Merge pull request #106680 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to master to sync with https://github.com/Microsoft/azure-docs (branch master)

Author: huypub

articles/active-directory/manage-apps/application-proxy-configure-single-sign-on-with-kcd.md

@@ -63,17 +63,27 @@ The Active Directory configuration varies, depending on whether your Application
 
 #### Connector and application server in different domains
 1. For a list of prerequisites for working with KCD across domains, see [Kerberos Constrained Delegation across domains](https://technet.microsoft.com/library/hh831477.aspx).
-2. Use the `principalsallowedtodelegateto` property on the Connector server to enable the Application Proxy to delegate for the Connector server. The application server is `sharepointserviceaccount` and the delegating server is `connectormachineaccount`. For Windows 2012 R2, use this code as an example:
+2. Use the `principalsallowedtodelegateto` property of the service account (computer or dedicated domain user account) of the web application to enable Kerberos authentication delegation from the Application Proxy (connector). The application server is running in the context of `webserviceaccount` and the delegating server is `connectorcomputeraccount`. Run the commands below on a Domain Controller (running Windows Server 2012 R2 or later) in the domain of `webserviceaccount`. Use flat names (non UPN) for both accounts.
 
-```powershell
-$connector= Get-ADComputer -Identity connectormachineaccount -server dc.connectordomain.com
+   If the `webserviceaccount` is a computer account, use these commands:
 
-Set-ADComputer -Identity sharepointserviceaccount -PrincipalsAllowedToDelegateToAccount $connector
+   ```powershell
+   $connector= Get-ADComputer -Identity connectorcomputeraccount -server dc.connectordomain.com
 
-Get-ADComputer sharepointserviceaccount -Properties PrincipalsAllowedToDelegateToAccount
-```
+   Set-ADComputer -Identity webserviceaccount -PrincipalsAllowedToDelegateToAccount $connector
 
-`sharepointserviceaccount` can be the SPS machine account or a service account under which the SPS app pool is running.
+   Get-ADComputer webserviceaccount -Properties PrincipalsAllowedToDelegateToAccount
+   ```
+
+   If the `webserviceaccount` is a user account, use these commands:
+
+   ```powershell
+   $connector= Get-ADComputer -Identity connectorcomputeraccount -server dc.connectordomain.com
+
+   Set-ADUser -Identity webserviceaccount -PrincipalsAllowedToDelegateToAccount $connector
+
+   Get-ADUser webserviceaccount -Properties PrincipalsAllowedToDelegateToAccount
+   ```
 
 ## Configure single sign-on 
 1. Publish your application according to the instructions described in [Publish applications with Application Proxy](application-proxy-add-on-premises-application.md). Make sure to select **Azure Active Directory** as the **Preauthentication Method**.
@@ -146,4 +156,3 @@ But, in some cases, the request is successfully sent to the backend application
 
 
 For the latest news and updates, check out the [Application Proxy blog](https://blogs.technet.com/b/applicationproxyblog/)
-

articles/kinect-dk/multi-camera-sync.md

@@ -25,7 +25,7 @@ There are many reasons to use multiple Azure Kinect DK devices, including the fo
    Additional synchronized devices can provide the occluded data.
 - Scan objects in three dimensions.
 - Increase the effective frame rate to a value that's greater than 30 frames per second (FPS).
-- Capture multiple 4K color images of the same scene, all aligned within 100 microseconds (μs) of the start of exposure.
+- Capture multiple 4K color images of the same scene, all aligned within 100 microseconds (μs) of the center of exposure.
 - Increase camera coverage within the space.
 
 ## Plan your multi-device configuration
@@ -70,9 +70,6 @@ If you want to control the precise timing of each device, we recommend that you
 
 In the image capture loop, avoid repeatedly setting the same exposure setting. Call the API only one time when it's needed.
 
-#### Timestamp considerations
-Devices that are acting in master or subordinate roles report image timestamps in terms of *Start of Frame* instead of *Center of Frame*.
-
 #### Avoiding interference between multiple depth cameras
 
 When multiple depth cameras are imaging overlapping fields of view, each camera must image its own associated laser. To prevent the lasers from interfering with one another, the camera captures should be offset from one another by 160μs or more.

articles/virtual-machines/linux/disk-encryption.md

@@ -68,6 +68,7 @@ For now, customer-managed keys have the following restrictions:
 - All resources related to your customer-managed keys (Azure Key Vaults, disk encryption sets, VMs, disks, and snapshots) must be in the same subscription and region.
 - Disks, snapshots, and images encrypted with customer-managed keys cannot move to another subscription.
 - If you use the Azure portal to create your disk encryption set, you cannot use snapshots for now.
+- Managed disks encrypted using customer-managed keys cannot also be encrypted with Azure Disk Encryption.
 
 ### CLI
 #### Setting up your Azure Key Vault and DiskEncryptionSet