Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into availability-zones

Author: greg-lindsay

articles/aks/index.yml

@@ -24,6 +24,21 @@ landingContent:
         links:
           - text: What is AKS?
             url: intro-kubernetes.md
+      - linkListType: whats-new
+        links:
+          - text: Automatically upgrade an AKS cluster
+            url: auto-upgrade-cluster.md
+          - text: Start/stop node pools
+            url: start-stop-nodepools.md
+          - text: Default OS disk sizing
+            url: cluster-configuration.md#default-os-disk-sizing
+          - text: Bring your own CNI plugin (GA)
+            url: use-byo-cni.md
+          - text: Calico for Windows Server containers (GA)
+            url: use-network-policies.md#create-an-aks-cluster-for-calico-network-policies
+          - text: API Server VNet integration (preview)
+            url: api-server-vnet-integration.md
+            
       - linkListType: concept
         links:
           - text: Kubernetes core concepts for AKS
@@ -99,26 +114,6 @@ landingContent:
             - text: Other AKS solutions
               url: /azure/architecture/reference-architectures/containers/aks-start-here?WT.mc_id=AKSDOCSPAGE   
 
-  # Card
-  - title: Deploy, manage, and update applications
-    linkLists:
-      - linkListType: tutorial
-        links:
-          - text: 1. Prepare an application for AKS
-            url: tutorial-kubernetes-prepare-app.md
-          - text: 2. Deploy and use Azure Container Registry
-            url: tutorial-kubernetes-prepare-acr.md
-          - text: 3. Deploy an AKS cluster
-            url: tutorial-kubernetes-deploy-cluster.md
-          - text: 4. Run your application
-            url: tutorial-kubernetes-deploy-application.md
-          - text: 5. Scale applications
-            url: tutorial-kubernetes-scale.md
-          - text: 6. Update an application
-            url: tutorial-kubernetes-app-update.md
-          - text: 7. Upgrade Kubernetes in AKS
-            url: tutorial-kubernetes-upgrade-cluster.md
-
   - title: Configure your cluster for Windows containers
     linkLists:
       - linkListType: quickstart
@@ -156,6 +151,26 @@ landingContent:
           - text: Windows Server containers FAQ
             url: windows-faq.md
 
+  # Card
+  - title: Deploy, manage, and update applications
+    linkLists:
+      - linkListType: tutorial
+        links:
+          - text: 1. Prepare an application for AKS
+            url: tutorial-kubernetes-prepare-app.md
+          - text: 2. Deploy and use Azure Container Registry
+            url: tutorial-kubernetes-prepare-acr.md
+          - text: 3. Deploy an AKS cluster
+            url: tutorial-kubernetes-deploy-cluster.md
+          - text: 4. Run your application
+            url: tutorial-kubernetes-deploy-application.md
+          - text: 5. Scale applications
+            url: tutorial-kubernetes-scale.md
+          - text: 6. Update an application
+            url: tutorial-kubernetes-app-update.md
+          - text: 7. Upgrade Kubernetes in AKS
+            url: tutorial-kubernetes-upgrade-cluster.md
+
   - title: Extend the capabilities of your cluster
     linkLists:
       - linkListType: concept

articles/azure-arc/servers/agent-release-notes.md

@@ -2,7 +2,7 @@
 title: What's new with Azure Arc-enabled servers agent
 description: This article has release notes for Azure Arc-enabled servers agent. For many of the summarized issues, there are links to more details.
 ms.topic: overview
-ms.date: 07/05/2022
+ms.date: 07/26/2022
 ms.custom: references_regions
 ---
 
@@ -24,6 +24,7 @@ This page is updated monthly, so revisit it regularly. If you're looking for ite
 
 ### New features
 
+- Added support for connecting the agent to the Azure China cloud
 - Added support for Debian 10
 - Updates to the [instance metadata](agent-overview.md#instance-metadata) collected on each machine:
   - GCP VM OS is no longer collected

articles/azure-arc/servers/network-requirements.md

@@ -1,7 +1,7 @@
 ---
 title: Connected Machine agent network requirements
 description: Learn about the networking requirements for using the Connected Machine agent for Azure Arc-enabled servers.
-ms.date: 06/09/2022
+ms.date: 07/26/2022
 ms.topic: conceptual 
 ---
 
@@ -39,7 +39,7 @@ For more information, see [Virtual network service tags](../../virtual-network/s
 
 The table below lists the URLs that must be available in order to install and use the Connected Machine agent.
 
-# [Azure Cloud](#tab/azure-cloud)
+### [Azure Cloud](#tab/azure-cloud)
 
 | Agent resource | Description | When required| Endpoint used with private link |
 |---------|---------|--------|---------|
@@ -58,7 +58,7 @@ The table below lists the URLs that must be available in order to install and us
 |`*.blob.core.windows.net`|Download source for Azure Arc-enabled servers extensions|Always, except when using private endpoints| Not used when private link is configured |
 |`dc.services.visualstudio.com`|Agent telemetry|Optional| Public |
 
-# [Azure Government](#tab/azure-government)
+### [Azure Government](#tab/azure-government)
 
 | Agent resource | Description | When required| Endpoint used with private link |
 |---------|---------|--------|---------|
@@ -73,6 +73,30 @@ The table below lists the URLs that must be available in order to install and us
 |`*.blob.core.usgovcloudapi.net`|Download source for Azure Arc-enabled servers extensions|Always, except when using private endpoints| Not used when private link is configured |
 |`dc.applicationinsights.us`|Agent telemetry|Optional| Public |
 
+### [Azure China](#tab/azure-china)
+
+> [!NOTE]
+> Private link is not available for Azure Arc-enabled servers in Azure China regions.
+
+| Agent resource | Description | When required|
+|---------|---------|--------|
+|`aka.ms`|Used to resolve the download script during installation|At installation time, only|
+|`download.microsoft.com`|Used to download the Windows installation package|At installation time, only|
+|`packages.microsoft.com`|Used to download the Linux installation package|At installation time, only|
+|`login.chinacloudapi.cn`|Azure Active Directory|Always|
+|`login.partner.chinacloudapi.cn`|Azure Active Directory|Always|
+|`pas.chinacloudapi.cn`|Azure Active Directory|Always|
+|`management.chinacloudapi.cn`|Azure Resource Manager - to create or delete the Arc server resource|When connecting or disconnecting a server, only|
+|`*.his.arc.azure.cn`|Metadata and hybrid identity services|Always|
+|`*.guestconfiguration.azure.cn`| Extension management and guest configuration services |Always|
+|`guestnotificationservice.azure.cn`, `*.guestnotificationservice.azure.cn`|Notification service for extension and connectivity scenarios|Always|
+|`azgn*.servicebus.chinacloudapi.cn`|Notification service for extension and connectivity scenarios|Always|
+|`*.servicebus.chinacloudapi.cn`|For Windows Admin Center and SSH scenarios|If using SSH or Windows Admin Center from Azure|
+|`*.blob.core.chinacloudapi.cn`|Download source for Azure Arc-enabled servers extensions|Always, except when using private endpoints|
+|`dc.applicationinsights.azure.cn`|Agent telemetry|Optional|
+
+---
+
 ## Transport Layer Security 1.2 protocol
 
 To ensure the security of data in transit to Azure, we strongly encourage you to configure machine to use Transport Layer Security (TLS) 1.2. Older versions of TLS/Secure Sockets Layer (SSL) have been found to be vulnerable and while they still currently work to allow backwards compatibility, they are **not recommended**.

articles/azure-arc/servers/private-link-security.md

@@ -2,7 +2,7 @@
 title: Use Azure Private Link to securely connect servers to Azure Arc
 description: Learn how to use Azure Private Link to securely connect networks to Azure Arc.
 ms.topic: conceptual
-ms.date: 05/04/2022
+ms.date: 07/26/2022
 ---
 
 # Use Azure Private Link to securely connect servers to Azure Arc
@@ -59,6 +59,7 @@ The Azure Arc-enabled servers Private Link Scope object has a number of limits y
 - The Azure Arc-enabled server and Azure Arc Private Link Scope must be in the same Azure region. The Private Endpoint and the virtual network must also be in the same Azure region, but this region can be different from that of your Azure Arc Private Link Scope and Arc-enabled server.
 - Network traffic to Azure Active Directory and Azure Resource Manager does not traverse the Azure Arc Private Link Scope and will continue to use your default network route to the internet. You can optionally [configure a resource management private link](../../azure-resource-manager/management/create-private-link-access-portal.md) to send Azure Resource Manager traffic to a private endpoint.
 - Other Azure services that you will use, for example Azure Monitor, requires their own private endpoints in your virtual network.
+- Private link for Azure Arc-enabled servers is not currently available in Azure China
 
 ## Planning your Private Link setup
 
@@ -85,7 +86,7 @@ This article assumes you have already set up your ExpressRoute circuit or site-t
 
 ## Network configuration
 
-Azure Arc-enabled servers integrates with several Azure services to bring cloud management and governance to your hybrid machines or servers. Most of these services already offer private endpoints, but you need to configure your firewall and routing rules to allow access to Azure Active Directory and Azure Resource Manager over the internet until these services offer private endpoints.
+Azure Arc-enabled servers integrate with several Azure services to bring cloud management and governance to your hybrid machines or servers. Most of these services already offer private endpoints, but you need to configure your firewall and routing rules to allow access to Azure Active Directory and Azure Resource Manager over the internet until these services offer private endpoints.
 
 There are two ways you can achieve this:
 

articles/azure-portal/index.yml

@@ -57,18 +57,6 @@ landingContent:
           - text: Manage an Azure support request
             url: supportability/how-to-manage-azure-support-request.md
 
-  # Card
-  - title: Use accessibility options
-    linkLists:
-      - linkListType: reference
-        links:
-          - text: Keyboard shortcuts
-            url: azure-portal-keyboard-shortcuts.md
-      - linkListType: how-to-guide
-        links:
-          - text: Turn on high contrast
-            url: set-preferences.md#choose-a-theme-or-enable-high-contrast
-            
   # Card
   - title: Manage access to the Azure portal
     linkLists:
@@ -84,7 +72,8 @@ landingContent:
             url: /learn/paths/manage-resources-in-azure/
           - text: Secure your resources with Azure role-based access control (Azure RBAC)
             url: /learn/modules/secure-azure-resources-with-rbac
-            
+
+                        
   # Card
   - title: Customize the Azure portal
     linkLists:
@@ -97,4 +86,30 @@ landingContent:
           - text: Create a dashboard - Azure portal UI
             url: azure-portal-dashboards.md
           - text: Add, remove, and sort favorites
-            url: azure-portal-add-remove-sort-favorites.md
+            url: azure-portal-add-remove-sort-favorites.md
+
+
+  # Card
+  - title: View and increase quotas
+    linkLists:
+      - linkListType: overview
+        links:
+          - text: About Azure Quotas
+            url: /azure/quotas/quotas-overview
+      - linkListType: quickstart
+        links:
+          - text: Request a quota increase
+            url: /azure/quotas/quickstart-increase-quota-portal
+
+            
+  # Card
+  - title: Use accessibility options
+    linkLists:
+      - linkListType: reference
+        links:
+          - text: Keyboard shortcuts
+            url: azure-portal-keyboard-shortcuts.md
+      - linkListType: how-to-guide
+        links:
+          - text: Turn on high contrast
+            url: set-preferences.md#choose-a-theme-or-enable-high-contrast

articles/container-registry/container-registry-private-link.md

@@ -2,7 +2,8 @@
 title: Set up private endpoint with private link
 description: Set up a private endpoint on a container registry and enable access over a private link in a local virtual network. Private link access is a feature of the Premium service tier.
 ms.topic: article
-ms.date: 10/26/2021
+ms.date: 7/26/2022
+ms.author: tejaswikolli
 ---
 
 # Connect privately to an Azure container registry using Azure Private Link
@@ -318,7 +319,6 @@ For many scenarios, disable registry access from public networks. This configura
 
 ### Disable public access - CLI
 
-
 > [!NOTE]
 >If the public access is disabled, the `az acr build` commands will no longer work.
 
@@ -338,6 +338,16 @@ Consider the following options to execute the `az acr build` successfully.
 2. If agent pool is not available in the region, add the regional [Azure Container Registry Service Tag IPv4](../virtual-network/service-tags-overview.md#use-the-service-tag-discovery-api) to the [firewall access rules.](./container-registry-firewall-access-rules.md#allow-access-by-ip-address-range)
 3. Create an ACR task with a managed identity, and enable trusted services to [access network restricted ACR.](./allow-access-trusted-services.md#example-acr-tasks)
 
+## Disable access to a container registry using a service endpoint 
+
+> [!IMPORTANT]
+> The container registry does not support enabling both private link and service endpoint features configured from a virtual network.
+
+Once the registry has public access disabled and private link configured, you can disable the service endpoint access to a container registry from a virtual network by [removing virtual network rules.](container-registry-vnet.md#remove-network-rules)
+
+* Run [`az acr network-rule list`](/cli/azure/acr/network-rule#az-acr-network-rule-list) command to list the existing network rules.
+* Run [`az acr network-rule remove`](/cli/azure/acr/network-rule#az-acr-network-rule-remove) command to remove the network rule. 
+
 ## Validate private link connection
 
 You should validate that the resources within the subnet of the private endpoint connect to your registry over a private IP address, and have the correct private DNS zone integration.

articles/container-registry/container-registry-vnet.md

@@ -3,6 +3,7 @@ title: Restrict access using a service endpoint
 description: Restrict access to an Azure container registry using a service endpoint in an Azure virtual network. Service endpoint access is a feature of the Premium service tier.
 ms.topic: article
 ms.date: 05/04/2020
+ms.author: tejaswikolli
 ---
 
 # Restrict access to a container registry using a service endpoint in an Azure virtual network
@@ -15,6 +16,7 @@ Each registry supports a maximum of 100 virtual network rules.
 
 > [!IMPORTANT]
 > Azure Container Registry now supports [Azure Private Link](container-registry-private-link.md), enabling private endpoints from a virtual network to be placed on a registry. Private endpoints are accessible from within the virtual network, using private IP addresses. We recommend using private endpoints instead of service endpoints in most network scenarios.
+> The container registry does not support enabling both private link and service endpoint features configured from a virtual network. So, we recommend running the list and removing the [network rules](container-registry-vnet.md#remove-network-rules) as required. 
 
 Configuring a registry service endpoint is available in the **Premium** container registry service tier. For information about registry service tiers and limits, see [Azure Container Registry service tiers](container-registry-skus.md).
 

articles/container-registry/manual-regional-move.md

@@ -29,6 +29,8 @@ Azure CLI
 * Exporting and using a Resource Manager template can help re-create many registry settings. You can edit the template to configure more settings, or update the target registry after creation.
 * Currently, Azure Container Registry doesn't support a registry move to a different Active Directory tenant. This limitation applies to both registries encrypted with a [customer-managed key](container-registry-customer-managed-keys.md) and unencrypted registries.
 * If you are unable to move a registry is outlined in this article, create a new registry, manually recreate settings, and [Import registry content in the target registry](#import-registry-content-in-target-registry).
+* You can find the steps to move resources of registry to a new resource group in the same subscription or move resources to a [new subscription.](/azure/azure-resource-manager/management/move-resource-group-and-subscription)
+
 
 ## Export template from source registry 
 

articles/partner-solutions/apache-kafka-confluent-cloud/add-connectors.md

@@ -3,8 +3,8 @@ title: Azure services and Confluent Cloud integration - Azure partner solutions
 description: This article describes how to use Azure services and install connectors for Confluent Cloud integration.
 ms.topic: conceptual
 ms.date: 06/24/2022
-author: davidsmatlak
-ms.author: davidsmatlak
+author: flang-msft
+ms.author: franlanglois
 ---
 
 # Azure services and Confluent Cloud integrations

articles/partner-solutions/apache-kafka-confluent-cloud/create-cli.md

@@ -3,8 +3,8 @@ title: Create Apache Kafka for Confluent Cloud through Azure CLI - Azure partner
 description: This article describes how to use the Azure CLI to create an instance of Apache Kafka for Confluent Cloud.
 ms.topic: quickstart
 ms.date: 06/07/2021
-author: davidsmatlak
-ms.author: davidsmatlak
+author: flang-msft
+ms.author: franlanglois
 ms.custom: mode-api, devx-track-azurecli 
 ms.devlang: azurecli
 ---