft.com/azure/active-directory/manage-apps/application-provisioning-configure-api)
 * [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](tutorial-list.md)
 * [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
 

articles/aks/ingress-static-ip.md

@@ -123,7 +123,7 @@ kubectl apply --validate=false -f https://raw.githubusercontent.com/jetstack/cer
 kubectl create namespace cert-manager
 
 # Label the cert-manager namespace to disable resource validation
-kubectl label namespace cert-manager certmanager.k8s.io/disable-validation=true
+kubectl label namespace cert-manager cert-manager.io/disable-validation=true
 
 # Add the Jetstack Helm repository
 helm repo add jetstack https://charts.jetstack.io
@@ -148,7 +148,7 @@ Before certificates can be issued, cert-manager requires an [Issuer][cert-manage
 Create a cluster issuer, such as `cluster-issuer.yaml`, using the following example manifest. Update the email address with a valid address from your organization:
 
 ```yaml
-apiVersion: certmanager.k8s.io/v1alpha1
+apiVersion: cert-manager.io/v1alpha2
 kind: ClusterIssuer
 metadata:
   name: letsencrypt-staging
@@ -167,7 +167,7 @@ To create the issuer, use the `kubectl apply -f cluster-issuer.yaml` command.
 ```
 $ kubectl apply -f cluster-issuer.yaml
 
-clusterissuer.certmanager.k8s.io/letsencrypt-staging created
+clusterissuer.cert-manager.io/letsencrypt-staging created
 ```
 
 ## Run demo applications
@@ -211,7 +211,7 @@ metadata:
   namespace: ingress-basic
   annotations:
     kubernetes.io/ingress.class: nginx
-    certmanager.k8s.io/cluster-issuer: letsencrypt-staging
+    cert-manager.io/cluster-issuer: letsencrypt-staging
     nginx.ingress.kubernetes.io/rewrite-target: /$1
 spec:
   tls:
@@ -262,7 +262,7 @@ Type    Reason          Age   From          Message
 If you need to create an additional certificate resource, you can do so with the following example manifest. Update the *dnsNames* and *domains* to the DNS name you created in a previous step. If you use an internal-only ingress controller, specify the internal DNS name for your service.
 
 ```yaml
-apiVersion: certmanager.k8s.io/v1alpha1
+apiVersion: cert-manager.io/v1alpha2
 kind: Certificate
 metadata:
   name: tls-secret
@@ -287,7 +287,7 @@ To create the certificate resource, use the `kubectl apply -f certificates.yaml`
 ```
 $ kubectl apply -f certificates.yaml
 
-certificate.certmanager.k8s.io/tls-secret created
+certificate.cert-manager.io/tls-secret created
 ```
 
 ## Test the ingress configuration

articles/availability-zones/az-overview.md

@@ -48,6 +48,7 @@ The combinations of Azure services and regions that support Availability Zones a
 | Linux Virtual Machines          | ✓   | ✓     | ✓  | ✓  | ✓       | ✓     | ✓ | ✓    | ✓   | ✓       |
 | Windows Virtual Machines        | ✓   | ✓     | ✓  | ✓  | ✓       | ✓     | ✓ | ✓    | ✓   | ✓       |
 | Virtual Machine Scale Sets      | ✓   | ✓     | ✓  | ✓  | ✓       | ✓     | ✓ | ✓    | ✓   | ✓       |
+| Azure Kubernetes Service        | ✓   | ✓     | ✓  | ✓  | ✓       | ✓     | ✓ | ✓    | ✓   | ✓       |
 | **Storage**   |            |              |           |           |                |              |          |             |            |                |
 | Managed Disks                   | ✓   | ✓     | ✓  | ✓  | ✓       | ✓     | ✓ | ✓    | ✓   | ✓       |
 | Zone-redundant Storage          | ✓   | ✓     | ✓  | ✓  | ✓       | ✓     | ✓ | ✓    | ✓   | ✓       |
@@ -92,6 +93,7 @@ There is no additional cost for virtual machines deployed in an Availability Zon
 - [Add zone redundant region for Azure Cosmos DB](../cosmos-db/high-availability.md#availability-zone-support)
 - [Getting Started Azure Cache for Redis Availability Zones](https://aka.ms/redis/az/getstarted)
 - [Create an Azure Active Directory Domain Services instance](../active-directory-domain-services/tutorial-create-instance.md)
+- [Create an Azure Kubernetes Service (AKS) cluster that uses Availability Zones](../aks/availability-zones.md)
 
 ## Next steps
 - [Quickstart templates](https://aka.ms/azqs)

articles/azure-functions/functions-test-a-function.md

@@ -216,7 +216,7 @@ namespace Functions.Tests
         public async void Http_trigger_should_return_known_string()
         {
             var request = TestFactory.CreateHttpRequest("name", "Bill");
-            var response = (OkObjectResult)await HttpFunction.Run(request, logger);
+            var response = (OkObjectResult)await HttpTrigger.Run(request, logger);
             Assert.Equal("Hello, Bill", response.Value);
         }
 
@@ -225,7 +225,7 @@ namespace Functions.Tests
         public async void Http_trigger_should_return_known_string_from_member_data(string queryStringKey, string queryStringValue)
         {
             var request = TestFactory.CreateHttpRequest(queryStringKey, queryStringValue);
-            var response = (OkObjectResult)await HttpFunction.Run(request, logger);
+            var response = (OkObjectResult)await HttpTrigger.Run(request, logger);
             Assert.Equal($"Hello, {queryStringValue}", response.Value);
         }
 

articles/azure-monitor/insights/container-insights-alerts.md

@@ -304,4 +304,4 @@ Follow these steps to create a log alert in Azure Monitor by using one of the lo
 ## Next steps
 
 - View [log query examples](container-insights-log-search.md#search-logs-to-analyze-data) to see pre-defined queries and examples to evaluate or customize for alerting, visualizing, or analyzing your clusters.
-- To learn more about Azure Monitor and how to monitor other aspects of your AKS cluster, see [View Azure Kubernetes Service health](container-insights-analyze.md).
+- To learn more about Azure Monitor and how to monitor other aspects of your Kubernetes cluster, see [View Kubernetes cluster performance](container-insights-analyze.md) and [View Kubernetes cluster health](container-insights-health.md).

articles/azure-monitor/insights/container-insights-azure-redhat-setup.md

@@ -0,0 +1,203 @@
+---
+title: Configure Azure Red Hat OpenShift clusters with Azure Monitor for containers | Microsoft Docs
+description: This article describes how you can configure Azure Monitor for containers to monitor Kubernetes clusters hosted on Azure Red Hat OpenShift.
+ms.service:  azure-monitor
+ms.subservice: 
+ms.topic: conceptual
+author: mgoedtel
+ms.author: magoedte
+ms.date: 11/18/2019
+---
+
+# Configure Azure Red Hat OpenShift clusters with Azure Monitor for containers
+
+Azure Monitor for containers provides rich monitoring experience for the Azure Kubernetes Service (AKS) and AKS Engine clusters. This article describes how to enable monitoring of Kubernetes clusters hosted on [Azure Red Hat OpenShift](../../openshift/intro-openshift.md) to achieve a similar monitoring experience.
+
+Azure Monitor for containers can be enabled for new, or one or more existing deployments of Azure Red Hat OpenShift using the following supported methods:
+
+- For an existing cluster from the Azure portal or using Azure Resource Manager template
+- For a new cluster using Azure Resource Manager template 
+
+## Supported and unsupported features
+
+Azure Monitor for containers supports monitoring Azure Red Hat OpenShift as described in the [Overview](container-insights-overview.md) article, except for the following features:
+
+- Live data
+- Prometheus metrics scraping
+- Collecting metrics
+- Health feature
+
+## Prerequisites
+
+- To enable and access the features in Azure Monitor for containers, at a minimum you need to be a member of the Azure *Contributor* role in the Azure subscription, and a member of the [*Log Analytics Contributor*](../platform/manage-access.md#manage-access-using-azure-permissions) role of the Log Analytics workspace configured with Azure Monitor for containers.
+
+- To view the monitoring data, you are a member of the [*Log Analytics reader*](../platform/manage-access.md#manage-access-using-azure-permissions) role permission with the Log Analytics workspace configured with Azure Monitor for containers.
+
+## Enable for a new cluster using an Azure Resource Manager template
+
+Perform the following steps to deploy an Azure Red Hat OpenShift cluster with monitoring enabled. Before proceeding, review the tutorial [Create an Azure Red Hat OpenShift cluster](../../openshift/tutorial-create-cluster.md#prerequisites) to understand the dependencies that you need to configure so your environment is set up correctly.
+
+This method includes two JSON templates. One template specifies the configuration to deploy the cluster with monitoring enabled, and the other contains parameter values that you configure to specify the following:
+
+- The Azure Red Hat OpenShift cluster resource ID. 
+
+- The resource group the cluster is deployed in.
+
+- [Azure Active Directory tenant ID](../../openshift/howto-create-tenant.md#create-a-new-azure-ad-tenant) noted after performing the steps to create one or one already created.
+
+- [Azure Active Directory client application ID](../../openshift/howto-aad-app-configuration.md#create-an-azure-ad-app-registration) noted after performing the steps to create one or one already created.
+
+- [Azure Active Directory Client secret](../../openshift/howto-aad-app-configuration.md#create-a-client-secret) noted after performing the steps to create one or one already created.
+
+- [Azure AD security group](../../openshift/howto-aad-app-configuration.md#create-an-azure-ad-security-group) noted after performing the steps to create one or one already created.
+
+- Resource ID of an existing Log Analytics workspace.
+
+- The number of master nodes to create in the cluster.
+
+- The number of compute nodes in the agent pool profile.
+
+- The number of infrastructure nodes in the agent pool profile. 
+
+If you are unfamiliar with the concept of deploying resources by using a template, see:
+
+- [Deploy resources with Resource Manager templates and Azure PowerShell](../../azure-resource-manager/resource-group-template-deploy.md)
+
+- [Deploy resources with Resource Manager templates and the Azure CLI](../../azure-resource-manager/resource-group-template-deploy-cli.md)
+
+If you choose to use the Azure CLI, you first need to install and use the CLI locally. You must be running the Azure CLI version 2.0.65 or later. To identify your version, run `az --version`. If you need to install or upgrade the Azure CLI, see [Install the Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli). 
+
+The Log Analytics workspace has to be created before you enable monitoring using Azure PowerShell or CLI. To create the workspace, you can set it up through [Azure Resource Manager](../../azure-monitor/platform/template-workspace-configuration.md), through [PowerShell](../scripts/powershell-sample-create-workspace.md?toc=%2fpowershell%2fmodule%2ftoc.json), or in the [Azure portal](../../azure-monitor/learn/quick-create-workspace.md).
+
+1. Download and save to a local folder, the Azure Resource Manager template and parameter file, to create a cluster with the monitoring add-on using the following commands:
+
+    `curl -LO https://raw.githubusercontent.com/microsoft/OMS-docker/ci_feature/docs/aro/enable_monitoring_to_new_cluster/newClusterWithMonitoring.json`
+
+    `curl -LO https://raw.githubusercontent.com/microsoft/OMS-docker/ci_feature/docs/aro/enable_monitoring_to_new_cluster/newClusterWithMonitoringParam.json` 
+
+2. Sign in to Azure 
+
+    ```azurecli
+    az login    
+    ```
+    
+    If you have access to multiple subscriptions, run `az account set -s {subscription ID}` replacing `{subscription ID}` with the subscription you want to use.
+ 
+3. Create a resource group for your cluster if you don't already have one. For a list of Azure regions that supports OpenShift on Azure, see [Supported Regions](../../openshift/supported-resources.md#azure-regions). 
+
+    ```azurecli
+    az group create -g <clusterResourceGroup> -l <location> 
+    ```
+
+4. Edit the JSON parameter file **newClusterWithMonitoringParam.json** and update the following values:
+
+    - *location*
+    - *clusterName*
+    - *aadTenantId*
+    - *aadClientId*
+    - *aadClientSecret* 
+    - *aadCustomerAdminGroupId* 
+    - *workspaceResourceId*
+    - *masterNodeCount*
+    - *computeNodeCount*
+    - *infraNodeCount*
+
+5. The following step deploys the cluster with monitoring enabled by using the Azure CLI. 
+
+    ```azurecli
+    az group deployment create --resource-group <ClusterResourceGroupName> --template-file ./newClusterWithMonitoring.json --parameters @./newClusterWithMonitoringParam.json 
+    ```
+ 
+    The output resembles the following:
+
+    ```azurecli
+    provisioningState       : Succeeded
+    ```
+
+## Enable for an existing cluster
+
+Perform the following steps to enable monitoring of an Azure Red Hat OpenShift cluster deployed in Azure. You can accomplish this from the Azure portal or using the provided templates.
+
+### From the Azure portal
+ 
+1. Sign in to the [Azure portal](https://portal.azure.com).
+
+2. On the Azure portal menu or from the Home page, select **Azure Monitor**. Under the **Insights** section, select **Containers**. 
+
+3. On the **Monitor - containers** page, select **Non-monitored clusters**.
+
+4. From the list of non-monitored clusters, find the cluster in the list and click **Enable**. You can identify the results in the list by looking for the value **ARO** under the column **CLUSTER TYPE**.
+
+5. On the **Onboarding to Azure Monitor for containers** page, if you have an existing Log Analytics workspace in the same subscription as the cluster, select it from the drop-down list.  
+    The list preselects the default workspace and location that the cluster is deployed to in the subscription. 
+
+    ![Enable monitoring for non-monitored clusters](./media/container-insights-onboard/kubernetes-onboard-brownfield-01.png)
+
+    >[!NOTE]
+    >If you want to create a new Log Analytics workspace for storing the monitoring data from the cluster, follow the instructions in [Create a Log Analytics workspace](../../azure-monitor/learn/quick-create-workspace.md). Be sure to create the workspace in the same subscription that the RedHat OpenShift cluster is deployed to. 
+ 
+After you've enabled monitoring, it might take about 15 minutes before you can view health metrics for the cluster. 
+
+### Enable using an Azure Resource Manager template
+
+This method includes two JSON templates. One template specifies the configuration to enable monitoring, and the other contains parameter values that you configure to specify the following:
+
+- The Azure RedHat OpenShift cluster resource ID. 
+
+- The resource group the cluster is deployed in.
+
+- A Log Analytics workspace.
+
+If you are unfamiliar with the concept of deploying resources by using a template, see:
+
+- [Deploy resources with Resource Manager templates and Azure PowerShell](../../azure-resource-manager/resource-group-template-deploy.md)
+
+- [Deploy resources with Resource Manager templates and the Azure CLI](../../azure-resource-manager/resource-group-template-deploy-cli.md)
+
+If you choose to use the Azure CLI, you first need to install and use the CLI locally. You must be running the Azure CLI version 2.0.65 or later. To identify your version, run `az --version`. If you need to install or upgrade the Azure CLI, see [Install the Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli). 
+
+The Log Analytics workspace has to be created before you enable monitoring using Azure PowerShell or CLI. To create the workspace, you can set it up through [Azure Resource Manager](../../azure-monitor/platform/template-workspace-configuration.md), through [PowerShell](../scripts/powershell-sample-create-workspace.md?toc=%2fpowershell%2fmodule%2ftoc.json), or in the [Azure portal](../../azure-monitor/learn/quick-create-workspace.md).
+
+1. Download the template and parameter file to update your cluster with the monitoring add-on using the following commands:
+
+    `curl -LO https://raw.githubusercontent.com/microsoft/OMS-docker/ci_feature/docs/aro/enable_monitoring_to_existing_cluster/existingClusterOnboarding.json`
+
+    `curl -LO https://raw.githubusercontent.com/microsoft/OMS-docker/ci_feature/docs/aro/enable_monitoring_to_existing_cluster/existingClusterParam.json` 
+
+2. Sign in to Azure 
+
+    ```azurecli
+    az login    
+    ```
+
+    If you have access to multiple subscriptions, run `az account set -s {subscription ID}` replacing `{subscription ID}` with the subscription you want to use.
+
+3. Specify the subscription of the Azure RedHat OpenShift cluster.
+
+    ```azurecli
+    az account set --subscription "Subscription Name"  
+    ```
+
+4. Run the following command to identify the cluster location and resource ID:
+
+    ```azurecli
+    az openshift show -g <clusterResourceGroup> -n <clusterName> 
+    ```
+
+5. Edit the JSON parameter file **existingClusterParam.json** and update the values *araResourceId* and *araResoruceLocation*. The value for **workspaceResourceId** is the full resource ID of your Log Analytics workspace, which includes the workspace name. 
+
+6. To deploy with Azure CLI, run the following commands: 
+
+    ```azurecli
+    az group deployment create --resource-group <ClusterResourceGroupName> --template-file ./ExistingClusterOnboarding.json --parameters @./existingClusterParam.json 
+    ```
+
+    The output resembles the following:
+
+    ```azurecli
+    provisioningState       : Succeeded
+    ```
+
+## Next steps
+
+With monitoring enabled to collect health and resource utilization of your RedHat OpenShift cluster and workloads running on them, learn [how to use](container-insights-analyze.md) Azure Monitor for containers.