Merge pull request #215810 from MicrosoftDocs/main

10/25 AM Publish

Author: huypub

.openpublishing.redirection.virtual-desktop.json

@@ -34,6 +34,46 @@
             "source_path": "articles/virtual-desktop/azure-stack-hci-faq.yml",
             "redirect_url": "/azure/virtual-desktop/azure-stack-hci",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/virtual-desktop/user-documentation/connect-android.md",
+            "redirect_url": "/azure/virtual-desktop/users/connect-android-chrome-os",
+            "redirect_document_id": true
+        },
+        {
+            "source_path_from_root": "/articles/virtual-desktop/user-documentation/connect-ios.md",
+            "redirect_url": "/azure/virtual-desktop/users/connect-ios-ipados",
+            "redirect_document_id": true
+        },
+        {
+            "source_path_from_root": "/articles/virtual-desktop/user-documentation/connect-macos.md",
+            "redirect_url": "/azure/virtual-desktop/users/connect-macos",
+            "redirect_document_id": true
+        },
+        {
+            "source_path_from_root": "/articles/virtual-desktop/user-documentation/connect-microsoft-store.md",
+            "redirect_url": "/azure/virtual-desktop/users/connect-microsoft-store",
+            "redirect_document_id": true
+        },
+        {
+            "source_path_from_root": "/articles/virtual-desktop/user-documentation/connect-web.md",
+            "redirect_url": "/azure/virtual-desktop/users/connect-web",
+            "redirect_document_id": true
+        },
+        {
+            "source_path_from_root": "/articles/virtual-desktop/user-documentation/connect-windows-7-10.md",
+            "redirect_url": "/azure/virtual-desktop/users/connect-windows",
+            "redirect_document_id": true
+        },
+        {
+            "source_path_from_root": "/articles/virtual-desktop/user-documentation/index.yml",
+            "redirect_url": "/azure/virtual-desktop/users/",
+            "redirect_document_id": true
+        },
+        {
+            "source_path_from_root": "/articles/virtual-desktop/user-documentation/linux-overview.md",
+            "redirect_url": "/azure/virtual-desktop/users/connect-thin-clients",
+            "redirect_document_id": true
         }
     ]
 }

articles/active-directory/fundamentals/users-default-permissions.md

@@ -53,7 +53,6 @@ You can restrict default permissions for member users in the following ways:
 | Permission | Setting explanation |
 | ---------- | ------------ |
 | **Register applications** | Setting this option to **No** prevents users from creating application registrations. You can the grant the ability back to specific individuals by adding them to the application developer role. |
-| **Create tenants** | Setting this option to **No** prevents users from creating new Azure AD or Azure AD B2C tenants. You can grant the ability back to specific individuals by adding them to tenant creator role. |
 | **Allow users to connect work or school account with LinkedIn** | Setting this option to **No** prevents users from connecting their work or school account with their LinkedIn account. For more information, see [LinkedIn account connections data sharing and consent](../enterprise-users/linkedin-user-consent.md). |
 | **Create security groups** | Setting this option to **No** prevents users from creating security groups. Global administrators and user administrators can still create security groups. To learn how, see [Azure Active Directory cmdlets for configuring group settings](../enterprise-users/groups-settings-cmdlets.md). |
 | **Create Microsoft 365 groups** | Setting this option to **No** prevents users from creating Microsoft 365 groups. Setting this option to **Some** allows a set of users to create Microsoft 365 groups. Global administrators and user administrators can still create Microsoft 365 groups. To learn how, see [Azure Active Directory cmdlets for configuring group settings](../enterprise-users/groups-settings-cmdlets.md). |

articles/active-directory/managed-identities-azure-resources/managed-identities-status.md

@@ -47,6 +47,7 @@ The following Azure services support managed identities for Azure resources:
 | Azure DevTest Labs             | [Enable user-assigned managed identities on lab virtual machines in Azure DevTest Labs](../../devtest-labs/enable-managed-identities-lab-vms.md) |
 | Azure Digital Twins             | [Enable a managed identity for routing Azure Digital Twins events](../../digital-twins/how-to-enable-managed-identities-portal.md)                                                                                            |
 | Azure Event Grid                | [Event delivery with a managed identity](../../event-grid/managed-service-identity.md)
+| Azure Event Hubs                | [Authenticate a managed identity with Azure Active Directory to access Event Hubs Resources](../../event-hubs/authenticate-managed-identity.md)
 | Azure Image Builder             | [Azure Image Builder overview](../../virtual-machines/image-builder-overview.md#permissions)                                                                                                    |
 | Azure Import/Export             | [Use customer-managed keys in Azure Key Vault for Import/Export service](../../import-export/storage-import-export-encryption-key-portal.md)
 | Azure IoT Hub                   | [IoT Hub support for virtual networks with Private Link and Managed Identity](../../iot-hub/virtual-network-support.md)                                                                               |

articles/aks/TOC.yml

@@ -378,6 +378,8 @@
           href: internal-lb.md
         - name: Use a Standard Load Balancer
           href: load-balancer-standard.md
+        - name: Use kube-proxy configuration (IPVS)
+          href: configure-kube-proxy.md
         - name: Use a static IP address and DNS label
           href: static-ip.md
         - name: Use an HTTP proxy

articles/aks/azure-cni-overlay.md

@@ -14,8 +14,9 @@ The traditional [Azure Container Networking Interface (CNI)](./configure-azure-c
 With Azure CNI Overlay, the cluster nodes are deployed into an Azure Virtual Network subnet, whereas pods are assigned IP addresses from a private CIDR logically different from the VNet hosting the nodes. Pod and node traffic within the cluster use an overlay network, and Network Address Translation (via the node's IP address) is used to reach resources outside the cluster. This solution saves a significant amount of VNet IP addresses and enables you to seamlessly scale your cluster to very large sizes. An added advantage is that the private CIDR can be reused in different AKS clusters, truly extending the IP space available for containerized applications in AKS.
 
 > [!NOTE]
-> - Azure CNI Overlay is currently only available in US West Central region.
-
+> Azure CNI Overlay is currently available in the following regions:
+> - North Central US
+> - West Central US
 ## Overview of overlay networking
 
 In overlay networking, only the Kubernetes cluster nodes are assigned IPs from a subnet. Pods receive IPs from a private CIDR that is provided at the time of cluster creation. Each node is assigned a `/24` address space carved out from the same CIDR. Additional nodes that are created when you scale out a cluster automatically receive `/24` address spaces from the same CIDR. Azure CNI assigns IPs to pods from this `/24` space.

articles/aks/concepts-sustainable-software-engineering.md

@@ -3,7 +3,7 @@ title: Concepts - Sustainable software engineering in Azure Kubernetes Services
 description: Learn about sustainable software engineering in Azure Kubernetes Service (AKS).
 services: container-service
 ms.topic: conceptual
-ms.date: 10/21/2022
+ms.date: 10/25/2022
 ---
 
 # Sustainable software engineering practices in Azure Kubernetes Service (AKS)
@@ -61,7 +61,7 @@ We recommend careful consideration of these design patterns for building a susta
 | [Enable cluster and node auto-updates](#enable-cluster-and-node-auto-updates) |  | ✔️ |
 | [Install supported add-ons and extensions](#install-supported-add-ons-and-extensions) | ✔️ | ✔️ |
 | [Containerize your workload where applicable](#containerize-your-workload-where-applicable) | ✔️ |  |
-| [Use spot node pools when possible](#use-spot-node-pools-when-possible) |  | ✔️ |
+| [Use energy efficient hardware](#use-energy-efficient-hardware) |  | ✔️ |
 | [Match the scalability needs and utilize auto-scaling and bursting capabilities](#match-the-scalability-needs-and-utilize-auto-scaling-and-bursting-capabilities) |  | ✔️ |
 | [Turn off workloads and node pools outside of business hours](#turn-off-workloads-and-node-pools-outside-of-business-hours) | ✔️ | ✔️ |
 | [Delete unused resources](#delete-unused-resources) | ✔️ | ✔️ |
@@ -120,11 +120,11 @@ Containers allow for reducing unnecessary resource allocation and making better
 
 * Use [Draft](/azure/aks/draft) to simplify application containerization by generating Dockerfiles and Kubernetes manifests.
 
-### Use spot node pools when possible
+### Use energy efficient hardware
 
-Spot nodes use Spot VMs and are great for workloads that can handle interruptions, early terminations, or evictions such as batch processing jobs and development and testing environments.
+Ampere's Cloud Native Processors are uniquely designed to meet both the high performance and power efficiency needs of the cloud.
 
-* Use [spot node pools](/azure/aks/spot-node-pool) to take advantage of unused capacity in Azure at a significant cost saving for a more sustainable platform design for your [interruptible workloads](/azure/architecture/guide/spot/spot-eviction).
+* Evaluate if nodes with [Ampere Altra Arm–based processors](https://azure.microsoft.com/blog/azure-virtual-machines-with-ampere-altra-arm-based-processors-generally-available/) are a good option for your workloads.
 
 ### Match the scalability needs and utilize auto-scaling and bursting capabilities
 

articles/aks/configure-kube-proxy.md

@@ -0,0 +1,132 @@
+---
+title: Configure kube-proxy (iptables/IPVS) (preview)
+titleSuffix: Azure Kubernetes Service
+description: Learn how to configure kube-proxy to utilize different load balancing configurations with Azure Kubernetes Service (AKS).
+services: container-service
+ms.topic: article
+ms.date: 10/25/2022
+ms.author: pahealy
+author: phealy
+
+#Customer intent: As a cluster operator, I want to utilize a different kube-proxy configuration.
+---
+
+# Configure `kube-proxy` in Azure Kubernetes Service (AKS) (preview)
+
+`kube-proxy` is a component of Kubernetes that handles routing traffic for services within the cluster. There are two backends available for Layer 3/4 load balancing in upstream `kube-proxy` - iptables and IPVS. 
+
+- iptables is the default backend utilized in the majority of Kubernetes clusters. It is simple and well supported, but is not as efficient or intelligent as IPVS.
+- IPVS utilizes the Linux Virtual Server, a layer 3/4 load balancer built into the Linux kernel. IPVS provides a number of advantages over the default iptables configuration, including state awareness, connection tracking, and more intelligent load balancing.
+
+The AKS managed `kube-proxy` DaemonSet can also be disabled entirely if that is desired to support [bring-your-own CNI][aks-byo-cni].
+
+[!INCLUDE [preview features callout](./includes/preview/preview-callout.md)]
+
+## Prerequisites
+
+* Azure CLI with aks-preview extension 0.5.105 or later.
+* If using ARM or the REST API, the AKS API version must be 2022-08-02-preview or later.
+
+### Install the aks-preview CLI extension
+
+```azurecli-interactive
+# Install the aks-preview extension
+az extension add --name aks-preview
+
+# Update the extension to make sure you have the latest version installed
+az extension update --name aks-preview
+```
+
+### Register the `KubeProxyConfigurationPreview` preview feature
+
+To create an AKS cluster with custom `kube-proxy` configuration, you must enable the `KubeProxyConfigurationPreview` feature flag on your subscription.
+
+Register the `KubeProxyConfigurationPreview` feature flag by using the `az feature register` command, as shown in the following example:
+
+```azurecli-interactive
+az feature register --namespace "Microsoft.ContainerService" --name "KubeProxyConfigurationPreview"
+```
+
+It takes a few minutes for the status to show *Registered*. Verify the registration status by using the `az feature list` command:
+
+```azurecli-interactive
+az feature list -o table --query "[?contains(name, 'Microsoft.ContainerService/KubeProxyConfigurationPreview')].{Name:name,State:properties.state}"
+```
+
+When the feature has been registered, refresh the registration of the *Microsoft.ContainerService* resource provider by using the `az provider register` command:
+
+```azurecli-interactive
+az provider register --namespace Microsoft.ContainerService
+```
+
+## Configurable options
+
+The full `kube-proxy` configuration structure can be found in the [AKS Cluster Schema][aks-schema-kubeproxyconfig].
+
+- `enabled` - whether or not to deploy the `kube-proxy` DaemonSet. Defaults to true.
+- `mode` - can be set to `IPTABLES` or `IPVS`. Defaults to `IPTABLES`.
+- `ipvsConfig` - if `mode` is `IPVS`, this object contains IPVS-specific configuration properties.
+  - `scheduler` - which connection scheduler to utilize. Supported values:
+    - `LeastConnections` - sends connections to the backend pod with the fewest connections
+    - `RoundRobin` - distributes connections evenly between backend pods
+  - `tcpFinTimeoutSeconds` - the value used for timeout after a FIN has been received in a TCP session
+  - `tcpTimeoutSeconds` - the value used for timeout length for idle TCP sessions
+  - `udpTimeoutSeconds` - the value used for timeout length for idle UDP sessions
+
+> [!NOTE]
+> IPVS load balancing operates in each node independently and is still only aware of connections flowing through the local node. This means that while `LeastConnections` results in more even load under higher number of connections, when low numbers of connections (# connects < 2 * node count) occur traffic may still be relatively unbalanced.
+
+## Utilize `kube-proxy` configuration in a new or existing AKS cluster using Azure CLI
+
+`kube-proxy` configuration is a cluster-wide setting. No action is needed to update your services.
+
+>[!WARNING]
+> Changing the kube-proxy configuration may cause a slight interruption in cluster service traffic flow.
+
+To begin, create a JSON configuration file with the desired settings:
+
+### Create a configuration file
+
+```json
+{
+  "enabled": true,
+  "mode": "IPVS",
+  "ipvsConfig": {
+    "scheduler": "LeastConnection",
+    "TCPTimeoutSeconds": 900,
+    "TCPFINTimeoutSeconds": 120,
+    "UDPTimeoutSeconds": 300
+  }
+}
+```
+
+### Deploy a new cluster
+
+Deploy your cluster using `az aks create` and pass in the configuration file:
+
+```bash
+az aks create -g <resourceGroup> -n <clusterName> --kube-proxy-config kube-proxy.json
+```
+
+### Update an existing cluster
+
+Configure your cluster using `az aks update` and pass in the configuration file:
+
+```bash
+az aks update -g <resourceGroup> -n <clusterName> --kube-proxy-config kube-proxy.json
+```
+
+## Next steps
+
+Learn more about utilizing the Standard Load Balancer for inbound traffic at the [AKS Standard Load Balancer documentation][load-balancer-standard.md].
+
+Learn more about using Internal Load Balancer for Inbound traffic at the [AKS Internal Load Balancer documentation](internal-lb.md).
+
+Learn more about Kubernetes services at the [Kubernetes services documentation][kubernetes-services].
+
+<!-- LINKS - External -->
+[kubernetes-services]: https://kubernetes.io/docs/concepts/services-networking/service/
+[aks-schema-kubeproxyconfig]: /azure/templates/microsoft.containerservice/managedclusters?pivots=deployment-language-bicep#containerservicenetworkprofilekubeproxyconfig
+
+<!-- LINKS - Internal -->
+[aks-byo-cni]: use-byo-cni.md

articles/automation/automation-config-aws-account.md

@@ -4,28 +4,31 @@ description: This article tells how to authenticate runbooks with Amazon Web Ser
 keywords: aws authentication, configure aws
 services: automation
 ms.subservice: process-automation
-ms.date: 04/23/2020
+ms.date: 10/28/2022
+ms.custom: engagement-fy23
 ms.topic: conceptual
 ---
 # Authenticate runbooks with Amazon Web Services
 
-Automating common tasks with resources in Amazon Web Services (AWS) can be accomplished with Automation runbooks in Azure. You can automate many tasks in AWS using Automation runbooks just like you can with resources in Azure. For authentication, you must have an Azure subscription.
+You can automate common tasks with resources in Amazon Web Services (AWS) using Automation runbooks in Azure. You can automate many tasks in AWS using Automation runbooks similar to the resources in Azure. Ensure that you have the Azure subscription to authenticate. 
 
 ## Obtain AWS subscription and credentials
 
-To authenticate with AWS, you must obtain an AWS subscription and specify a set of AWS credentials to authenticate your runbooks running from Azure Automation. Specific credentials required are the AWS Access Key and Secret Key. See [Using AWS Credentials](https://docs.aws.amazon.com/powershell/latest/userguide/specifying-your-aws-credentials.html).
+Ensure that you obtain an AWS subscription and specify a set of AWS credentials to authenticate your runbooks running from Azure Automation. Specific credentials required are the AWS Access Key and Secret Key. See [Using AWS Credentials](https://docs.aws.amazon.com/powershell/latest/userguide/specifying-your-aws-credentials.html).
 
 ## Configure Automation account
 
 You can use an existing Automation account to authenticate with AWS. Alternatively, you can dedicate an account for runbooks targeting AWS resources. In this case, create a new [Automation account](automation-create-standalone-account.md).  
 
 ## Store AWS credentials
 
-You must store the AWS credentials as assets in Azure Automation. See [Managing Access Keys for your AWS Account](https://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html) for instructions on creating the Access Key and the Secret Key. When the keys are available, copy the Access Key ID and the Secret Key ID in a safe place. You can download your key file to store it somewhere safe.
+You must store the AWS credentials as assets in Azure Automation. See [Managing Access Keys for your AWS Account](https://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html) for instructions on how to create the Access Key and the Secret Key. When the keys are available, copy the Access Key ID and the Secret Key ID in a safe place. You can download your key file to store it safely.
 
-## Create credential asset
+### Create credential asset
 
-After you have created and copied your AWS security keys, you must create a Credential asset with the Automation account. The asset allows you to securely store the AWS keys and reference them in your runbooks. See [Create a new credential asset with the Azure portal](shared-resources/credentials.md#create-a-new-credential-asset-with-the-azure-portal). Enter the following AWS information in the fields provided:
+After you have created and copied your AWS security keys, you must create a Credential asset with the Automation account. The asset allows you to securely store the AWS keys and reference them in your runbooks. See [Create a new credential asset with the Azure portal](shared-resources/credentials.md#create-a-new-credential-asset-with-the-azure-portal). 
+
+Enter the following AWS information in the fields provided:
 
 * **Name** - **AWScred**, or an appropriate value following your naming standards
 * **User name** - Your access ID

articles/automation/automation-dsc-cd-chocolatey.md

@@ -10,6 +10,9 @@ ms.custom: references_regions, devx-track-azurepowershell
 
 # Set up continuous deployment with Chocolatey
 
+> [!NOTE]
+> Before you enable Automation State Configuration, we would like you to know that a newer version of DSC is now generally available, managed by a feature of Azure Policy named [guest configuration](../governance/machine-configuration/overview.md). The guest configuration service combines features of DSC Extension, Azure Automation State Configuration, and the most commonly requested features from customer feedback. Guest configuration also includes hybrid machine support through [Arc-enabled servers](../azure-arc/servers/overview.md).
+
 In a DevOps world, there are many tools to assist with various points in the continuous integration
 pipeline. Azure Automation [State Configuration](automation-dsc-overview.md) is a welcome new addition to the options that DevOps teams can employ.