Merge pull request #171159 from MicrosoftDocs/master

9/01 PM Publish

Author: huypub

.github/workflows/stale.yml

@@ -20,7 +20,7 @@ jobs:
         exempt-pr-labels: keep-open
         operations-per-run: 800
         ascending: true
-        start-date: '2018-11-29'
+        start-date: '2020-03-03'
         stale-pr-message: >
           This pull request has been inactive for at least 14 days.
           If you are finished with your changes, don't forget to sign off. See the [contributor guide](https://review.docs.microsoft.com/help/contribute/contribute-how-to-write-pull-request-automation) for instructions.

.openpublishing.redirection.json

@@ -4378,6 +4378,11 @@
       "redirect_url": "/azure/security/benchmarks",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/azure-resource-manager/templates/view-resources.md",
+      "redirect_url": "/azure/azure-resource-manager/templates/export-template-portal",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/azure-resource-manager/management/azure-resource-manager-security-controls.md",
       "redirect_url": "/azure/azure-resource-manager/management/security-baseline",
@@ -5373,6 +5378,21 @@
       "redirect_url": "/azure/architecture/vdc/networking-virtual-datacenter",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/automation/automation-quickstart-create-account.md",
+      "redirect_url": "/azure/automation/quickstarts/create-account-portal",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/automation/automation-quickstart-create-runbook.md",
+      "redirect_url": "/azure/automation/quickstarts/create-powershell-runbook",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/automation/automation-quickstart-dsc-configuration.md",
+      "redirect_url": "/azure/automation/quickstarts/dsc-configuration",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/automation/automation-change-tracking.md",
       "redirect_url": "/azure/automation/change-tracking",
@@ -22348,21 +22368,6 @@
       "redirect_url": "/azure/media-services/live-video-analytics-edge/http-extension-protocol",
       "redirect_document_id": true
     },
-    {
-      "source_path_from_root": "/articles/media-services/previous/media-services-fmp4-live-ingest-overview.md",
-      "redirect_url": "/azure/media-services/media-services-fmp4-live-ingest-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path_from_root": "/articles/media-services/previous/media-services-specifications-live-timed-metadata.md",
-      "redirect_url": "/azure/media-services/media-services-specifications-live-timed-metadata",
-      "redirect_document_id": false
-    },
-    {
-      "source_path_from_root": "/articles/media-services/previous/media-services-specifications-ms-sstr-amendment-hevc.md",
-      "redirect_url": "/azure/media-services/media-services-specifications-ms-sstr-amendment-hevc",
-      "redirect_document_id": false
-    },
     {
       "source_path_from_root": "/articles/media-services/media-services-dotnet-connect-programmatically.md",
       "redirect_url": "/azure/media-services/media-services-use-aad-auth-to-access-ams-api",

articles/active-directory-domain-services/faqs.yml

@@ -11,7 +11,7 @@ metadata:
   ms.subservice: domain-services
   ms.workload: identity
   ms.topic: how-to
-  ms.date: 06/18/2021
+  ms.date: 09/01/2021
   ms.author: justinha
 
 title: Frequently asked questions (FAQs) about Azure Active Directory (AD) Domain Services
@@ -88,7 +88,7 @@ sections:
       - question: |
           Can I move an existing Azure AD Domain Services managed domain to a different subscription, resource group, region, or virtual network?
         answer: |
-          No. After you create an Azure AD Domain Services managed domain, you can't then move the managed domain to a different resource group, virtual network, subscription, etc. Take care to select the most appropriate subscription, resource group, region, and virtual network when you deploy the managed domain.
+          No. After you create an Azure AD Domain Services managed domain, you can't then move the managed domain to a different subscription, resource group, region, virtual network, or subnet. Take care to select the most appropriate subscription, resource group, region, virtual network, and subnet when you deploy the managed domain.
 
       - question: |
           Can I rename an existing Azure AD Domain Services domain name?

articles/active-directory/fundamentals/whats-new.md

@@ -91,7 +91,7 @@ For more information on My Apps, read [Sign in and start apps from the My Apps p
 **Service category:** MS Graph  
 **Product capability:** Developer Experience
 
-Application authentication method policies in MS Graph which allow IT admins to enforce lifetime on application password secret credential or block the use of secrets altogether. Policies can be enforced for an entire tenant as a default configuration and it can be scoped to specific applications or service principals. [Learn more](/graph/api/resources/policy-overview?view=graph-rest-1.0).
+Application authentication method policies in MS Graph which allow IT admins to enforce lifetime on application password secret credential or block the use of secrets altogether. Policies can be enforced for an entire tenant as a default configuration and it can be scoped to specific applications or service principals. [Learn more](/graph/api/resources/policy-overview?view=graph-rest-beta).
 
 ---
 
@@ -1249,4 +1249,4 @@ The refreshed Authentication Methods Activity dashboard gives admins an overview
 
 Refresh and session token lifetimes configurability in CTL are retired. Azure Active Directory no longer honors refresh and session token configuration in existing policies. [Learn more](../develop/active-directory-configurable-token-lifetimes.md#token-lifetime-policies-for-refresh-tokens-and-session-tokens).
 
----
+---

articles/active-directory/saas-apps/animaker-tutorial.md

@@ -69,12 +69,26 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
    ![Edit Basic SAML Configuration](common/edit-urls.png)
 
-1. On the **Basic SAML Configuration** section, the user does not have to perform any step as the app is already pre-integrated with Azure.
+1. On the **Set up single sign-on with SAML** page, enter the values for the following fields:
+
+    a. In the **Identifier** text box, type a URL using the following pattern:
+    `https://app.animaker.com/login/samlsuccess/<Anyone_Home_Provided_Unique_Value>`
+
+    b. In the **Reply URL** text box, type a URL using the following pattern:
+    `https://app.animaker.com/login/samlsuccess/<Anyone_Home_Provided_Unique_Value>`
+
+	> [!NOTE]
+	> These values are not real. Update these values with the actual Identifier and Reply URL. Contact [Animaker support team](mailto:[email protected]) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+
 
 1. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode:
 
     In the **Sign-on URL** text box, type the URL:
-    `https://app.animaker.com/login/samlsuccess/azure/`
+    `https://app.animaker.com/login/samlsuccess/<Anyone_Home_Provided_Unique_Value>`
+
+1. Animaker application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes, where as **nameidentifier** is mapped with **user.userprincipalname**. Appraisd application expects **nameidentifier** to be mapped with **user.mail**, so you need to edit the attribute mapping by clicking on **Edit** icon and change the attribute mapping.
+
+	![Screenshot shows the User Attributes pane with the edit icon highlighted.](common/edit-attribute.png)
 
 1. On the **Set up single sign-on with SAML** page, In the **SAML Signing Certificate** section, click copy button to copy **App Federation Metadata Url** and save it on your computer.
 
@@ -110,7 +124,7 @@ To configure single sign-on on **Animaker** side, you need to send the **App Fed
 
 ### Create Animaker test user
 
-In this section, you create a user called Britta Simon in Animaker. Work with [Animaker support team](mailto:[email protected]) to add the users in the Animaker platform. Users must be created and activated before you use single sign-on.
+In this section, you create a user called Britta Simon in Animaker. Work with [Animaker support team](mailto:[email protected]) to add the users in the Animaker platform. Users must be created and activated before you use single sign-on.
 
 ## Test SSO 
 

articles/aks/csi-secrets-store-driver.md

@@ -19,6 +19,10 @@ The Secrets Store CSI Driver for Kubernetes allows for the integration of Azure
 
 - Before you start, install the latest version of the [Azure CLI](/cli/azure/install-azure-cli-windows) and the *aks-preview* extension.
 
+### Supported Kubernetes versions
+
+The minimum recommended Kubernetes version for this feature is 1.18. 
+
 ## Features
 
 - Mount secrets, keys, and/or certs to a pod using a CSI volume

articles/app-service/how-to-zone-redundancy.md

@@ -0,0 +1,96 @@
+---
+title: Availability Zone support for public multi-tenant App Service
+description: Learn how to deploy your App Service so that your apps are zone redundant.
+author: seligj95
+ms.topic: article
+ms.date: 09/01/2021
+ms.author: jordanselig
+ms.custom: references_regions
+---
+# Availability Zone support for public multi-tenant App Service
+
+Microsoft Azure App Service can be deployed into [Availability Zones (AZ)](../availability-zones/az-overview.md) which enables [high availability](https://en.wikipedia.org/wiki/High_availability) for your apps. This architecture is also known as zone redundancy.
+
+An app lives in an App Service plan (ASP), and the App Service plan exists in a single scale unit. When an App Service is configured to be zone redundant, the platform automatically spreads the VM instances in the App Service plan across all three zones in the selected region. If a capacity larger than three is specified and the number of instances is divisible by three, the instances will be spread evenly. Otherwise, instance counts beyond 3*N will get spread across the remaining one or two zones.
+
+## Requirements
+
+Zone redundancy, is a property of the App Service plan. The following are the current requirements/limitations for enabling zone redundancy:
+
+- Both Windows and Linux are supported
+- Requires either **Premium v2** or **Premium v3** App Service plans
+- Minimum instance count of three
+  - The platform will enforce this minimum count behind the scenes if you specify an instance count fewer than three
+- Can be enabled in any of the following regions:
+  - West US 2
+  - West US 3
+  - Central US
+  - East US
+  - East US 2
+  - Canada Central
+  - Brazil South
+  - North Europe
+  - West Europe
+  - Germany West Central
+  - France Central
+  - UK South
+  - Japan East
+  - Southeast Asia
+  - Australia East
+- Zone redundancy can only be specified when creating a **new** App Service plan
+  - Currently you can't convert a pre-existing App Service plan. See next bullet for details on how to create a new App Service plan that supports zone redundancy.
+- Zone redundancy is only supported in the newer portion of the App Service footprint
+  - Currently if you're running on Pv3, then it is possible that you're already on a footprint that supports zone redundancy. In this scenario, you can create a new App Service plan and specify zone redundancy when creating the new App Service plan.
+  - If you aren't using Pv3 or a scale unit that supports zone redundancy, are in an unsupported region, or are unsure, follow the steps below:
+    - Create a new resource group in a region that is supported
+        - This ensures the App Service control plane can find a scale unit in the selected region that supports zone redundancy
+    - Create a new App Service plan (and app) in a region of your choice using the **new** resource group
+- Must be created using [Azure Resource Manager (ARM) templates](../azure-resource-manager/templates/overview.md)
+
+In the case when a zone goes down, the App Service platform will detect lost instances and automatically attempt to find new replacement instances. If you also have autoscale configured, and if it decides more instances are needed, autoscale will also issue a request to App Service to add more instances (autoscale behavior is independent of App Service platform behavior). It's important to note there's no guarantee that requests for additional instances in a zone-down scenario will succeed since back filling lost instances occurs on a best-effort basis. The recommended solution is to provision your App Service plans to account for losing a zone as described previously in the next section this article.
+
+Applications deployed in an App Service plan enabled for zone redundancy will continue to run and serve traffic even if other zones in the same region suffer an outage. However it's possible that non-runtime behaviors including application service plan scaling, application creation, application configuration, and application publishing may still be impacted from an outage in other Availability Zones. Zone redundancy for App Service plans only ensures continued uptime for deployed applications.
+
+## How to Deploy a Zone Redundant App Service
+
+Currently, you need to use an ARM template to create a zone redundant App Service. Once created via an ARM template, the App Service plan can be viewed and interacted with via the Azure portal and CLI tooling. An ARM template is only needed for the initial creation of the App Service plan.
+
+The only changes needed in an ARM template to specify a zone redundant App Service are the new ***zoneRedundant*** property (required) and optionally the App Service plan instance count (***capacity***) on the [Microsoft.Web/serverfarms](https://docs.microsoft.com/azure/templates/microsoft.web/serverfarms?tabs=json) resource. If you don't specify a capacity, the platform defaults to 3. The ***zoneRedundant*** property should be set to ***true*** and ***capacity*** should be set based on the workload requirement, but no less than three. A good rule of thumb to choose capacity is to ensure sufficient instances for the application such that losing one zone of instances leaves sufficient capacity to handle expected load.
+
+> [!TIP]
+> To decide instance capacity, you can use the following calculation:
+>
+> Since the platform spreads VMs across 3 zones and you need to account for at least the failure of 1 zone, multiply peak workload instance count by a factor of zones/(zones-1), or 3/2. For example, if your typical peak workload requires 4 instances, you should provision 6 instances: (2/3 * 6 instances) = 4 instances.
+>
+
+The ARM template snippet below shows the new ***zoneRedundant*** property and ***capacity*** specification.
+
+```json
+"resources": [
+  {
+    "type": "Microsoft.Web/serverfarms",
+    "apiVersion": "2018-02-01",
+    "name": "your-appserviceplan-name-here",
+    "location": "West US 3",
+    "sku": {
+        "name": "P1v3",
+        "tier": "PremiumV3",
+        "size": "P1v3",
+        "family": "Pv3",
+        "capacity": 3
+    },
+    "kind": "app",
+    "properties": {
+        "zoneRedundant": true
+    }
+  }
+]
+```
+
+## Next steps
+
+> [!div class="nextstepaction"]
+> [Learn how to create and deploy ARM templates](../azure-resource-manager/templates/quickstart-create-templates-use-visual-studio-code.md)
+
+> [!div class="nextstepaction"]
+> [ARM Quickstart Templates](https://azure.microsoft.com/resources/templates/)