Merge pull request #215033 from MicrosoftDocs/main

Publish to Live, Wednesday 4AM PST, 10/19

Author: PMEds28

.openpublishing.redirection.json

@@ -34,6 +34,6 @@
             "source_path": "articles/virtual-desktop/azure-stack-hci-faq.yml",
             "redirect_url": "/azure/virtual-desktop/azure-stack-hci",
             "redirect_document_id": false
-        }       
+        }
     ]
 }

.openpublishing.redirection.virtual-desktop.json

@@ -100,7 +100,7 @@ Currently, the only way to get an app to sign in users with only personal Micros
 
 ## Client ID
 
-The client ID is the unique **Application (client) ID** assigned to your app by Azure AD when the app was registered.
+The client ID is the unique **Application (client) ID** assigned to your app by Azure AD when the app was registered. You can find the **Application (Client) ID** in your Azure subscription by Azure AD => Enterprise applications => Application ID.
 
 ## Redirect URI
 

articles/active-directory/develop/msal-client-application-configuration.md

@@ -37,7 +37,7 @@ The scenario outlined in this tutorial assumes that you already have the followi
 * [An Azure AD tenant](../develop/quickstart-create-new-tenant.md)
 * A user account in Azure AD with [permission](../roles/permissions-reference.md) to configure provisioning (Application Administrator, Cloud Application Administrator, Application Owner, or Global Administrator)
 * [A Snowflake tenant](https://www.Snowflake.com/pricing/)
-* A user account in Snowflake with admin permissions
+* At least one user in Snowflake with the **ACCOUNTADMIN** role.
 
 ## Step 1: Plan your provisioning deployment
 
@@ -65,19 +65,19 @@ Before you configure Snowflake for automatic user provisioning with Azure AD, yo
     select system$generate_scim_access_token('AAD_PROVISIONING');
    ```
 
-2. Use the ACCOUNTADMIN role.
+1. Use the ACCOUNTADMIN role.
 
     ![Screenshot of a worksheet in the Snowflake UI with the SCIM access token called out.](media/Snowflake-provisioning-tutorial/step-2.png)
 
-3. Create the custom role AAD_PROVISIONER. All users and roles in Snowflake created by Azure AD will be owned by the scoped down AAD_PROVISIONER role.
+1. Create the custom role AAD_PROVISIONER. All users and roles in Snowflake created by Azure AD will be owned by the scoped down AAD_PROVISIONER role.
 
     ![Screenshot showing the custom role.](media/Snowflake-provisioning-tutorial/step-3.png)
 
-4. Let the ACCOUNTADMIN role create the security integration using the AAD_PROVISIONER custom role.
+1. Let the ACCOUNTADMIN role create the security integration using the AAD_PROVISIONER custom role.
 
     ![Screenshot showing the security integrations.](media/Snowflake-provisioning-tutorial/step-4.png)
 
-5. Create and copy the authorization token to the clipboard and store securely for later use. Use this token for each SCIM REST API request and place it in the request header. The access token expires after six months and a new access token can be generated with this statement.
+1. Create and copy the authorization token to the clipboard and store securely for later use. Use this token for each SCIM REST API request and place it in the request header. The access token expires after six months and a new access token can be generated with this statement.
 
     ![Screenshot showing the token generation.](media/Snowflake-provisioning-tutorial/step-5.png)
 
@@ -103,35 +103,37 @@ To configure automatic user provisioning for Snowflake in Azure AD:
 
 1. Sign in to the [Azure portal](https://portal.azure.com). Select **Enterprise applications** > **All applications**.
 
- ![Screenshot that shows the Enterprise applications pane.](common/enterprise-applications.png)
+    ![Screenshot that shows the Enterprise applications pane.](common/enterprise-applications.png)
 
-2. In the list of applications, select **Snowflake**.
+1. In the list of applications, select **Snowflake**.
 
- ![Screenshot that shows a list of applications.](common/all-applications.png)
+   ![Screenshot that shows a list of applications.](common/all-applications.png)
 
-3. Select the **Provisioning** tab.
+1. Select the **Provisioning** tab.
 
- ![Screenshot of the Manage options with the Provisioning option called out.](common/provisioning.png)
+   ![Screenshot of the Manage options with the Provisioning option called out.](common/provisioning.png)
 
-4. Set **Provisioning Mode** to **Automatic**.
+1. Set **Provisioning Mode** to **Automatic**.
 
- ![Screenshot of the Provisioning Mode drop-down list with the Automatic option called out.](common/provisioning-automatic.png)
+    ![Screenshot of the Provisioning Mode drop-down list with the Automatic option called out.](common/provisioning-automatic.png)
 
-5. In the **Admin Credentials** section, enter the SCIM 2.0 base URL and authentication token that you retrieved earlier in the **Tenant URL** and **Secret Token** boxes, respectively.
+1. In the **Admin Credentials** section, enter the SCIM 2.0 base URL and authentication token that you retrieved earlier in the **Tenant URL** and **Secret Token** boxes, respectively.
+    >[!NOTE]
+    >The Snowflake SCIM endpoint consists of the Snowflake account URL appended with `/scim/v2/`. For example, if your Snowflake account name is `acme` and your Snowflake account is in the `east-us-2` Azure region, the **Tenant URL** value is `https://acme.east-us-2.azure.snowflakecomputing.com/scim/v2`.
 
    Select **Test Connection** to ensure that Azure AD can connect to Snowflake. If the connection fails, ensure that your Snowflake account has admin permissions and try again.
 
- ![Screenshot that shows boxes for tenant URL and secret token, along with the Test Connection button.](common/provisioning-testconnection-tenanturltoken.png)
+    ![Screenshot that shows boxes for tenant URL and secret token, along with the Test Connection button.](common/provisioning-testconnection-tenanturltoken.png)
 
-6. In the **Notification Email** box, enter the email address of a person or group who should receive the provisioning error notifications. Then select the **Send an email notification when a failure occurs** check box.
+1. In the **Notification Email** box, enter the email address of a person or group who should receive the provisioning error notifications. Then select the **Send an email notification when a failure occurs** check box.
 
- ![Screenshot that shows boxes for notification email.](common/provisioning-notification-email.png)
+    ![Screenshot that shows boxes for notification email.](common/provisioning-notification-email.png)
 
-7. Select **Save**.
+1. Select **Save**.
 
-8. In the **Mappings** section, select **Synchronize Azure Active Directory Users to Snowflake**.
+1. In the **Mappings** section, select **Synchronize Azure Active Directory Users to Snowflake**.
 
-9. Review the user attributes that are synchronized from Azure AD to Snowflake in the **Attribute Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in Snowflake for update operations. Select the **Save** button to commit any changes.
+1. Review the user attributes that are synchronized from Azure AD to Snowflake in the **Attribute Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in Snowflake for update operations. Select the **Save** button to commit any changes.
 
    |Attribute|Type|
    |---|---|
@@ -141,33 +143,41 @@ To configure automatic user provisioning for Snowflake in Azure AD:
    |userName|String|
    |name.givenName|String|
    |name.familyName|String|
-   |urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:defaultRole|String|
-   |urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:defaultWarehouse|String|
+   |externalId|String|
 
-10. In the **Mappings** section, select **Synchronize Azure Active Directory Groups to Snowflake**.
+    >[!NOTE]
+    >Snowflake supported custom extension user attributes during SCIM provisioning:
+    >* DEFAULT_ROLE
+    >* DEFAULT_WAREHOUSE
+    >* DEFAULT_SECONDARY_ROLES
+    >* SNOWFLAKE NAME AND LOGIN_NAME FIELDS TO BE DIFFERENT
 
-11. Review the group attributes that are synchronized from Azure AD to Snowflake in the **Attribute Mapping** section. The attributes selected as **Matching** properties are used to match the groups in Snowflake for update operations. Select the **Save** button to commit any changes.
+    > How to set up Snowflake custom extension attributes in Azure AD SCIM user provisioning is explained [here](https://community.snowflake.com/s/article/HowTo-How-to-Set-up-Snowflake-Custom-Attributes-in-Azure-AD-SCIM-for-Default-Roles-and-Default-Warehouses).
+
+1. In the **Mappings** section, select **Synchronize Azure Active Directory Groups to Snowflake**.
+
+1. Review the group attributes that are synchronized from Azure AD to Snowflake in the **Attribute Mapping** section. The attributes selected as **Matching** properties are used to match the groups in Snowflake for update operations. Select the **Save** button to commit any changes.
 
     |Attribute|Type|
     |---|---|
     |displayName|String|
     |members|Reference|
 
-12. To configure scoping filters, see the instructions in the [Scoping filter tutorial](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
+1. To configure scoping filters, see the instructions in the      [Scoping filter tutorial](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
 
-13. To enable the Azure AD provisioning service for Snowflake, change **Provisioning Status** to **On** in the **Settings** section.
+1. To enable the Azure AD provisioning service for Snowflake, change **Provisioning Status** to **On** in the **Settings** section.
 
-  ![Screenshot that shows Provisioning Status switched on.](common/provisioning-toggle-on.png)
+    ![Screenshot that shows Provisioning Status switched on.](common/provisioning-toggle-on.png)
 
-14. Define the users and groups that you want to provision to Snowflake by choosing the desired values in **Scope** in the **Settings** section. 
+1. Define the users and groups that you want to provision to Snowflake by choosing the desired values in **Scope** in the **Settings** section. 
 
     If this option is not available, configure the required fields under **Admin Credentials**, select **Save**, and refresh the page. 
 
-  ![Screenshot that shows choices for provisioning scope.](common/provisioning-scope.png)
+    ![Screenshot that shows choices for provisioning scope.](common/provisioning-scope.png)
 
-15. When you're ready to provision, select **Save**.
+1. When you're ready to provision, select **Save**.
 
-  ![Screenshot of the button for saving a provisioning configuration.](common/provisioning-configuration-save.png)
+    ![Screenshot of the button for saving a provisioning configuration.](common/provisioning-configuration-save.png)
 
 This operation starts the initial synchronization of all users and groups defined in **Scope** in the **Settings** section. The initial sync takes longer to perform than subsequent syncs. Subsequent syncs occur about every 40 minutes, as long as the Azure AD provisioning service is running.
 

articles/active-directory/saas-apps/snowflake-provisioning-tutorial.md

@@ -36,14 +36,16 @@ To increase the node limit beyond 1000, you must have the following pre-requisit
 > [!NOTE] 
 > You can't use NPM with clusters greater than 500 Nodes 
 
-
 ## Node pool scaling considerations and best practices
 
-* For system node pools, use the *Standard_D16ds_v5* SKU or equivalent core/memory VM SKUs to provide sufficient compute resources for *kube-system* pods.
+* For system node pools, use the *Standard_D16ds_v5* SKU or equivalent core/memory VM SKUs with ephemeral OS disks to provide sufficient compute resources for *kube-system* pods.
 * Create at-least five user node pools to scale up to 5,000 nodes since there's a 1000 nodes per node pool limit.
 * Use cluster autoscaler wherever possible when running at-scale AKS clusters to ensure dynamic scaling of node pools based on the demand for compute resources.
 * When scaling beyond 1000 nodes without cluster autoscaler, it's recommended to scale in batches of a maximum 500 to 700 nodes at a time. These scaling operations should also have 2 mins to 5-mins sleep time between consecutive scale-ups to prevent Azure API throttling.
 
+> [!NOTE] 
+> You can't use [Stop and Start feature][Stop and Start feature] on clusters enabled with the greater than 1000 node limit
+
 ## Cluster upgrade best practices
 
 * AKS clusters have a hard limit of 5000 nodes. This limit prevents clusters from upgrading that are running at this limit since there's no more capacity do a rolling update with the max surge property. We recommend scaling the cluster down below 3000 nodes before doing cluster upgrades to provide extra capacity for node churn and minimize control plane load.
@@ -61,3 +63,4 @@ To increase the node limit beyond 1000, you must have the following pre-requisit
 <!-- LINKS - Internal -->
 [quotas-skus-regions]: quotas-skus-regions.md
 [cluster upgrades]: upgrade-cluster.md
+[Stop and Start feature]: start-stop-cluster.md

articles/aks/operator-best-practices-run-at-scale.md

@@ -267,6 +267,9 @@ When you test a runbook, the [Draft version](#publish-a-runbook) is executed and
 
 Even though the Draft version is being run, the runbook still executes normally and performs any actions against resources in the environment. For this reason, you should only test runbooks on non-production resources.
 
+> [!NOTE]
+> All runbook execution actions are logged in the **Activity Log** of the automation account with the operation name **Create an Azure Automation job**. However, runbook execution in a test pane where the draft version of the runbook is executed would be logged in the activity logs with the operation name **Write an Azure Automation runbook draft**. Select **Operation** and **JSON** tab to see the scope ending with *../runbooks/(runbook name)/draft/testjob*.
+
 The procedure to test each [type of runbook](automation-runbook-types.md) is the same. There's no difference in testing between the textual editor and the graphical editor in the Azure portal.
 
 1. Open the Draft version of the runbook in either the [textual editor](automation-edit-textual-runbook.md) or the [graphical editor](automation-graphical-authoring-intro.md).

articles/automation/manage-runbooks.md

@@ -46,13 +46,18 @@ If you continue to have trouble upgrading an extension, you can [disable automat
 
 ## Supported extensions
 
-Automatic extension upgrade supports the following extensions (and more are added periodically):
+Automatic extension upgrade supports the following extensions:
 
-- Azure Monitor Agent - Linux and Windows
-- Azure Security agent - Linux and Windows
+- Azure Monitor agent - Linux and Windows
+- Log Analytics agent (OMS agent) - Linux only
 - Dependency agent – Linux and Windows
+- Azure Security agent - Linux and Windows
 - Key Vault Extension - Linux only
-- Log Analytics agent (OMS agent) - Linux only
+- Azure Update Management Center - Linux and Windows
+- Azure Automation Hybrid Runbook Worker - Linux and Windows
+- Azure Arc-enabled SQL Server agent - Windows only
+
+More extensions will be added over time. Extensions that do not support automatic extension upgrade today are still configured to enable automatic upgrades by default. This setting will have no effect until the extension publisher chooses to support automatic upgrades.
 
 ## Manage automatic extension upgrade
 

articles/azure-arc/servers/manage-automatic-vm-extension-upgrade.md

@@ -41,7 +41,8 @@ The primary use case for Durable Functions is simplifying complex, stateful coor
 
 ### <a name="chaining"></a>Pattern #1: Function chaining
 
-In the function chaining pattern, a sequence of functions executes in a specific order. In this pattern, the output of one function is applied to the input of another function.
+In the function chaining pattern, a sequence of functions executes in a specific order. In this pattern, the output of one function is applied to the input of another function. The use of queues between each function ensures that the system stays durable and scalable, even though there is a flow of control from one function to the next.
+
 
 ![A diagram of the function chaining pattern](./media/durable-functions-concepts/function-chaining.png)
 

articles/azure-arc/servers/media/manage-automatic-vm-extension-upgrade/portal-enable-auto-upgrade.png

@@ -10,7 +10,7 @@ zone_pivot_groups: programming-languages-set-functions-lang-workers
 
 ## Introduction
 
-[Azure Functions](./functions-overview.md) allows you to implement your system's logic into readily-available blocks of code. These code blocks are called "functions".
+[Azure Functions](./functions-overview.md) allows you to implement your system's logic as event-driven, readily-available blocks of code. These code blocks are called "functions".
 
 Use the following resources to get started.