Merge pull request #239377 from MicrosoftDocs/repo_sync_working_branch

huypub · web-flow · commit 52ebe6648db3 · 2023-05-26T09:51:01.000-07:00
Resolve syncing conflicts from repo_sync_working_branch to main
diff --git a/articles/active-directory/develop/howto-restore-app.md b/articles/active-directory/develop/howto-restore-app.md
@@ -59,7 +59,7 @@ This is because organization-specific settings are stored on a separate object,
 2. Select **Restore app registration**.
 
 ## Permanently delete an application
-You can manually permanently delete an application from your organization. A permanently deleted application can't be restored by you, another administrator, or by Microsoft customer support.
+You can manually permanently delete an application from your organization. A permanently deleted application can't be restored by you, another administrator, or by Microsoft customer support. However, this does not permanently delete the corresponding service principal. A service principal cannot be restored without having an active corresponding application, so the service principal can be manually deleted, which is also permanent. If no action is taken the service principal will be permanently deleted 30 days after deleting the application.
 
 ### To permanently delete an application
 
diff --git a/articles/active-directory/manage-apps/application-management-certs-faq.md b/articles/active-directory/manage-apps/application-management-certs-faq.md
@@ -30,6 +30,9 @@ You can find the steps [here](manage-certificates-for-federated-single-sign-on.m
 
 By default, Azure AD configures a certificate to expire after three years when it is created automatically during SAML single sign-on configuration. Because you can't change the date of a certificate after you save it, you need to create a new certificate. For steps on how to do so, please refer [Customize the expiration date for your federation certificate and roll it over to a new certificate](manage-certificates-for-federated-single-sign-on.md#customize-the-expiration-date-for-your-federation-certificate-and-roll-it-over-to-a-new-certificate).
 
+> [!NOTE]
+> The recommended way to create SAML applications is through the Azure AD Application Gallery, which will automatically create a three-year valid X509 certificate for you. 
+
 ## How can I automate the certificates expiration notifications?
 
 Azure AD will send an email notification 60, 30, and 7 days before the SAML certificate expires. You may add more than one email address to receive notifications.
diff --git a/articles/active-directory/manage-apps/configure-admin-consent-workflow.md b/articles/active-directory/manage-apps/configure-admin-consent-workflow.md
@@ -47,7 +47,7 @@ To enable the admin consent workflow and choose reviewers:
 
    - **Select users, groups, or roles that will be designated as reviewers for admin consent requests** - Reviewers can view, block, or deny admin consent requests, but only global administrators can approve admin consent requests. People designated as reviewers can view incoming requests in the **My Pending** tab after they have been set as reviewers. Any new reviewers won't be able to act on existing or expired admin consent requests.
    - **Selected users will receive email notifications for requests** - Enable or disable email notifications to the reviewers when a request is made.  
-   - **Selected users will receive request expiration reminders** - Enable or disable reminder email notifications to the reviewers when a request is about to expire.
+   - **Selected users will receive request expiration reminders** - Enable or disable reminder email notifications to the reviewers when a request is about to expire. The first about-to-expire reminder email is likely sent out in the middle of the configured "Consent request expires after (days)." For example, if consent is configured to expire in three days, the first reminder email is usually sent out on the second day, and the last expiration email is almost immediately out once the consent is expired.
    - **Consent request expires after (days)** - Specify how long requests stay valid.
 
 1. Select **Save**. It can take up to an hour for the workflow to become enabled.
diff --git a/articles/aks/start-stop-cluster.md b/articles/aks/start-stop-cluster.md
@@ -22,7 +22,7 @@ When using the cluster stop/start feature, the following conditions apply:
 
 - This feature is only supported for Virtual Machine Scale Set backed clusters.
 - The cluster state of a stopped AKS cluster is preserved for up to 12 months. If your cluster is stopped for more than 12 months, you can't recover the state. For more information, see the [AKS support policies](support-policies.md).
-- You can only start or delete a stopped AKS cluster. To perform other operations, like scaling or upgrading, you need to start your cluster first.
+- You can only perform start or delete operations on a stopped AKS cluster. To perform other operations, like scaling or upgrading, you need to start your cluster first.
 - If you provisioned PrivateEndpoints linked to private clusters, they need to be deleted and recreated again when starting a stopped AKS cluster.
 - Because the stop process drains all nodes, any standalone pods (i.e. pods not managed by a Deployment, StatefulSet, DaemonSet, Job, etc.) will be deleted.
 - When you start your cluster back up, the following behavior is expected:
diff --git a/articles/azure-cache-for-redis/cache-how-to-premium-persistence.md b/articles/azure-cache-for-redis/cache-how-to-premium-persistence.md
@@ -100,7 +100,7 @@ On the **Enterprise** and **Enterprise Flash** tiers, data is persisted to a man
     The first backup starts once the backup frequency interval elapses.
   
    > [!NOTE]
-   > When RDB files are backed up to storage, they are stored in the form of page blobs.
+   > When RDB files are backed up to storage, they are stored in the form of page blobs. If you're using a storage account with HNS enabled, persistence will tend to fail because page blobs aren't supported in storage accounts with HNS enabled (ADLS Gen2). 
   
 9. To enable AOF persistence, select **AOF** and configure the settings.
 
diff --git a/articles/mysql/flexible-server/scripts/sample-cli-create-connect-private-access.md b/articles/mysql/flexible-server/scripts/sample-cli-create-connect-private-access.md
@@ -37,9 +37,9 @@ Use the following steps to test connectivity to the MySQL server from the VM by
 1. To SSH into the VM, start by getting the public IP address and then use MySQL tools to connect
 
    ```bash
-   publicIp=$(az vm list-ip-addresses --resource-group $resourceGroup --name $vm --query "[].virtualMachine.network.publicIpAddresses[0].ipAddress" --output tsv)
+   PUBLIC_IP=$(az vm list-ip-addresses --resource-group $RESOURCE_GROUP --name $VM --query "[].virtualMachine.network.publicIpAddresses[0].ipAddress" --output tsv)
    
-   ssh azureuser@$publicIp
+   ssh azureuser@$PUBLIC_IP
    ```
 
 1. Download MySQL tools and connect to the server. Substitute <server_name> and <admin_user> with your values.
@@ -58,7 +58,7 @@ Use the following steps to test connectivity to the MySQL server from the VM by
 [!INCLUDE [cli-clean-up-resources.md](../../../../includes/cli-clean-up-resources.md)]
 
 ```azurecli
-az group delete --name $resourceGroup
+az group delete --name $RESOURCE_GROUP
 ```
 
 ## Sample reference
diff --git a/articles/mysql/single-server/concepts-connectivity-architecture.md b/articles/mysql/single-server/concepts-connectivity-architecture.md
@@ -59,7 +59,7 @@ The following table lists the gateway IP addresses of the Azure Database for MyS
 |  East US               |  40.71.8.203, 40.71.83.113                                 |  40.121.158.30                  |  191.238.6.43                   |
 |  East US 2             |  40.70.144.38, 52.167.105.38                               |  52.177.185.181  |                                               |
 |  France Central        |  40.79.137.0, 40.79.129.1                                  |   |                                               |
-|  France South          |  40.79.177.0                                               |                      |                                               |
+|  France South          |  40.79.177.0, 40.79.176.40                                               |                      |                                               |
 |  Germany Central       |  51.4.144.100                                              |                           |                                               |
 |  Germany North         |  51.116.56.0                                               |                                  |                                               |
 |  Germany North East    |  51.5.144.179                                              |                  |                                               |
diff --git a/articles/postgresql/flexible-server/concepts-extensions.md b/articles/postgresql/flexible-server/concepts-extensions.md
@@ -41,7 +41,7 @@ az postgres flexible-server parameter set --resource-group <your resource group>
 ```json
 {
 
-    "$schema": https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#,
+    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
 
     "contentVersion": "1.0.0.0",
 
diff --git a/articles/service-connector/how-to-integrate-storage-queue.md b/articles/service-connector/how-to-integrate-storage-queue.md
@@ -94,10 +94,10 @@ Use the connection details below to connect compute services to Queue Storage. F
 
 #### Java - Spring Boot secret / connection string
 
-| Application properties     | Description                | Example value            |
-|----------------------------|----------------------------|--------------------------|
-| azure.storage.account-name | Queue storage account name | `<storage-account-name>` |
-| azure.storage.account-key  | Queue storage account key  | `<account-key>`          |
+| Application properties                 | Description                | Example value            |
+|----------------------------------------|----------------------------|--------------------------|
+| spring.cloud.azure.storage.account     | Queue storage account name | `<storage-account-name>` |
+| spring.cloud.azure.storage.access-key  | Queue storage account key  | `<account-key>`          |
 
 ## Next steps
 
diff --git a/includes/active-directory-develop-quickstart-register-app.md b/includes/active-directory-develop-quickstart-register-app.md
@@ -137,6 +137,8 @@ Client secrets are considered less secure than certificate credentials. Applicat
 
 For application security recommendations, see [Microsoft identity platform best practices and recommendations](../articles/active-directory/develop/identity-platform-integration-checklist.md#security).
 
+If you're using an Azure DevOps service connection that automatically creates a service principal, you need to update the client secret from the Azure DevOps portal site instead of directly updating the client secret. Refer to this document on how to update the client secret from the Azure DevOps portal site:
+[Troubleshoot Azure Resource Manager service connections](/azure/devops/pipelines/release/azure-rm-endpoint?view=azure-devops#service-principals-token-expired).
 
 ### Add a federated credential
 

Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@ az postgres flexible-server parameter set --resource-group <your resource group>`
`41`	`41`	```json
`42`	`42`	`{`
`43`	`43`
`44`		`- "$schema": https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#,`
	`44`	`+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",`
`45`	`45`
`46`	`46`	`"contentVersion": "1.0.0.0",`
`47`	`47`