Merge branch 'MicrosoftDocs:main' into master

Author: inward-eye

articles/active-directory/app-proxy/application-proxy-release-version-history.md

@@ -7,7 +7,7 @@ manager: karenhoran
 ms.service: active-directory
 ms.topic: reference
 ms.workload: identity
-ms.date: 04/27/2021
+ms.date: 03/24/2022
 ms.subservice: app-proxy
 ms.author: kenwith
 ms.reviewer: ashishj
@@ -26,6 +26,22 @@ Here is a list of related resources:
 | Understand Azure AD Application Proxy connectors | Find out more about [connector management](application-proxy-connectors.md) and how connectors [auto-upgrade](application-proxy-connectors.md#automatic-updates). |
 | Azure AD Application Proxy Connector Download    | [Download the latest connector](https://download.msappproxy.net/subscription/d3c8b69d-6bf7-42be-a529-3fe9c2e70c90/connector/download). |
 
+## 1.5.2846.0
+
+### Release status
+
+March 22, 2022: Released for download. This version is only available for install via the download page.
+
+### New features and improvements
+
+- Increased the number of HTTP headers supported on HTTP requests from 41 to 60.
+- Improved error handling of SSL failures between the connector and Azure services.
+- Updated the default connection limit to 200 for connector traffic when going through outbound proxy. To learn more about outbound proxy, see [Work with existing on-premises proxy servers](application-proxy-configure-connectors-with-proxy-servers.md#use-the-outbound-proxy-server).
+- Deprecated the use of ADAL and implemented MSAL as part of the connector installation flow.
+
+### Fixed issues
+- Return original error code and response instead of a 400 Bad Request code for failing websocket connect attempts.
+
 ## 1.5.1975.0
 
 ### Release status

articles/active-directory/devices/howto-vm-sign-in-azure-ad-linux.md

@@ -463,6 +463,14 @@ Solution 2: Perform these actions:
 
 Virtual machine scale set VM connections may fail if the virtual machine scale set instances are running an old model. Upgrading virtual machine scale set instances to the latest model may resolve issues, especially if an upgrade hasn’t been done since the Azure AD Login extension was installed. Upgrading an instance applies a standard virtual machine scale set configuration to the individual instance.
 
+### AllowGroups / DenyGroups statements in sshd_config cause first login to fail for Azure AD users
+
+Cause 1: If sshd_config contains either AllowGroups or DenyGroups statements, the very first login fails for Azure AD users. If the statement was added after a user already has a successful login, they can log in.
+
+Solution 1: Remove AllowGroups and DenyGroups statements from sshd_config.
+
+Solution 2: Move AllowGroups and DenyGroups to a "match user" section in sshd_config. Make sure the match template excludes Azure AD users.
+
 ## Next steps
 
 [What is a device identity?](overview.md)

articles/api-management/compute-infrastructure.md

@@ -4,7 +4,7 @@ description: Learn about the compute platform used to host your API Management s
 author: dlepow
 ms.service: api-management
 ms.topic: conceptual
-ms.date: 08/23/2021
+ms.date: 03/16/2022
 ms.author: danlep
 ms.custom: 
 ---
@@ -14,47 +14,82 @@ As a cloud platform-as-a-service (PaaS), Azure API Management abstracts many det
 
 To enhance service capabilities, we're upgrading the API Management compute platform version - the Azure compute resources that host the service - for instances in several [service tiers](api-management-features.md). This article gives you context about the upgrade and the major versions of API Management's compute platform: `stv1` and `stv2`.
 
-We've minimized impacts of this upgrade on your operation of your API Management instance. However, if your instance is connected to an [Azure virtual network](virtual-network-concepts.md), you'll need to change some network configuration settings when the instance upgrades to the `stv2` platform version.
+We've minimized impacts of this upgrade on your operation of your API Management instance. Upgrades are managed by the platform, and new instances created in service tiers other than the Consumption tier are mostly hosted on the `stv2` platform. However, for existing instances hosted on the `stv1` platform, you have options to trigger migration to the `stv2` platform.
 
-## Compute platform versions
+## What are the compute platforms for API Management?
 
-| Version | Description | Architecture | API Management tiers |
-| -------| ----------| ----------- | ------- |
-| `stv2` | Single-tenant v2 | [Virtual machine scale sets](../virtual-machine-scale-sets/overview.md) | Developer, Basic, Standard, and Premium |
-| `stv1` |  Single-tenant v1 | [Cloud Service (classic)](../cloud-services/cloud-services-choose-me.md) | Developer, Basic, Standard, and Premium |
-| `mtv1` | Multi-tenant v1 |  [App service](../app-service/overview.md) | Consumption |
+The following table summarizes the compute platforms currently used for instances in the different API Management service tiers. 
 
+| Version | Description | Architecture | Tiers |
+| -------| ----------| ----------- | ---- |
+| `stv2` | Single-tenant v2 | [Virtual machine scale sets](../virtual-machine-scale-sets/overview.md) | Developer, Basic, Standard, Premium<sup>1</sup> |
+| `stv1` |  Single-tenant v1 | [Cloud Service (classic)](../cloud-services/cloud-services-choose-me.md) |  Developer, Basic, Standard, Premium | 
+| `mtv1` | Multi-tenant v1 |  [App service](../app-service/overview.md) |  Consumption |
+
+<sup>1</sup> Newly created instances in these tiers, created using the Azure portal or specifying API version 2021-01-01-preview or later. Includes some existing instances in Developer and Premium tiers configured with virtual networks or availability zones.
 
 ## How do I know which platform hosts my API Management instance?
 
-### Developer, Basic, Standard, and Premium tiers
+Starting with API version `2021-04-01-preview`, the API Management instance exposes a read-only `platformVersion` property that shows this platform information. 
+
+You can find this information using the portal or the API Management [REST API](/rest/api/apimanagement/current-ga/api-management-service/get).
+
+To find the `platformVersion` property in the portal:
+
+1. Go to your API Management instance.
+1. On the **Overview** page, select **JSON view**.
+1. In **API version**, select a current version such as `2021-08-01` or later.
+1. In the JSON view, scroll down to find the `platformVersion` property.
+
+    :::image type="content" source="media/compute-infrastructure/platformversion property.png" alt-text="platformVersion property in JSON view":::
+
+## How do I migrate to the `stv2` platform? 
 
-* Instances with virtual network connections created or updated using the Azure portal after **April 2021**, or using the API Management REST API version **2021-01-01-preview** or later, are hosted on the `stv2` platform
-* If you enabled [zone redundancy](zone-redundancy.md) in your Premium tier instance, it's hosted on the `stv2` platform
-* Otherwise, the instance is hosted on the `stv1` platform
+The following table summarizes migration options for instances in the different API Management service tiers that are currently hosted on the `stv1` platform. See the linked documentation for detailed steps.
 
-> [!TIP]
-> Starting with API version `2021-04-01-preview`, the API Management instance has a read-only `PlatformVersion` property that shows this platform information. 
+> [!NOTE]
+> Check the [`platformVersion` property](#how-do-i-know-which-platform-hosts-my-api-management-instance) before starting migration, and after your configuration change.
 
-### Consumption tier
+|Tier  |Migration options  |
+|---------|---------|
+|Premium     |  1. Enable [zone redundancy](zone-redundancy.md)<br/> -or-<br/> 2. Create new [external](api-management-using-with-vnet.md) or [internal](api-management-using-with-internal-vnet.md) VNet connection<sup>1</sup><br/> -or-<br/> 3. Update existing [VNet configuration](#update-vnet-configuration)    |   
+|Developer     | 1. Create new [external](api-management-using-with-vnet.md) or [internal](api-management-using-with-internal-vnet.md) VNet connection<sup>1</sup><br/>-or-<br/> 2. Update existing [VNet configuration](#update-vnet-configuration)   |   
+| Standard | 1. [Change your service tier](upgrade-and-scale.md#change-your-api-management-service-tier) (downgrade to Developer or upgrade to Premium). Follow migration options in new tier.<br/>-or-<br/>2. Deploy new instance in existing tier and migrate configurations<sup>2</sup> |
+| Basic | 1. [Change your service tier](upgrade-and-scale.md#change-your-api-management-service-tier) (downgrade to Developer or upgrade to Premium). Follow migration options in new tier<br/>-or-<br/>2. Deploy new instance in existing tier and migrate configurations<sup>2</sup> |
+| Consumption | Not applicable |
 
-* All instances are hosted on the `mtv1` platform
+<sup>1</sup> Use Azure portal or specify API version 2021-01-01-preview or later.
+ 
+<sup>2</sup> Migrate configurations with the following mechanisms: [Backup and restore](api-management-howto-disaster-recovery-backup-restore.md), [Migration script for the developer portal](automate-portal-deployments.md), [APIOps with Azure API Management](/azure/architecture/example-scenario/devops/automated-api-deployments-apiops).
 
-## How do I upgrade to the `stv2` platform? 
+## Update VNet configuration
 
-Update is only possible for an instance in the Developer, Basic, Standard, or  Premium tier. 
+If you have an existing Developer or Premium tier instance that's connected to a virtual network and hosted on the `stv1` platform, trigger migration to the `stv2` platform by updating the VNet configuration. 
 
-Create or update the virtual network connection, or availability zone configuration, in an API Management instance using:
+### Prerequisites
 
-* [Azure portal](https://portal.azure.com)
-* Azure REST API, or ARM template, specifying API version **2021-01-01-preview** or later
+* A new or existing virtual network and subnet in the same region and subscription as your API Management instance.
 
-> [!IMPORTANT]
-> When you update the compute platform version of an instance connected to an Azure [virtual network](virtual-network-concepts.md):
-> * You must provide a Standard SKU [public IPv4 address](../virtual-network/ip-services/public-ip-addresses.md#sku) resource
+* A new or existing Standard SKU [public IPv4 address](../virtual-network/ip-services/public-ip-addresses.md#sku) resource in the same region and subscription as your API Management instance.
+
+To update the existing external or internal VNet configuration using the portal:
+
+1. Navigate to your API Management instance.
+1. In the left menu, select **Network** > **Virtual network**.
+1. Select the network connection in the location you want to update.
+1. Select the virtual network, subnet, and IP address resources you want to configure, and select **Apply**.
+1. Continue configuring VNet settings for the remaining locations of your API Management instance.
+1. In the top navigation bar, select **Save**, then select **Apply network configuration**.
+
+The virtual network configuration is updated, and the instance is migrated to the `stv2` platform. Confirm migration by checking the [`platformVersion` property](#how-do-i-know-which-platform-hosts-my-api-management-instance).
+
+> [!NOTE]
+> * Updating the VNet configuration takes from 15 to 45 minutes to complete.
 > * The VIP address(es) of your API Management instance will change.
 
+
 ## Next steps
 
 * Learn more about using a [virtual network](virtual-network-concepts.md) with API Management.
 * Learn more about [zone redundancy](zone-redundancy.md).
+

articles/api-management/media/compute-infrastructure/platformversion property.png

@@ -1,8 +1,8 @@
 ---
 title: Deploy template - Azure portal
-description: Learn how to create your first Azure Resource Manager template (ARM template) using the Azure portal, and how to deploy it.
+description: Learn how to create your first Azure Resource Manager template (ARM template) using the Azure portal. You also learn how to deploy it.
 author: mumian
-ms.date: 04/27/2021
+ms.date: 03/24/2022
 ms.topic: quickstart
 ms.author: jgao
 ms.custom: contperf-fy21q3, mode-ui
@@ -11,7 +11,9 @@ ms.custom: contperf-fy21q3, mode-ui
 
 # Quickstart: Create and deploy ARM templates by using the Azure portal
 
-Learn how to generate an Azure Resource Manager template (ARM template) using the Azure portal, and the process of editing and deploying the template from the portal. ARM templates are JSON files that define the resources you need to deploy for your solution. To understand the concepts associated with deploying and managing your Azure solutions, see [template deployment overview](overview.md).
+In this quickstart, you learn how to generate an Azure Resource Manager template (ARM template) in the Azure portal. You edit and deploy the template from the portal. 
+
+ARM templates are JSON files that define the resources you need to deploy for your solution. To understand the concepts associated with deploying and managing your Azure solutions, see [template deployment overview](overview.md).
 
 After completing the tutorial, you deploy an Azure Storage account. The same process can be used to deploy other Azure resources.
 
@@ -21,9 +23,9 @@ If you don't have an Azure subscription, [create a free account](https://azure.m
 
 ## Generate a template using the portal
 
-Creating an ARM template from scratch is not an easy task, especially if you are new to Azure deployment and you are not familiar with the JSON format. Using the Azure portal, you can configure a resource, for example an Azure Storage account. Before you deploy the resource, you can export your configuration into a template. You can save the template and reuse it in the future.
+If you're new to Azure deployment, you may find it challenging to create an ARM template. To get around this challenge, you can configure your deployment in the Azure portal and download the corresponding ARM template. You save the template and reuse it in the future.
 
-Many experienced template developers use this method to generate templates when they try to deploy Azure resources that they are not familiar with. For more information about exporting templates by using the portal, see [Export resource groups to templates](../management/manage-resource-groups-portal.md#export-resource-groups-to-templates). The other way to find a working template is from [Azure Quickstart templates](https://azure.microsoft.com/resources/templates/).
+Many experienced template developers use this method to generate templates when they try to deploy Azure resources that they aren't familiar with. For more information about exporting templates by using the portal, see [Export resource groups to templates](../management/manage-resource-groups-portal.md#export-resource-groups-to-templates). The other way to find a working template is from [Azure Quickstart templates](https://azure.microsoft.com/resources/templates/).
 
 1. In a web browser, go to the [Azure portal](https://portal.azure.com) and sign in.
 1. From the Azure portal menu, select **Create a resource**.
@@ -49,12 +51,12 @@ Many experienced template developers use this method to generate templates when
     > [!NOTE]
     > Some of the exported templates require some edits before you can deploy them.
 
-1. Select **Review + create** on the bottom of the screen. Do not select **Create** in the next step.
+1. Select **Review + create** on the bottom of the screen. Don't select **Create** in the next step.
 1. Select **Download a template for automation** on the bottom of the screen. The portal shows the generated template:
 
     ![Generate a template from the portal](./media/quickstart-create-templates-use-the-portal/azure-resource-manager-template-tutorial-create-storage-account-template.png)
 
-    The main pane shows the template. It is a JSON file with six top-level elements - `schema`, `contentVersion`, `parameters`, `variables`, `resources`, and `output`. For more information, see [Understand the structure and syntax of ARM templates](./syntax.md)
+    The main pane shows the template. It's a JSON file with six top-level elements - `schema`, `contentVersion`, `parameters`, `variables`, `resources`, and `output`. For more information, see [Understand the structure and syntax of ARM templates](./syntax.md)
 
     There are nine parameters defined. One of them is called **storageAccountName**. The second highlighted part on the previous screenshot shows how to reference this parameter in the template. In the next section, you edit the template to use a generated name for the storage account.
 
@@ -82,6 +84,9 @@ Azure requires that each Azure service has a unique name. The deployment could f
 
 1. Select **Build your own template in the editor**.
 1. Select **Load file**, and then follow the instructions to load template.json you downloaded in the last section.
+
+   After the file is loaded, you may notice a warning that the template schema wasn't loaded. You can ignore this warning. The schema is valid.
+
 1. Make the following three changes to the template:
 
     ![Azure Resource Manager templates](./media/quickstart-create-templates-use-the-portal/azure-resource-manager-template-tutorial-edit-storage-account-template-revised.png)
@@ -186,7 +191,7 @@ Azure requires that each Azure service has a unique name. The deployment could f
 
     ![Azure Resource Manager templates deployment resource group](./media/quickstart-create-templates-use-the-portal/azure-resource-manager-template-tutorial-portal-deployment-resource-group.png)
 
-    You can see the deployment status was successful, and there is only one storage account in the resource group. The storage account name is a unique string generated by the template. To learn more about using Azure storage accounts, see [Quickstart: Upload, download, and list blobs using the Azure portal](../../storage/blobs/storage-quickstart-blobs-portal.md).
+    You can see the deployment status was successful, and there's only one storage account in the resource group. The storage account name is a unique string generated by the template. To learn more about using Azure storage accounts, see [Quickstart: Upload, download, and list blobs using the Azure portal](../../storage/blobs/storage-quickstart-blobs-portal.md).
 
 ## Clean up resources
 
@@ -199,7 +204,7 @@ When the Azure resources are no longer needed, clean up the resources you deploy
 
 ## Next steps
 
-In this tutorial, you learned how to generate a template from the Azure portal, and how to deploy the template using the portal. The template used in this Quickstart is a simple template with one Azure resource. When the template is complex, it is easier to use Visual Studio Code or Visual Studio to develop the template. To learn more about template development, see our new beginner tutorial series:
+In this tutorial, you learned how to generate a template from the Azure portal, and how to deploy the template using the portal. The template used in this Quickstart is a simple template with one Azure resource. When the template is complex, it's easier to use Visual Studio Code or Visual Studio to develop the template. To learn more about template development, see our new beginner tutorial series:
 
 > [!div class="nextstepaction"]
 > [Beginner tutorials](./template-tutorial-create-first-template.md)