Merge pull request #211037 from MicrosoftDocs/repo_sync_working_branch

huypub · web-flow · commit 5072aee90ab8 · 2022-09-13T14:49:12.000-07:00
Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)
diff --git a/articles/active-directory-b2c/add-web-api-application.md b/articles/active-directory-b2c/add-web-api-application.md
@@ -17,7 +17,7 @@ ms.subservice: B2C
 
 This article shows you how to register web API resources in your Azure Active Directory B2C (Azure AD B2C) tenant so that they can accept and respond to requests by client applications that present an access token.
 
-To register an application in your Azure AD B2C tenant, you can use Azure portal's new unified **App registrations** experience the legacy **Applications (Legacy)** experience. [Learn more about the new experience](./app-registrations-training-guide.md).
+To register an application in your Azure AD B2C tenant, you can use the Azure portal's new unified **App registrations** experience or the legacy **Applications (Legacy)** experience. [Learn more about the new experience](./app-registrations-training-guide.md).
 
 #### [App registrations](#tab/app-reg-ga/)
 
@@ -60,4 +60,4 @@ To call a protected web API from an application, you need to grant your applicat
 
 [!INCLUDE [active-directory-b2c-permissions-api](../../includes/active-directory-b2c-permissions-api.md)]
 
-Your application is registered to call the protected web API. A user authenticates with Azure AD B2C to use the application. The application obtains an authorization grant from Azure AD B2C to access the protected web API.
+Your application is registered to call the protected web API. A user authenticates with Azure AD B2C to use the application. The application obtains an authorization grant from Azure AD B2C to access the protected web API.
diff --git a/articles/active-directory/develop/access-tokens.md b/articles/active-directory/develop/access-tokens.md
@@ -280,7 +280,7 @@ An application may receive tokens for a user or directly from an application thr
 - Use `roles` to see permissions that have been granted to the subject of the token.
 - Use `oid` or `sub` to validate that the calling service principal is the expected one.
 
-If the application needs to distinguish between app-only access tokens and access tokens for users, use the `idtyp` [optional claim](active-directory-optional-claims.md). Add the `idtyp` claim to the `accessToken` field, and check for the value `app`, app-only access tokens can be detected. ID tokens and access tokens for users won't have the `idtyp` claim included.
+If the application needs to distinguish between app-only access tokens and access tokens for users, use the `idtyp` [optional claim](active-directory-optional-claims.md). To detect app-only access tokens, add the `idtyp` claim to the `accessToken` field, and check for the value `app`. ID tokens and access tokens for users won't have the `idtyp` claim included.
 
 ## Token revocation
 
diff --git a/articles/active-directory/governance/entitlement-management-organization.md b/articles/active-directory/governance/entitlement-management-organization.md
@@ -78,20 +78,20 @@ To add an external Azure AD directory or domain as a connected organization, fol
 
     The **Select directories + domains** pane opens.
 
-1. In the search box, enter a domain name to search for the Azure AD directory or domain. You can also add domains that are not in Azure AD. Be sure to enter the entire domain name.
+1. In the search box, enter a domain name to search for the Azure AD directory or domain. Be sure to enter the entire domain name.
 
-1. Confirm that the organization name(s) and authentication type(s) are correct. User sign in, prior to being able to access the MyAccess portal, depends on the authentication type for their organization.  If the authentication type for a connected organization is Azure AD, all users with an account in any verified domain of that Azure AD directory will sign into their directory, and then can request access to access packages that allow that connected organization. If the authentication type is One-time passcode, this allows users with email addresses from just that domain to visit the MyAccess portal. After they authenticate with the passcode, the user can make a request.
+1. Confirm that the organization name and authentication type are correct. User sign in, prior to being able to access the MyAccess portal, depends on the authentication type for their organization.  If the authentication type for a connected organization is Azure AD, all users with an account in any verified domain of that Azure AD directory will sign into their directory, and then can request access to access packages that allow that connected organization. If the authentication type is One-time passcode, this allows users with email addresses from just that domain to visit the MyAccess portal. After they authenticate with the passcode, the user can make a request.
 
     ![The "Select directories + domains" pane](./media/entitlement-management-organization/organization-select-directories-domains.png)
 
     > [!NOTE]
     > Access from some domains could be blocked by the Azure AD business to business (B2B) allow or deny list. For more information, see [Allow or block invitations to B2B users from specific organizations](../external-identities/allow-deny-list.md).
 
-1. Select **Add** to add the Azure AD directory or domain. **You can add multiple Azure AD directories and domains**.
+1. Select **Add** to add the Azure AD directory or domain. Currently, you can add only one Azure AD directory or domain per connected organization.
 
-1. After you've added the Azure AD directories or domains, select **Select**.
+1. After you've added the Azure AD directory or domain, select **Select**.
 
-    The organization(s) appears in the list.
+    The organization appears in the list.
 
     ![The "Directory + domain" pane](./media/entitlement-management-organization/organization-directory-domain.png)
 
diff --git a/articles/aks/ingress-basic.md b/articles/aks/ingress-basic.md
@@ -292,14 +292,15 @@ helm install nginx-ingress ingress-nginx/ingress-nginx `
 Check the load balancer service by using `kubectl get services`.
 
 ```console
-kubectl get services --namespace ingress-basic -o wide -w nginx-ingress-ingress-nginx-controller
+kubectl get services --namespace ingress-basic -o wide -w ingress-nginx-controller
 ```
 
 When the Kubernetes load balancer service is created for the NGINX ingress controller, an IP address is assigned under *EXTERNAL-IP*, as shown in the following example output:
 
 ```
 NAME                                     TYPE           CLUSTER-IP    EXTERNAL-IP     PORT(S)                      AGE   SELECTOR
-nginx-ingress-ingress-nginx-controller   LoadBalancer   10.0.74.133   EXTERNAL_IP     80:32486/TCP,443:30953/TCP   44s   app.kubernetes.io/component=controller,app.kubernetes.io/instance=nginx-ingress,app.kubernetes.io/name=ingress-nginx
+NAME                       TYPE           CLUSTER-IP    EXTERNAL-IP     PORT(S)                      AGE   SELECTOR
+ingress-nginx-controller   LoadBalancer   10.0.65.205   EXTERNAL-IP     80:30957/TCP,443:32414/TCP   1m   app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx
 ```
 
 No ingress rules have been created yet, so the NGINX ingress controller's default 404 page is displayed if you browse to the external IP address. Ingress rules are configured in the following steps.
@@ -545,9 +546,9 @@ nginx-ingress           ingress-basic   1               2020-01-06 19:55:46.3582
 Uninstall the releases with the `helm uninstall` command. The following example uninstalls the NGINX ingress deployment.
 
 ```
-$ helm uninstall nginx-ingress --namespace ingress-basic
+$ helm uninstall ingress-nginx --namespace ingress-basic
 
-release "nginx-ingress" uninstalled
+release "ingress-nginx" uninstalled
 ```
 
 Next, remove the two sample applications:
diff --git a/articles/azure-vmware/enable-public-ip-nsx-edge.md b/articles/azure-vmware/enable-public-ip-nsx-edge.md
@@ -67,7 +67,7 @@ There are three options for configuring your reserved Public IP down to the NSX
 A Sourced Network Translation Service (SNAT) with Port Address Translation (PAT) is used to allow many VMs to one SNAT service. This connection means you can provide Internet connectivity for many VMs.
 
 >[!IMPORTANT]
-> To enable SNAT for your specified address ranges, you must [configure a gateway firewall rule](#gateway-firewall-used-to-filter-traffic-to-vms-at-t1-gateways) and SNAT for the specific address ranges you desire. If you don't want SNAT enabled for specific address ranges, you must create a [No-NAT rule](#no-nat-rule-for-specific-address-ranges) for the address ranges to exclude. For your SNAT service to work as expected, the No-NAT rule should be a lower priority than the SNAT rule.
+> To enable SNAT for your specified address ranges, you must [configure a gateway firewall rule](#gateway-firewall-used-to-filter-traffic-to-vms-at-t1-gateways) and SNAT for the specific address ranges you desire. If you don't want SNAT enabled for specific address ranges, you must create a [No-NAT rule](#no-network-address-tranlation-rule-for-specific-address-ranges) for the address ranges to exclude. For your SNAT service to work as expected, the No-NAT rule should be a lower priority than the SNAT rule.
 
 **Add rule**
 1.	From your Azure VMware Solution private cloud, select **vCenter Credentials**
@@ -89,15 +89,15 @@ A Sourced Network Translation Service (SNAT) with Port Address Translation (PAT)
 Logging can be enabled by way of the logging slider. For more information on NSX-T NAT configuration and options, see the 
 [NSX-T NAT Administration Guide](https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/administration/GUID-7AD2C384-4303-4D6C-A44A-DEF45AA18A92.html)
 
-### No NAT rule for specific address ranges
-
-A No NAT rule can be used to exclude certain matches from performing Network Address Translation.  This policy can be used to allow private IP traffic to bypass the NAT rule.
+### No Network Address Tranlation rule for specific address ranges
 
+A No SNAT rule in NSX manager can be used to exclude certain matches from performing Network Address Translation. This policy can be used to allow private IP traffic to bypass existing network translation rules.
 1. From your Azure VMware Solution private cloud, select **vCenter Credentials**.
-2.	Locate your NSX-T URL and credentials.
-3.	Log in to **VMWare NSX-T** and then select **NAT Rules**. 
+1. Locate your NSX-T URL and credentials.
+1. Log in to **VMWare NSX-T** and then select **NAT Rules**. 
 1. Select the T1 Router and then select **ADD NAT RULE**.
-1. The **Source IP** is the range of addreses you do not want to be translated and **Destination IP** is the range of IP addresses that you do not want the "Source IP" to reach.         
+1. Select **NO SNAT** rule as the type of NAT rule.
+1. Select the **Source IP** as the range of addresses you do not want to be translated. The **Destination IP** should be any internal addresses you are reaching from the range of Source IP ranges.
 1. Select **SAVE**.
 
 ### Inbound Internet Access for VMs
diff --git a/articles/data-factory/concepts-data-flow-schema-drift.md b/articles/data-factory/concepts-data-flow-schema-drift.md
@@ -36,7 +36,7 @@ This video provides an introduction to some of the complex solutions that you ca
 
 Columns coming into your data flow from your source definition are defined as "drifted" when they are not present in your source projection. You can view your source projection from the projection tab in the source transformation. When you select a dataset for your source, the service will automatically take the schema from the dataset and create a projection from that dataset schema definition.
 
-In a source transformation, schema drift is defined as reading columns that aren't defined your dataset schema. To enable schema drift, check **Allow schema drift** in your source transformation.
+In a source transformation, schema drift is defined as reading columns that aren't defined in your dataset schema. To enable schema drift, check **Allow schema drift** in your source transformation.
 
 :::image type="content" source="media/data-flow/schemadrift001.png" alt-text="Schema drift source":::
 
diff --git a/articles/machine-learning/how-to-auto-train-image-models.md b/articles/machine-learning/how-to-auto-train-image-models.md
@@ -110,7 +110,7 @@ If your training data is in a different format (like, pascal VOC or COCO), you c
 > The training data needs to have at least 10 images in order to be able to submit an AutoML run. 
 
 > [!Warning]
-> Creation of `MLTable` is only supported using the SDK and CLI to create from data in JSONL format for this capability. Creating the `MLTable` via UI is not supported at this time.
+> Creation of `MLTable` from data in JSONL format is supported using the SDK and CLI only, for this capability. Creating the `MLTable` via UI is not supported at this time. As of now, the UI doesn't recognize the StreamInfo datatype, which is the datatype used for image URLs in JSONL format.  
 
 
 ### JSONL schema samples
diff --git a/articles/machine-learning/how-to-troubleshoot-online-endpoints.md b/articles/machine-learning/how-to-troubleshoot-online-endpoints.md
@@ -436,7 +436,7 @@ When you access online endpoints with REST requests, the returned status codes a
 | 404 | Not found | Your URL isn't correct. |
 | 408 | Request timeout | The model execution took longer than the timeout supplied in `request_timeout_ms` under `request_settings` of your model deployment config.|
 | 424 | Model Error | If your model container returns a non-200 response, Azure returns a 424. Check the `Model Status Code` dimension under the `Requests Per Minute` metric on your endpoint's [Azure Monitor Metric Explorer](../azure-monitor/essentials/metrics-getting-started.md). Or check response headers `ms-azureml-model-error-statuscode` and `ms-azureml-model-error-reason` for more information. |
-| 429 | Rate-limiting | You attempted to send more than 100 requests per second to your endpoint. |
+| 429 | Rate-limiting | The number of requests per second reached the [limit](./how-to-manage-quotas.md#azure-machine-learning-managed-online-endpoints) of managed online endpoints.|
 | 429 | Too many pending requests | Your model is getting more requests than it can handle. We allow 2 * `max_concurrent_requests_per_instance` * `instance_count` requests in parallel at any time. Additional requests are rejected. You can confirm these settings in your model deployment config under `request_settings` and `scale_settings`. If you're using auto-scaling, your model is getting requests faster than the system can scale up. With auto-scaling, you can try to resend requests with [exponential backoff](https://aka.ms/exponential-backoff). Doing so can give the system time to adjust. |
 | 500 | Internal server error | Azure ML-provisioned infrastructure is failing. |
 
diff --git a/articles/machine-learning/v1/how-to-auto-train-image-models-v1.md b/articles/machine-learning/v1/how-to-auto-train-image-models-v1.md
@@ -75,7 +75,7 @@ In order to generate computer vision models, you need to bring labeled image dat
 If your training data is in a different format (like, pascal VOC or COCO), you can apply the helper scripts included with the sample notebooks to convert the data to JSONL. Learn more about how to [prepare data for computer vision tasks with automated ML](../how-to-prepare-datasets-for-automl-images.md). 
 
 > [!Warning]
-> Creation of TabularDatasets is only supported using the SDK to create datasets from data in JSONL format for this capability. Creating the dataset via UI is not supported at this time.
+> Creation of TabularDatasets from data in JSONL format is supported using the SDK only, for this capability. Creating the dataset via UI is not supported at this time. As of now, the UI doesn't recognize the StreamInfo datatype, which is the datatype used for image URLs in JSONL format.
 
 > [!Note]
 > The training dataset needs to have at least 10 images in order to be able to submit an AutoML run. 
diff --git a/articles/static-web-apps/overview.md b/articles/static-web-apps/overview.md
@@ -20,7 +20,7 @@ The workflow of Azure Static Web Apps is tailored to a developer's daily workflo
 
 When you create an Azure Static Web Apps resource, Azure interacts directly with GitHub or Azure DevOps to monitor a branch of your choice. Every time you push commits or accept pull requests into the watched branch, a build automatically runs and your app and API is deployed to Azure.
 
-Static web apps are commonly built using libraries and frameworks like Angular, React, Svelte, Vue, or Blazor where server side rendering isn't required. These apps include HTML, CSS, JavaScript, and image assets that make up the application. With a traditional web server, these assets are served from a single server alongside any required API endpoints.
+Static web apps are commonly built using libraries and web frameworks like Angular, React, Svelte, Vue, or Blazor where server side rendering isn't required. These apps include HTML, CSS, JavaScript, and image assets that make up the application. With a traditional web server, these assets are served from a single server alongside any required API endpoints.
 
 With Static Web Apps, static assets are separated from a traditional web server and are instead served from points geographically distributed around the world. This distribution makes serving files much faster as files are physically closer to end users. In addition, API endpoints are hosted using a [serverless architecture](../azure-functions/functions-overview.md), which avoids the need for a full back-end server all together.
 
