Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into vmsslb

asudbring · asudbring · commit 5c5c86a33b58 · 2020-04-13T14:19:21.000-07:00
diff --git a/articles/active-directory/authentication/multi-factor-authentication-faq.md b/articles/active-directory/authentication/multi-factor-authentication-faq.md
diff --git a/articles/active-directory/user-help/multi-factor-authentication-end-user-troubleshoot.md b/articles/active-directory/user-help/multi-factor-authentication-end-user-troubleshoot.md
@@ -61,6 +61,7 @@ Make sure you have a device signal and Internet connection | Make sure your phon
 Turn off Do not disturb | Make sure you haven't turned on the **Do not disturb** feature for your mobile device. When this feature is turned on, notifications aren't allowed to alert you on your mobile device. Refer to your mobile device's manual for instructions about how to turn off this feature.
 Unblock phone numbers | In the United States, voice calls from Microsoft come from the following numbers: +1 (866) 539 4191, +1 (855) 330 8653, and +1 (877) 668 6536.
 Check your battery-related settings | This one seems a bit odd on the surface, but if you've set up your battery optimization to stop lesser-used apps from remaining active in the background, your notification system has most-likely been affected. To try to fix this problem, turn off battery optimization for your authentication app and your messaging app, and then try signing in to your account again.
+Disable third-party security apps | If you have an app that protects text messages or phone calls to minimize unknown callers, they may prevent the verification code being received. Try disabling any third-party security apps on your phone, then request another verification code be sent.
 
 ## I'm not getting prompted for my second verification information
 
diff --git a/articles/cosmos-db/how-to-configure-private-endpoints.md b/articles/cosmos-db/how-to-configure-private-endpoints.md
@@ -4,7 +4,7 @@ description: Learn how to set up Azure Private Link to access an Azure Cosmos ac
 author: ThomasWeiss
 ms.service: cosmos-db
 ms.topic: conceptual
-ms.date: 11/04/2019
+ms.date: 04/13/2020
 ms.author: thweiss
 ---
 
@@ -620,6 +620,10 @@ The following situations and outcomes are possible when you use Private Link in
 
 * If you don't configure any public traffic or service endpoint and you create private endpoints, then the Azure Cosmos account is accessible only through the private endpoints. If you don't configure public traffic or a service endpoint, after all approved private endpoints are rejected or deleted, the account is open to the entire network.
 
+## Blocking public network access during account creation
+
+As described in the previous section, and unless specific firewall rules have been set, adding a private endpoint makes your Azure Cosmos account accessible through private endpoints only. This means that the Azure Cosmos account could be reached from public traffic after it is created and before a private endpoint gets added. To make sure that public network access is disabled even before the creation of private endpoints, you can set the `publicNetworkAccess` flag to `Disabled` during account creation. See [this Azure Resource Manager template](https://azure.microsoft.com/resources/templates/101-cosmosdb-private-endpoint/) for an example showing how to use this flag.
+
 ## Update a private endpoint when you add or remove a region
 
 Adding or removing regions to an Azure Cosmos account requires you to add or remove DNS entries for that account. After regions have been added or removed, you can update the subnet's private DNS zone to reflect the added or removed DNS entries and their corresponding private IP addresses.
diff --git a/articles/cosmos-db/index-overview.md b/articles/cosmos-db/index-overview.md
@@ -4,7 +4,7 @@ description: Understand how indexing works in Azure Cosmos DB, different kinds o
 author: ThomasWeiss
 ms.service: cosmos-db
 ms.topic: conceptual
-ms.date: 10/11/2019
+ms.date: 04/13/2020
 ms.author: thweiss
 ---
 
@@ -77,7 +77,7 @@ Azure Cosmos DB currently supports three kinds of indexes.
 
    Equality match on an array element
    ```sql
-    SELECT * FROM c WHERE ARRAY_CONTAINS(c.tags, "tag1”)
+    SELECT * FROM c WHERE ARRAY_CONTAINS(c.tags, "tag1")
     ```
 
 - Range queries:
@@ -159,11 +159,11 @@ Spatial indexes can be used on correctly formatted [GeoJSON](geospatial.md) obje
  SELECT * FROM container c WHERE c.property1 = 'value' AND c.property2 > 'value'
 ```
 
-As long as one filter predicate uses on of the index kind, the query engine will evaluate that first before scanning the rest. For example, if you have a SQL query such as `SELECT * FROM c WHERE c.firstName = "Andrew" and CONTAINS(c.lastName, "Liu")`
+As long as one filter predicate uses one of the index kind, the query engine will evaluate that first before scanning the rest. For example, if you have a SQL query such as `SELECT * FROM c WHERE c.firstName = "Andrew" and CONTAINS(c.lastName, "Liu")`
 
 * The above query will first filter for entries where firstName = "Andrew" by using the index. It then pass all of the firstName = "Andrew" entries through a subsequent pipeline to evaluate the CONTAINS filter predicate.
 
-* You can speed up queries and avoid full container scans when using functions that don’t use the index (e.g. CONTAINS) by adding additional filter predicates that do use the index. The order of filter clauses isn't important. The query engine is will figure out which predicates are more selective and run the query accordingly.
+* You can speed up queries and avoid full container scans when using functions that don't use the index (e.g. CONTAINS) by adding additional filter predicates that do use the index. The order of filter clauses isn't important. The query engine is will figure out which predicates are more selective and run the query accordingly.
 
 
 ## Querying with indexes
diff --git a/articles/logic-apps/handle-throttling-problems-429-errors.md b/articles/logic-apps/handle-throttling-problems-429-errors.md
@@ -5,7 +5,7 @@ services: logic-apps
 ms.suite: integration
 ms.reviewer: deli, logicappspm
 ms.topic: conceptual
-ms.date: 04/10/2020
+ms.date: 04/13/2020
 ---
 
 # Handle throttling problems (429 - "Too many requests" errors) in Azure Logic Apps
@@ -130,7 +130,7 @@ To handle throttling at this level, you have these options:
 
 While a connector has its own throttling limits, the destination service or system that's called by the connector might also have throttling limits. For example, some APIs in Microsoft Exchange Server have stricter throttling limits than the Office 365 Outlook connector.
 
-By default, a logic app's instances and any loops or branches inside those instances, run *in parallel*. This behavior means that multiple instances can call the same endpoint at the same time. Each instance don't know about the other's existence, so attempts to retry failed actions can create [race conditions](https://en.wikipedia.org/wiki/Race_condition) where multiple calls try to run at same time, but to succeed, those calls must arrive at the destination service or system before throttling starts to happen.
+By default, a logic app's instances and any loops or branches inside those instances, run *in parallel*. This behavior means that multiple instances can call the same endpoint at the same time. Each instance doesn't know about the other's existence, so attempts to retry failed actions can create [race conditions](https://en.wikipedia.org/wiki/Race_condition) where multiple calls try to run at same time, but to succeed, those calls must arrive at the destination service or system before throttling starts to happen.
 
 For example, suppose you have an array that has 100 items. You use a "for each" loop to iterate through the array and turn on the loop's concurrency control so that you can restrict the number of parallel iterations to 20 or the [current default limit](../logic-apps/logic-apps-limits-and-config.md#concurrency-looping-and-debatching-limits). Inside that loop, an action inserts an item from the array into a SQL Server database, which permits only 15 calls per second. This scenario results in a throttling problem because a backlog of retries build up and never get to run.
 
diff --git a/articles/virtual-network/security-overview.md b/articles/virtual-network/security-overview.md
@@ -18,9 +18,10 @@ ms.reviewer: kumud
 # Network security groups
 <a name="network-security-groups"></a>
 
-You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. . For each rule, you can specify source and destination, port, and protocol. This article explains network security group concepts, to help you use them effectively.
+You can use Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network. A network security group contains [security rules](#security-rules) that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol.
+This article describes properties of a network security group rule, the [default security rules](#default-security-rules) that are applied, and the rule properties that you can modify to create an [augmented security rule](#augmented-security-rules).
 
-## Security rules
+## <a name="security-rules"></a> Security rules
 
 A network security group contains zero, or as many rules as desired, within Azure subscription [limits](../azure-resource-manager/management/azure-subscription-service-limits.md?toc=%2fazure%2fvirtual-network%2ftoc.json#azure-resource-manager-virtual-networking-limits). Each rule specifies the following properties:
 
@@ -39,7 +40,7 @@ Existing connections may not be interrupted when you remove a security rule that
 
 There are limits to the number of security rules you can create in a network security group. For details, see [Azure limits](../azure-resource-manager/management/azure-subscription-service-limits.md?toc=%2fazure%2fvirtual-network%2ftoc.json#azure-resource-manager-virtual-networking-limits).
 
-### Default security rules
+### <a name="default-security-rules"></a> Default security rules
 
 Azure creates the following default rules in each network security group that you create:
 
@@ -87,7 +88,7 @@ In the **Source** and **Destination** columns, *VirtualNetwork*, *AzureLoadBalan
  
 You cannot remove the default rules, but you can override them by creating rules with higher priorities.
 
-### Augmented security rules
+### <a name="augmented-security-rules"></a> Augmented security rules
 
 Augmented security rules simplify security definition for virtual networks, allowing you to define larger and complex network security policies, with fewer rules. You can combine multiple ports and multiple explicit IP addresses and ranges into a single, easily understood security rule. Use augmented rules in the source, destination, and port fields of a rule. To simplify maintenance of your security rule definition, combine augmented security rules with [service tags](service-tags-overview.md) or [application security groups](#application-security-groups). There are limits to the number of addresses, ranges, and ports that you can specify in a rule. For details, see [Azure limits](../azure-resource-manager/management/azure-subscription-service-limits.md?toc=%2fazure%2fvirtual-network%2ftoc.json#azure-resource-manager-virtual-networking-limits).
 
