Merge pull request #185978 from MicrosoftDocs/master

1/24 AM Publish

Author: huypub

articles/active-directory/conditional-access/concept-conditional-access-cloud-apps.md

@@ -126,7 +126,7 @@ Administrators can add any Azure AD registered application to Conditional Access
 - Applications that use [password based single sign-on](../manage-apps/configure-password-single-sign-on-non-gallery-applications.md)
 
 > [!NOTE]
-> Since Conditional Access policy sets the requirements for accessing a service you are not able to apply it to a client (public/native) application. Other words the policy is not set directly on a client (public/native) application, but is applied when a client calls a service. For example, a policy set on SharePoint service applies to the clients calling SharePoint. A policy set on Exchange applies to the attempt to access the email using Outlook client. That is why client (public/native) applications are not available for selection in the Cloud Apps picker and Conditional Access option is not available in the application settings for the client (public/native) application registered in your tenant. 
+> Since Conditional Access policy sets the requirements for accessing a service you are not able to apply it to a client (public/native) application. In other words, the policy is not set directly on a client (public/native) application, but is applied when a client calls a service. For example, a policy set on SharePoint service applies to the clients calling SharePoint. A policy set on Exchange applies to the attempt to access the email using Outlook client. That is why client (public/native) applications are not available for selection in the Cloud Apps picker and Conditional Access option is not available in the application settings for the client (public/native) application registered in your tenant. 
 
 Some applications do not appear in the picker at all. The only way to include these applications in a Conditional Access policy is to include **All apps**. 
 

articles/active-directory/fundamentals/azure-active-directory-b2c-deployment-plans.md

@@ -223,6 +223,10 @@ Consider the sample checklist to define the user experience (UX) requirements:
 
 - If you expect high UX customization such as pixel to pixel, you may need a front-end developer to help you.
 
+- Azure AD B2C provides capabilities for customizing HTML and CSS, however, it has additional requirements for [JavaScript](../../active-directory-b2c/javascript-and-page-layout.md?pivots=b2c-custom-policy#guidelines-for-using-javascript).
+
+- An embedded experience can be implemented [using iframe support](../../active-directory-b2c/embedded-login.md?pivots=b2c-custom-policy). For a single-page application, you'll also need a second "sign-in" HTML page that loads into the `<iframe>` element.
+
 ## Monitor an Azure AD B2C solution
 
 This phase includes the following capabilities:

articles/aks/limit-egress-traffic.md

@@ -153,6 +153,18 @@ The following FQDN / application rules are required for using Windows Server bas
 
 ## AKS addons and integrations
 
+### Microsoft Defender for Containers
+
+#### Required FQDN / application rules
+
+The following FQDN / application rules are required for AKS clusters that have Microsoft Defender for Containers enabled.
+
+| FQDN                                          | Port      | Use      |
+|-----------------------------------------------|-----------|----------|
+| **`login.microsoftonline.com`** | **`HTTPS:443`** | Required for Active Directory Authentication. |
+| **`*.ods.opinsights.azure.com`** | **`HTTPS:443`** | Required for Microsoft Defender to upload security events to the cloud.|
+| **`*.oms.opinsights.azure.com`** | **`HTTPS:443`** | Required to Authenticate with LogAnalytics workspaces.|
+
 ### Azure Monitor for containers
 
 There are two options to provide access to Azure Monitor for containers, you may allow the Azure Monitor [ServiceTag](../virtual-network/service-tags-overview.md#available-service-tags) **or** provide access to the required FQDN/Application Rules.
@@ -171,10 +183,10 @@ The following FQDN / application rules are required for AKS clusters that have t
 
 | FQDN                                    | Port      | Use      |
 |-----------------------------------------|-----------|----------|
-| dc.services.visualstudio.com | **`HTTPS:443`**    | This endpoint is used for metrics and monitoring telemetry using Azure Monitor. |
-| *.ods.opinsights.azure.com    | **`HTTPS:443`**    | This endpoint is used by Azure Monitor for ingesting log analytics data. |
-| *.oms.opinsights.azure.com | **`HTTPS:443`** | This endpoint is used by omsagent, which is used to authenticate the log analytics service. |
-| *.monitoring.azure.com | **`HTTPS:443`** | This endpoint is used to send metrics data to Azure Monitor. |
+| **`dc.services.visualstudio.com`** | **`HTTPS:443`**    | This endpoint is used for metrics and monitoring telemetry using Azure Monitor. |
+| **`*.ods.opinsights.azure.com`**    | **`HTTPS:443`**    | This endpoint is used by Azure Monitor for ingesting log analytics data. |
+| **`*.oms.opinsights.azure.com`** | **`HTTPS:443`** | This endpoint is used by omsagent, which is used to authenticate the log analytics service. |
+| **`*.monitoring.azure.com`** | **`HTTPS:443`** | This endpoint is used to send metrics data to Azure Monitor. |
 
 ### Azure Policy
 

articles/api-management/configure-custom-domain.md

@@ -141,7 +141,7 @@ Choose the steps according to the [domain certificate](#domain-certificate-optio
 1. Select **+Add**, or select an existing [endpoint](#endpoints-for-custom-domains) that you want to update.
 1. In the window on the right, select the **Type** of endpoint for the custom domain.
 1. In the **Hostname** field, specify the name you want to use. For example, `api.contoso.com`.
-1. Under **Certificate**, select **Managed** to enable a free certificate managed by API Management. Te managed certificate is available in preview for the Gateway endpoint only.
+1. Under **Certificate**, select **Managed** to enable a free certificate managed by API Management. The managed certificate is available in preview for the Gateway endpoint only.
 1. Copy the following values and use them to [configure DNS](#dns-configuration):
     * **TXT record**
     * **CNAME record**
@@ -181,4 +181,4 @@ You can also get a domain ownership identifier by calling the [Get Domain Owners
 
 ## Next steps
 
-[Upgrade and scale your service](upgrade-and-scale.md)
+[Upgrade and scale your service](upgrade-and-scale.md)

articles/azure-arc/data/postgresql-hyperscale-server-group-placement-on-kubernetes-cluster-nodes.md

@@ -240,7 +240,7 @@ The architecture looks like:
 
 :::image type="content" source="media/migrate-postgresql-data-into-postgresql-hyperscale-server-group/5_full_list_of_pods.png" alt-text="All pods in namespace on various nodes":::
 
-As described above, the coordinator nodes (Pod 1) of the Azure Arc-enabled Postgres Hyperscale server group shares the same physical resources as the third worker node (Pod 4) of the server group. That is acceptable because the coordinator node typically uses very few resources in comparison to what a worker node may be using. For this reason, carefully chose:
+As described above, the coordinator nodes (Pod 1) of the Azure Arc-enabled PostgreSQL Hyperscale server group shares the same physical resources as the third worker node (Pod 4) of the server group. That is acceptable because the coordinator node typically uses very few resources in comparison to what a worker node may be using. For this reason, carefully chose:
 - the size of the Kubernetes cluster and the characteristics of each of its physical nodes (memory, vCore)
 - the number of physical nodes inside the Kubernetes cluster
 - the applications or workloads you host on the Kubernetes cluster.
@@ -374,8 +374,8 @@ To benefit the most from the scalability and the performance of scaling Azure Ar
 - between all the PostgreSQL instances that constitute the Azure Arc-enabled PostgreSQL Hyperscale server group
 
 You can achieve this in several ways:
-- Scale out both Kubernetes and Azure Arc-enabled Postgres Hyperscale: consider scaling horizontally the Kubernetes cluster the same way you are scaling the Azure Arc-enabled PostgreSQL Hyperscale server group. Add a physical node to the cluster for each worker you add to the server group.
-- Scale out Azure Arc-enabled Postgres Hyperscale without scaling out Kubernetes: by setting the right resource constraints (request and limits on memory and vCore) on the workloads hosted in Kubernetes (Azure Arc-enabled PostgreSQL Hyperscale included), you will enable the colocation of workloads on Kubernetes and reduce the risk of resource contention. You need to make sure that the physical characteristics of the physical nodes of the Kubernetes cluster can honor the resources constraints you define. You should also ensure that equilibrium remains as the workloads evolve over time or as more workloads are added in the Kubernetes cluster.
+- Scale out both Kubernetes and Azure Arc-enabled PostgreSQL Hyperscale: consider scaling horizontally the Kubernetes cluster the same way you are scaling the Azure Arc-enabled PostgreSQL Hyperscale server group. Add a physical node to the cluster for each worker you add to the server group.
+- Scale out Azure Arc-enabled PostgreSQL Hyperscale without scaling out Kubernetes: by setting the right resource constraints (request and limits on memory and vCore) on the workloads hosted in Kubernetes (Azure Arc-enabled PostgreSQL Hyperscale included), you will enable the colocation of workloads on Kubernetes and reduce the risk of resource contention. You need to make sure that the physical characteristics of the physical nodes of the Kubernetes cluster can honor the resources constraints you define. You should also ensure that equilibrium remains as the workloads evolve over time or as more workloads are added in the Kubernetes cluster.
 - Use the Kubernetes mechanisms (pod selector, affinity, anti-affinity) to influence the placement of the pods.
 
 ## Next steps

articles/azure-arc/data/upgrade-sql-managed-instance-indirect-kubernetes-tools.md

@@ -24,7 +24,7 @@ Before you can proceed with the tasks in this article you need:
 - To connect and authenticate to a Kubernetes cluster
 - An existing Kubernetes context selected
 
-You need an an indirectly connected data controller with the `imageTag v1.0.0_2021-07-30` or greater.
+You need an indirectly connected data controller with the `imageTag v1.0.0_2021-07-30` or greater.
 
 ## Limitations
 

articles/azure-monitor/app/availability-overview.md

@@ -22,7 +22,7 @@ There are four types of availability tests:
 * [Custom TrackAvailability test](availability-azure-functions.md): If you decide to create a custom application to run availability tests, you can use the [TrackAvailability()](/dotnet/api/microsoft.applicationinsights.telemetryclient.trackavailability) method to send the results to Application Insights.
 
 > [!IMPORTANT]
-> Both the [URL ping test](monitor-web-app-availability.md) and the [multi-step web test](availability-multistep.md) rely on the DNS infrastructure of the public internet to resolve the domain names of the tested endpoints. If you're using private DNS, you must ensure that the public domain name servers can remove every domain name of your test. When that's not possible, you can use [custom TrackAvailability tests](/dotnet/api/microsoft.applicationinsights.telemetryclient.trackavailability) instead.
+> Both the [URL ping test](monitor-web-app-availability.md) and the [multi-step web test](availability-multistep.md) rely on the DNS infrastructure of the public internet to resolve the domain names of the tested endpoints. If you're using private DNS, you must ensure that the public domain name servers can resolve every domain name of your test. When that's not possible, you can use [custom TrackAvailability tests](/dotnet/api/microsoft.applicationinsights.telemetryclient.trackavailability) instead.
 
 You can create up to 100 availability tests per Application Insights resource.
 
@@ -36,4 +36,4 @@ See the dedicated [troubleshooting article](troubleshoot-availability.md).
 * [Multi-step web tests](availability-multistep.md)
 * [URL tests](monitor-web-app-availability.md)
 * [Create and run custom availability tests using Azure Functions](availability-azure-functions.md)
-* [Web Tests Azure Resource Manager template](/azure/templates/microsoft.insights/webtests?tabs=json)
+* [Web Tests Azure Resource Manager template](/azure/templates/microsoft.insights/webtests?tabs=json)

articles/azure-sql/virtual-machines/windows/frequently-asked-questions-faq.yml

@@ -199,7 +199,7 @@ sections:
       - question: |
           Can I use the Azure portal to manage multiple instances on the same VM?
         answer: |
-             No. Portal management is provided by the SQL IaaS Agent extension, which relies on the SQL Server IaaS Agent extension. As such, the same limitations apply to the extension as the extension. The portal can either only manage one default instance, or one named instance as long as its configured correctly. For more information, see [SQL Server IaaS Agent extension](sql-server-iaas-agent-extension-automate-management.md) 
+             No. Portal management is provided by the SQL IaaS Agent extension, which relies on the SQL Server IaaS Agent extension. As such, the same limitations apply to the portal as the extension. The portal can either only manage one default instance, or one named instance as long as its configured correctly. For more information, see [SQL Server IaaS Agent extension](sql-server-iaas-agent-extension-automate-management.md) 
           
           
   - name: Updating and patching
@@ -413,4 +413,4 @@ additionalContent: |
   * [Overview of SQL Server on a Linux VM](../linux/sql-server-on-linux-vm-what-is-iaas-overview.md)
   * [Provision SQL Server on a Linux VM](../linux/sql-vm-create-portal-quickstart.md)
   * [FAQ (Linux)](../linux/frequently-asked-questions-faq.yml)
-  * [SQL Server on Linux documentation](/sql/linux/sql-server-linux-overview)
+  * [SQL Server on Linux documentation](/sql/linux/sql-server-linux-overview)

articles/cloud-services-extended-support/in-place-migration-overview.md

@@ -80,7 +80,7 @@ To perform this migration, you must be added as a coadministrator for the subscr
 5. Check the status of your registration. Registration can take a few minutes to complete. 
 
     ```powershell
-    Get-AzProviderFeature -FeatureName CloudServices -ProviderNamespace Microsoft.Compute 
+    Get-AzResourceProvider -ProviderNamespace Microsoft.ClassicInfrastructureMigrate 
     ```
 
 ## How is migration for Cloud Services (classic) different from Virtual Machines (classic)?

articles/cognitive-services/Speech-Service/includes/get-speech-sdk-android.md

@@ -8,7 +8,7 @@ ms.author: eur
 
 :::row:::
     :::column span="3":::
-        When developing for Android, there are two Speech SDKs available. The Java Speech SDK is available natively as an Android package, or the .NET Speech SDK could be used with **Xamarin.Android** as it implements .NET Standard 2.0.
+        When you develop for Android, two Speech SDKs are available. The Java Speech SDK is available natively as an Android package, or the .NET Speech SDK could be used with **Xamarin.Android** as it implements .NET Standard 2.0.
     :::column-end:::
     :::column:::
         <br>
@@ -26,7 +26,7 @@ ms.author: eur
 
 :::row:::
     :::column span="3":::
-        Xamarin.Android exposes the complete Android SDK for .NET developers. Build fully native Android apps using C# or F# in Visual Studio. For more information, see <a href="/xamarin/android/" target="_blank">Xamarin.Android </a>
+        Xamarin.Android exposes the complete Android SDK for .NET developers. Build fully native Android apps by using C# or F# in Visual Studio. For more information, see <a href="/xamarin/android/" target="_blank">Xamarin.Android.</a>
     :::column-end:::
     :::column:::
         <br>