Merge pull request #78845 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to master to sync with https://github.com/Microsoft/azure-docs (branch master)

Author: huypub

articles/active-directory/authentication/howto-password-ban-bad-configure.md

@@ -21,7 +21,7 @@ Many organizations find their users create passwords using common local words su
 
 ## Add to the custom list
 
-Configuring the custom banned password list requires an Azure Active Directory Premium P1 or P2 license. For more detailed information about Azure Active Directory licensing, see the [Azure Active Directory pricing page](https://azure.microsoft.com/pricing/details/active-directory/).|
+Configuring the custom banned password list requires an Azure Active Directory Premium P1 or P2 license. For more detailed information about Azure Active Directory licensing, see the [Azure Active Directory pricing page](https://azure.microsoft.com/pricing/details/active-directory/).
 
 1. Sign in to the [Azure portal](https://portal.azure.com) and browse to **Azure Active Directory**, **Authentication methods**, then **Password protection**.
 1. Set the option **Enforce custom list**, to **Yes**.

articles/active-directory/manage-apps/application-sign-in-problem-application-error.md

@@ -68,7 +68,7 @@ Next time the user signs in to the application, Azure AD send the new attribute
 
 The sign-in to the application is failing because the SAML response is missing attributes such as roles or because the application is expecting a different format or value for the EntityID attribute.
 
-If you're using [Azure AD automated user provisioning](https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/user-provisioning) to create, maintain, and remove users in the application. Then, verify that the user has been successfully provisioned to the SaaS application. For more information, see [No users are being provisioned to an Azure AD Gallery application](https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-provisioning-config-problem-no-users-provisioned)
+If you're using [Azure AD automated user provisioning](https://docs.microsoft.com/azure/active-directory/manage-apps/user-provisioning) to create, maintain, and remove users in the application. Then, verify that the user has been successfully provisioned to the SaaS application. For more information, see [No users are being provisioned to an Azure AD Gallery application](https://docs.microsoft.com/azure/active-directory/manage-apps/application-provisioning-config-problem-no-users-provisioned)
 
 ## Add an attribute in the Azure AD application configuration:
 

articles/active-directory/manage-apps/use-scim-to-provision-users-and-groups.md

@@ -78,7 +78,7 @@ Applications that support the SCIM profile described in this article can be conn
    *Figure 3: Configuring provisioning in the Azure portal*
 
 1. In the **Tenant URL** field, enter the URL of the application's SCIM endpoint. Example: https://api.contoso.com/scim/v2/
-1. If the SCIM endpoint requires an OAuth bearer token from an issuer other than Azure AD, then copy the required OAuth bearer token into the optional **Secret Token** field. If this field is left blank, Azure AD includes an OAuth bearer token issued from Azure AD with each request. Apps that use Azure AD as an identity provider can validate this Azure AD-issued token.
+1. If the SCIM endpoint requires an OAuth bearer token from an issuer other than Azure AD, then copy the required OAuth bearer token into the optional **Secret Token** field. 
 1. Select **Test Connection** to have Azure Active Directory attempt to connect to the SCIM endpoint. If the attempt fails, error information is displayed.  
 
     >[!NOTE]
@@ -664,8 +664,7 @@ The easiest way to implement a SCIM endpoint that can accept provisioning reques
 
 1. In the **Tenant URL** field, enter the internet-exposed URL and port of your SCIM endpoint. The entry is something like http://testmachine.contoso.com:9000 or http://\<ip-address>:9000/, where \<ip-address> is the internet exposed IP address. 
 
-1. If the SCIM endpoint requires an OAuth bearer token from an issuer other than Azure AD, then copy the required OAuth bearer token into the optional **Secret Token** field. If this field is left blank, Azure AD will include an OAuth bearer token issued from Azure AD with each request. Apps that use Azure AD as an identity provider can validate this Azure AD -issued token.
-
+1. If the SCIM endpoint requires an OAuth bearer token from an issuer other than Azure AD, then copy the required OAuth bearer token into the optional **Secret Token** field. 
 1. Select **Test Connection** to have Azure Active Directory attempt to connect to the SCIM endpoint. If the attempt fails, error information is displayed.  
 
     >[!NOTE]

articles/frontdoor/waf-front-door-configure-ip-restriction.md

@@ -58,7 +58,7 @@ az network waf-policy custom-rule create \
   --name IPAllowListRule \
   --priority 1 \
   --rule-type MatchRule \
-  --match-condition RemoteAddr IPMatch ["<ip-address-range-1>","<ip-address-range-2>"] \
+  --match-condition RemoteAddr IPMatch "<ip-address-range-1>","<ip-address-range-2>" \
   --action Allow \
   --resource-group <resource-group-name> \
   --policy-name IPAllowPolicyExampleCLI

articles/hdinsight/hdinsight-restrict-outbound-traffic.md

@@ -56,7 +56,7 @@ On the **Add application rule collection** screen, complete the following steps:
         1. Enter `https:443` under **Protocol:Port** and `login.windows.net` under **Target FQDNS**.
     1. If your cluster is backed by WASB, then add a rule for WASB:
         1. In the **Target FQDNs** section, provide a **Name**, and set **Source addresses** to `*`.
-        1. Enter `http:80,https:443` under **Protocol:Port** and the storage account url under **Target FQDNS**. The format will be similar to <storage_account_name.blob.core.windows.net>. To use ONLY https connections make sure ["secure transfer required"](https://docs.microsoft.com/en-us/azure/storage/common/storage-require-secure-transfer) is enabled on the storage account.
+        1. Enter `http:80,https:443` under **Protocol:Port** and the storage account url under **Target FQDNS**. The format will be similar to <storage_account_name.blob.core.windows.net>. To use ONLY https connections make sure ["secure transfer required"](https://docs.microsoft.com/azure/storage/common/storage-require-secure-transfer) is enabled on the storage account.
 1. Click **Add**.
 
 ![Title: Enter application rule collection details](./media/hdinsight-restrict-outbound-traffic/hdinsight-restrict-outbound-traffic-add-app-rule-collection-details.png)
@@ -156,7 +156,7 @@ AzureDiagnostics | where msg_s contains "Deny" | where TimeGenerated >= ago(1h)
 Integrating your Azure Firewall with Azure Monitor logs is useful when first getting an application working when you are not aware of all of the application dependencies. You can learn more about Azure Monitor logs from [Analyze log data in Azure Monitor](../azure-monitor/log-query/log-query-overview.md)
 
 ## Access to the cluster
-After having the firewall setup successfully, you can use the internal endpoint (https://<clustername>-int.azurehdinsight.net) to access the Ambari from within the VNET. To use the public endpoint (https://<clustername>.azurehdinsight.net) or ssh endpoint (<clustername>-ssh.azurehdinsight.net), make sure you have the right routes in the route table and NSG rules setup to avoid the asymetric routing issue explained [here](https://docs.microsoft.com/en-us/azure/firewall/integrate-lb).
+After having the firewall setup successfully, you can use the internal endpoint (https://<clustername>-int.azurehdinsight.net) to access the Ambari from within the VNET. To use the public endpoint (https://<clustername>.azurehdinsight.net) or ssh endpoint (<clustername>-ssh.azurehdinsight.net), make sure you have the right routes in the route table and NSG rules setup to avoid the asymetric routing issue explained [here](https://docs.microsoft.com/azure/firewall/integrate-lb).
 
 ## Configure another network virtual appliance
 

articles/machine-learning/service/how-to-deploy-and-where.md

@@ -185,7 +185,7 @@ def run(data):
 
 #### Example script with dictionary input (Support consumption from Power BI)
 
-The following example demonstrates how to define input data as <key: value> dictionary, using Dataframe. This method is supported for consuming the deployed web service from Power BI ([learn more on how to consume the web service from Power BI](https://docs.microsoft.com/en-us/power-bi/service-machine-learning-integration)):
+The following example demonstrates how to define input data as <key: value> dictionary, using Dataframe. This method is supported for consuming the deployed web service from Power BI ([learn more on how to consume the web service from Power BI](https://docs.microsoft.com/power-bi/service-machine-learning-integration)):
 
 ```python
 import json

articles/machine-learning/service/how-to-troubleshoot-deployment.md

@@ -160,12 +160,12 @@ If you encounter problems deploying a model to ACI or AKS, try deploying it as a
 To deploy locally, modify your code to use `LocalWebservice.deploy_configuration()` to create a deployment configuration. Then use `Model.deploy()` to deploy the service. The following example deploys a model (contained in the `model` variable) as a local web service:
 
 ```python
-from azureml.core.model import InferenceConfig
+from azureml.core.model import InferenceConfig,Model
 from azureml.core.webservice import LocalWebservice
 
 # Create inference configuration. This creates a docker image that contains the model.
 inference_config = InferenceConfig(runtime= "python", 
-                                   execution_script="score.py",
+                                   entry_script="score.py",
                                    conda_file="myenv.yml")
 
 # Create a local deployment, using port 8890 for the web service endpoint