Merge pull request #57641 from MicrosoftDocs/repo_sync_working_branch

huypub · web-flow · commit 4ced02987d6f · 2018-11-09T14:34:06.000-08:00
Confirm merge from repo_sync_working_branch to master to sync with https://github.com/Microsoft/azure-docs (branch master)
diff --git a/articles/active-directory/devices/device-management-azure-portal.md b/articles/active-directory/devices/device-management-azure-portal.md
@@ -150,7 +150,7 @@ To enable / disable a device, you have two options:
 **Remarks:**
 
 - You need to be a global administrator in Azure  AD to enable / disable a device. 
-- Disabling a device prevents a device from accessing your Azure AD resources. 
+- Disabling a device prevents a device from successfully authenticating with Azure AD, therby preventing the device from accessing your Azure AD resources that are guarded by device CA or using your WH4B credentials. 
 
 
 
diff --git a/articles/active-directory/devices/faq.md b/articles/active-directory/devices/faq.md
@@ -18,29 +18,10 @@ ms.author: markvi
 ms.reviewer: jairoc
 
 ---
-# Azure Active Directory device management FAQ
-
-**Q: Can I register Android or iOS BYOD devices?**
-
-**A:** Yes, but only with Azure device registration service and for hybrid customers. It is not supported with on-premises device registration service in AD FS.
-
-**Q: How can I register a macOS device?**
-
-**A:** To register macOS device:
-
-1.	[Create a compliance policy](https://docs.microsoft.com/intune/compliance-policy-create-mac-os)
-2.	[Define a conditional access policy for macOS devices](../active-directory-conditional-access-azure-portal.md) 
 
-**Remarks:**
-
-- The users that are included in your conditional access policy need a [supported version of Office for macOS](../conditional-access/technical-reference.md#client-apps-condition) to access resources. 
-
-- During the first access attempt, your users are prompted to enroll the device using the company portal.
-
----
-
-**Q: I registered the device recently. Why can’t I see the device under my user info in the Azure portal?**
+# Azure Active Directory device management FAQ
 
+**Q: I registered the device recently. Why can’t I see the device under my user info in the Azure portal? Or Why is device owner marked as N/A for hybrid Azure AD joined devices?**
 **A:** Windows 10 devices that are hybrid Azure AD joined do not show up under the USER devices.
 You need to use All devices view in Azure portal. You can also use PowerShell [Get-MsolDevice](/powershell/module/msonline/get-msoldevice?view=azureadps-1.0) cmdlet.
 
@@ -54,15 +35,20 @@ Only the following devices are listed under the USER devices:
 
 **Q: How do I know what the device registration state of the client is?**
 
-**A:** You can use the Azure portal, go to All devices and search for the device using device ID. Check the value under the join type column.
-
-If you want to check the local device registration state from a registered device:
+**A:** You can use the Azure portal, go to All devices and search for the device using device ID. Check the value under the join type column. Sometimes, the device could have been reset or re-imaged. So, it is essential to also check device registration state on the device too:
 
 - For Windows 10 and Windows Server 2016 or later devices, run dsregcmd.exe /status.
 - For down-level OS versions, run "%programFiles%\Microsoft Workplace Join\autoworkplace.exe"
 
 ---
 
+**Q: I see the device record under the USER info in the Azure portal and can see the state as registered on the device. Am I setup correctly for using conditional access?**
+
+**A:** The device join state, reflected by deviceID, must match with that on Azure AD and meet any evaluation criteria for conditional access. 
+For more information, see [Require managed devices for cloud app access with conditional access](../conditional-access/require-managed-devices.md).
+
+---
+
 **Q: I have deleted in the Azure portal or using Windows PowerShell, but the local state on the device says that it is still registered?**
 
 **A:** This is by design. The device will not have access to resources in the cloud. 
@@ -83,25 +69,6 @@ For down-level Windows OS versions that are on-premises AD domain-joined:
 2.	Type `"%programFiles%\Microsoft Workplace Join\autoworkplace.exe /l"`.
 3.	Type `"%programFiles%\Microsoft Workplace Join\autoworkplace.exe /j"`.
 
----
-**Q: How do I unjoin an Azure AD Joined device locally on the device?**
-
-**A:** 
-- For hybrid Azure AD Joined devices, make sure to turn off auto registration so that the scheduled task does not register the device again. Next, open command prompt as an administrator and type `dsregcmd.exe /debug /leave`. Alternatively, this command can be run as a script across multiple devices to unjoin in bulk.
-
-- For pure Azure AD Joined devices, make sure you have an offline local administrator account or create one, as you won't be able to sign in with any Azure AD user credentials. Next, go to **Settings** > **Accounts** > **Access Work or School**. Select your account and click on **Disconnect**. Follow the prompts and provide the local administrator credentials when prompted. Reboot the device to complete the unjoin process.
-
----
-
-**Q: My users cannot search printers from Azure AD Joined devices. How can I enable printing from Azure AD Joined devices ?**
-
-**A:** For deploying printers for Azure AD Joined devices, see [Hybrid cloud print](https://docs.microsoft.com/windows-server/administration/hybrid-cloud-print/hybrid-cloud-print-deploy). You will need an on-premises Windows Server to deploy hybrid cloud print. Currently, cloud-based print service is not available. 
-
----
-
-**Q: How do I connect to a remote Azure AD joined device?**
-**A:** Refer to the article https://docs.microsoft.com/windows/client-management/connect-to-remote-aadj-pc for details.
-
 ---
 
 **Q: Why do I see duplicate device entries in Azure portal?**
@@ -124,7 +91,27 @@ For down-level Windows OS versions that are on-premises AD domain-joined:
 
 >[!Note] 
 >For enrolled devices, we recommend wiping the device to ensure that users cannot access the resources. For more information, see [Enroll devices for management in Intune](https://docs.microsoft.com/intune/deploy-use/enroll-devices-in-microsoft-intune). 
+---
+
+# Azure AD Join FAQ
+
+**Q: How do I unjoin an Azure AD Joined device locally on the device?**
+
+**A:** 
+- For hybrid Azure AD Joined devices, make sure to turn off auto registration so that the scheduled task does not register the device again. Next, open command prompt as an administrator and type `dsregcmd.exe /debug /leave`. Alternatively, this command can be run as a script across multiple devices to unjoin in bulk.
+
+- For pure Azure AD Joined devices, make sure you have an offline local administrator account or create one, as you won't be able to sign in with any Azure AD user credentials. Next, go to **Settings** > **Accounts** > **Access Work or School**. Select your account and click on **Disconnect**. Follow the prompts and provide the local administrator credentials when prompted. Reboot the device to complete the unjoin process.
+
+---
+
+**Q: My users cannot search printers from Azure AD Joined devices. How can I enable printing from Azure AD Joined devices ?**
+
+**A:** For deploying printers for Azure AD Joined devices, see [Hybrid cloud print](https://docs.microsoft.com/windows-server/administration/hybrid-cloud-print/hybrid-cloud-print-deploy). You will need an on-premises Windows Server to deploy hybrid cloud print. Currently, cloud-based print service is not available. 
 
+---
+
+**Q: How do I connect to a remote Azure AD joined device?**
+**A:** Refer to the article https://docs.microsoft.com/windows/client-management/connect-to-remote-aadj-pc for details.
 
 ---
 
@@ -141,13 +128,6 @@ Please evaluate the conditional access policy rules and ensure that the device i
 
 ---
 
-**Q: I see the device record under the USER info in the Azure portal and can see the state as registered on the device. Am I setup correctly for using conditional access?**
-
-**A:** The device join state, reflected by deviceID, must match with that on Azure AD and meet any evaluation criteria for conditional access. 
-For more information, see [Require managed devices for cloud app access with conditional access](../conditional-access/require-managed-devices.md).
-
----
-
 **Q: Why do I get a "username or password is incorrect" message for a device I have just joined to Azure AD?**
 
 **A:** Common reasons for this scenario are:
@@ -156,7 +136,7 @@ For more information, see [Require managed devices for cloud app access with con
 
 - Your computer is unable to communicate with Azure Active Directory. Check for any network connectivity issues.
 
-- Federated logins requires your federation server to support a WS-Trust active endpoint. 
+- Federated logins requires your federation server to support WS-Trust endpoints enabled and accessible. 
 
 - You have enabled Pass through Authentication and the user has a temporary password that needs to be changed on logon.
 
@@ -168,15 +148,16 @@ For more information, see [Require managed devices for cloud app access with con
 
 ---
 
-**Q: Why did my attempt to join a PC fail although I didn't get any error information?**
+**Q: Why did my attempt to Azure AD join a PC fail although I didn't get any error information?**
 
 **A:** A likely cause is that the user is logged in to the device using the local built-in administrator account. 
 Please create a different local account before using Azure Active Directory Join to complete the setup. 
 
-
 ---
 
-**Q: Where can I find troubleshooting information about the automatic device registration?**
+# Hybrid Azure AD Join FAQ
+
+**Q: Where can I find troubleshooting information for diagnosing hybrid Azure AD join failures?**
 
 **A:** For troubleshooting information, see:
 
@@ -187,3 +168,23 @@ Please create a different local account before using Azure Active Directory Join
 
 ---
 
+# Azure AD Register FAQ
+
+**Q: Can I register Android or iOS BYOD devices?**
+
+**A:** Yes, but only with Azure device registration service and for hybrid customers. It is not supported with on-premises device registration service in AD FS.
+
+**Q: How can I register a macOS device?**
+
+**A:** To register macOS device:
+
+1.	[Create a compliance policy](https://docs.microsoft.com/intune/compliance-policy-create-mac-os)
+2.	[Define a conditional access policy for macOS devices](../active-directory-conditional-access-azure-portal.md) 
+
+**Remarks:**
+
+- The users that are included in your conditional access policy need a [supported version of Office for macOS](../conditional-access/technical-reference.md#client-apps-condition) to access resources. 
+
+- During the first access attempt, your users are prompted to enroll the device using the company portal.
+
+---
diff --git a/articles/aks/ingress-static-ip.md b/articles/aks/ingress-static-ip.md
@@ -25,7 +25,7 @@ You can also:
 
 ## Before you begin
 
-This article uses Helm to install the NGINX ingress controller, cert-manager, and a sample web app. You need to have Helm initialized within your AKS cluster and using a service account for Tiller. Make sure that you are using the latest release of Helm. Make sure that you are using the latest release of Helm. For upgrade instructions, see the [Helm install docs][helm-install]. For more information on configuring and using Helm, see [Install applications with Helm in Azure Kubernetes Service (AKS)][use-helm].
+This article uses Helm to install the NGINX ingress controller, cert-manager, and a sample web app. You need to have Helm initialized within your AKS cluster and using a service account for Tiller. Make sure that you are using the latest release of Helm. For upgrade instructions, see the [Helm install docs][helm-install]. For more information on configuring and using Helm, see [Install applications with Helm in Azure Kubernetes Service (AKS)][use-helm].
 
 This article also requires that you are running the Azure CLI version 2.0.41 or later. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI][azure-cli-install].
 
diff --git a/articles/dev-spaces/get-started-netcore.md b/articles/dev-spaces/get-started-netcore.md
@@ -66,7 +66,7 @@ az group create --name MyResourceGroup --location <region>
 Create a Kubernetes cluster with the following command:
 
 ```cmd
-az aks create -g MyResourceGroup -n MyAKS --location <region> --kubernetes-version 1.11.2 --enable-addons http_application_routing
+az aks create -g MyResourceGroup -n MyAKS --location <region> --kubernetes-version 1.11.2 --enable-addons http_application_routing --generate-ssh-keys
 ```
 
 It takes a few minutes to create the cluster.
diff --git a/articles/dev-spaces/get-started-nodejs.md b/articles/dev-spaces/get-started-nodejs.md
@@ -66,7 +66,7 @@ az group create --name MyResourceGroup --location <region>
 Create a Kubernetes cluster with the following command:
 
 ```cmd
-az aks create -g MyResourceGroup -n MyAKS --location <region> --kubernetes-version 1.11.2 --enable-addons http_application_routing
+az aks create -g MyResourceGroup -n MyAKS --location <region> --kubernetes-version 1.11.2 --enable-addons http_application_routing --generate-ssh-keys
 ```
 
 It takes a few minutes to create the cluster.
diff --git a/articles/dev-spaces/troubleshooting.md b/articles/dev-spaces/troubleshooting.md
@@ -58,9 +58,9 @@ On the command line:
 
 When using _azds.exe_, use the --verbose command-line option, and use the --output command-line option to specify the output format.
  
-    ```cmd
-    azds up --verbose --output json
-    ```
+```cmd
+azds up --verbose --output json
+```
 
 In Visual Studio:
 
diff --git a/articles/sql-database/sql-database-managed-instance-connect-app.md b/articles/sql-database/sql-database-managed-instance-connect-app.md
@@ -55,7 +55,7 @@ If you've established on-premises to Azure connection successfully and you can't
 Managed Instance can be accessed only through a private IP address so in order to access it from your developer box, you first need to make a connection between your developer box and the Managed Instance VNet. To do so, configure a Point-to-Site connection to a VNet using native Azure certificate authentication. For more information, see  [Configure a point-to-site connection to connect to an Azure SQL Database Managed Instance from on-premises computer](sql-database-managed-instance-configure-p2s.md).
 
 ## Connect from on-premises with VNet peering
-Another scenario implemented by customers is where VPN gateway is installed in a separate virtual network and a subscription from the one hosting Managed Instance. The two virtual etworks are then peered. The following sample architecture diagram shows how this can be implemented.
+Another scenario implemented by customers is where VPN gateway is installed in a separate virtual network and a subscription from the one hosting Managed Instance. The two virtual networks are then peered. The following sample architecture diagram shows how this can be implemented.
 
 ![VNet peering](./media/sql-database-managed-instance-connect-app/vnet-peering.png)
 
@@ -78,6 +78,10 @@ A special case of connecting Azure App Service to Managed Instance is when you i
 This scenario is illustrated in the following diagram:
 
 ![integrated app peering](./media/sql-database-managed-instance/integrated-app-peering.png)
+
+>[!NOTE]
+>The VNet Integration feature does not integrate an app with a VNet that has an ExpressRoute Gateway. Even if the ExpressRoute Gateway is configured in coexistence mode the VNet Integration does not work. If you need to access resources through an ExpressRoute connection, then you can use an App Service Environment, which runs in your VNet.
+>
  
 ## Troubleshooting connectivity issues
 
