Merge pull request #206669 from MicrosoftDocs/main

8/02 AM Publish

Author: huypub

.openpublishing.redirection.azure-monitor.json

@@ -233,27 +233,27 @@
         },
         {
             "source_path_from_root": "/articles/azure-monitor/visualize/view-designer-conversion-examples.md",
-            "redirect_url": "/azure/azure-monitor/visualize/workbooks-overview",
+            "redirect_url": "/azure/azure-monitor/visualize/workbooks-view-designer-conversion-overview",
             "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/azure-monitor/visualize/view-designer-conversion-options.md",
-            "redirect_url": "/azure/azure-monitor/visualize/workbooks-overview",
+            "redirect_url": "/azure/azure-monitor/visualize/workbooks-view-designer-conversion-overview",
             "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/azure-monitor/visualize/view-designer-conversion-overview.md",
-            "redirect_url": "/azure/azure-monitor/visualize/workbooks-overview",
+            "redirect_url": "/azure/azure-monitor/visualize/workbooks-view-designer-conversion-overview",
             "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/azure-monitor/visualize/view-designer-conversion-tasks.md",
-            "redirect_url": "/azure/azure-monitor/visualize/workbooks-overview",
+            "redirect_url": "/azure/azure-monitor/visualize/workbooks-view-designer-conversion-overview",
             "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/azure-monitor/visualize/view-designer-conversion-tiles.md",
-            "redirect_url": "/azure/azure-monitor/visualize/workbooks-overview",
+            "redirect_url": "/azure/azure-monitor/visualize/workbooks-view-designer-conversion-overview",
             "redirect_document_id": false
         },
         {
@@ -268,7 +268,7 @@
         },
         {
             "source_path_from_root": "/articles/azure-monitor/visualize/workbooks-add-text.md",
-            "redirect_url": "/azure/azure-monitor/visualize/workbooks-add-workbook-elements",
+            "redirect_url": "/azure/azure-monitor/visualize/workbooks-create-workbook",
             "redirect_document_id": false
         },
         {
@@ -341,6 +341,11 @@
             "redirect_url": "/azure/data-explorer/data-explorer-insights",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/azure-monitor/insights/troubleshoot-workbooks.md" ,
+            "redirect_url": "/azure/azure-monitor/visualize/workbooks-overview",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/azure-monitor/vm/vminsights-ga-release-faq.md" ,
             "redirect_url": "/azure/azure-monitor/faq#vm-insights",

articles/active-directory/devices/concept-azure-ad-join-hybrid.md

@@ -27,12 +27,12 @@ Hybrid Azure AD joined devices require network line of sight to your on-premises
 | **Primary audience** | Suitable for hybrid organizations with existing on-premises AD infrastructure |
 |   | Applicable to all users in an organization |
 | **Device ownership** | Organization |
-| **Operating Systems** | Windows 10 or newer, 8.1 and 7 |
-|   | Windows Server 2008/R2, 2012/R2, 2016 and 2019 |
-| **Provisioning** | Windows 10 or newer, Windows Server 2016/2019 |
+| **Operating Systems** | Windows 11, Windows 10 or 8.1 |
+|   | Windows Server 2008/R2, 2012/R2, 2016, 2019 and 2022 |
+| **Provisioning** | Windows 11, Windows 10, Windows Server 2016/2019/2022 |
 |   | Domain join by IT and autojoin via Azure AD Connect or ADFS config |
 |   | Domain join by Windows Autopilot and autojoin via Azure AD Connect or ADFS config |
-|   | Windows 8.1, Windows 7, Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2 - Require MSI |
+|   | Windows 8.1, Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2 - Require MSI |
 | **Device sign in options** | Organizational accounts using: |
 |   | Password |
 |   | Windows Hello for Business for Win10 and above |
@@ -48,7 +48,7 @@ Hybrid Azure AD joined devices require network line of sight to your on-premises
 
 Use Azure AD hybrid joined devices if:
 
-- You support down-level devices running Windows 7 and 8.1.
+- You support down-level devices running 8.1.
 - You want to continue to use [Group Policy](/mem/configmgr/comanage/faq#my-environment-has-too-many-group-policy-objects-and-legacy-authenticated-apps--do-i-have-to-use-hybrid-azure-ad-) to manage device configuration.
 - You want to continue to use existing imaging solutions to deploy and configure devices.
 - You have Win32 apps deployed to these devices that rely on Active Directory machine authentication.

articles/active-directory/hybrid/reference-connect-version-history.md

@@ -77,6 +77,14 @@ If you want all the latest features and updates, check this page and install wha
 
 To read more about auto-upgrade, see [Azure AD Connect: Automatic upgrade](how-to-connect-install-automatic-upgrade.md).
 
+## 2.1.16.0
+
+### Release status
+8/2/2022: Released for download and auto-upgrade.
+
+### Bug fixes
+ - We fixed a bug where auto-upgrade fails when the service account is in "UPN" format.
+
 ## 2.1.15.0
 
 ### Release status
@@ -563,4 +571,4 @@ This is a bug fix release. There are no functional changes in this release.
 
 ## Next steps
 
-Learn more about how to [integrate your on-premises identities with Azure AD](whatis-hybrid-identity.md).
+Learn more about how to [integrate your on-premises identities with Azure AD](whatis-hybrid-identity.md).

articles/active-directory/identity-protection/concept-workload-identity-risk.md

@@ -113,3 +113,4 @@ The [Azure AD Toolkit](https://github.com/microsoft/AzureADToolkit) is a PowerSh
 - [Microsoft Graph API](/graph/use-the-api)
 - [Azure AD audit logs](../reports-monitoring/concept-audit-logs.md)
 - [Azure AD sign-in logs](../reports-monitoring/concept-sign-ins.md)
+- [Simulate risk detections](howto-identity-protection-simulate-risk.md)

articles/active-directory/identity-protection/howto-identity-protection-simulate-risk.md

@@ -27,10 +27,11 @@ This article provides you with steps for simulating the following risk detection
 - Anonymous IP address (easy)
 - Unfamiliar sign-in properties (moderate)
 - Atypical travel (difficult)
+- Leaked credentials in GitHub for workload identities (moderate)
 
 Other risk detections cannot be simulated in a secure manner.
 
-More information about each risk detection can be found in the article, [What is risk](concept-identity-protection-risks.md).
+More information about each risk detection can be found in the article, What is risk for [user](concept-identity-protection-risks.md) and [workload identity](concept-workload-identity-risk.md).
 
 ## Anonymous IP address
 
@@ -81,6 +82,30 @@ Simulating the atypical travel condition is difficult because the algorithm uses
 
 The sign-in shows up in the Identity Protection dashboard within 2-4 hours.
 
+## Leaked Credentials for Workload Identities
+
+This risk detection indicates that the application's valid credentials have been leaked. This leak can occur when someone checks in the credentials in a public code artifact on GitHub. Therefore, to simulate this detection, you need a GitHub account and can [sign up a GitHub account](https://docs.github.com/get-started/signing-up-for-github) if you don't have one already.
+
+**To simulate Leaked Credentials in GitHub for Workload Identities, perform the following steps**:
+1. Navigate to the [Azure portal](https://portal.azure.com).
+2. Browse to **Azure Active Directory** > **App registrations**.
+3. Select **New registration** to register a new application or reuse an exsiting stale application.
+4. Select **Certificates & Secrets** > **New client Secret** , add a description of your client secret and set an expiration for the secret or specify a custom lifetime and click **Add**. Record the secret's value for later use for your GitHub Commit.
+
+   > [!Note]
+   > **You can not retrieve the secret again after you leave this page**.
+   
+5. Get the TenantID and Application(Client)ID in the **Overview** page.
+6. Ensure you disable the application via **Azure Active Directory** > **Enterprise Application** > **Properties** > Set **Enabled for users to sign-in** to **No**.
+7. Create a **public** GitHub Repository, add the following config and commit the change.
+   ```GitHub file
+     "AadClientId": "XXXX-2dd4-4645-98c2-960cf76a4357",
+     "AadSecret": "p3n7Q~XXXX",
+     "AadTenantDomain": "XXXX.onmicrosoft.com",
+     "AadTenantId": "99d4947b-XXX-XXXX-9ace-abceab54bcd4",
+   ```
+7. In about 8 hours, you will be able to view a leaked credentail detection under **Azure Active Directory** > **Security** > **Risk Detection** > **Workload identity detections** where the additional info will contain your the URL of your GitHub commit.
+
 ## Testing risk policies
 
 This section provides you with steps for testing the user and the sign-in risk policies created in the article, [How To: Configure and enable risk policies](howto-identity-protection-configure-risk-policies.md).
@@ -126,6 +151,8 @@ To test a sign in risk policy, perform the following steps:
 
 - [What is risk?](concept-identity-protection-risks.md)
 
+- [Securing workload identities with Identity](concept-workload-identity-risk.md)
+
 - [How To: Configure and enable risk policies](howto-identity-protection-configure-risk-policies.md)
 
 - [Azure Active Directory Identity Protection](overview-identity-protection.md)

articles/aks/use-azure-dedicated-hosts.md

@@ -1,13 +1,12 @@
 ---
-title: Use Azure Dedicated Hosts in Azure Kubernetes Service (AKS) (Preview)
+title: Use Azure Dedicated Hosts in Azure Kubernetes Service (AKS)
 description: Learn how to create an Azure Dedicated Hosts Group and associate it with Azure Kubernetes Service (AKS)
 services: container-service
 ms.topic: article
-ms.date: 02/11/2021
-
+ms.date: 08/01/2022
 ---
 
-# Add Azure Dedicated Host to an Azure Kubernetes Service (AKS) cluster (Preview)
+# Add Azure Dedicated Host to an Azure Kubernetes Service (AKS) cluster
 
 Azure Dedicated Host is a service that provides physical servers - able to host one or more virtual machines - dedicated to one Azure subscription. Dedicated hosts are the same physical servers used in our data centers, provided as a resource. You can provision dedicated hosts within a region, availability zone, and fault domain. Then, you can place VMs directly into your provisioned hosts, in whatever configuration best meets your needs.
 
@@ -16,45 +15,10 @@ Using Azure Dedicated Hosts for nodes with your AKS cluster has the following be
 * Hardware isolation at the physical server level. No other VMs will be placed on your hosts. Dedicated hosts are deployed in the same data centers and share the same network and underlying storage infrastructure as other, non-isolated hosts.
 * Control over maintenance events initiated by the Azure platform. While most maintenance events have little to no impact on your virtual machines, there are some sensitive workloads where each second of pause can have an impact. With dedicated hosts, you can opt in to a maintenance window to reduce the impact to your service.
 
-[!INCLUDE [preview features callout](./includes/preview/preview-callout.md)]
-
 ## Before you begin
 
 * An Azure subscription. If you don't have an Azure subscription, you can create a [free account](https://azure.microsoft.com/free).
-* [Azure CLI installed](/cli/azure/install-azure-cli).
-
-### Install the `aks-preview` Azure CLI
-
-You also need the *aks-preview* Azure CLI extension version 0.5.54 or later. Install the *aks-preview* Azure CLI extension by using the [az extension add][az-extension-add] command. Or install any available updates by using the [az extension update][az-extension-update] command.
-
-```azurecli-interactive
-# Install the aks-preview extension
-az extension add --name aks-preview
-# Update the extension to make sure you have the latest version installed
-az extension update --name aks-preview
-```
-
-### Register the `DedicatedHostGroupPreview` preview feature
-
-To use the feature, you must also enable the `DedicatedHostGroupPreview` feature flag on your subscription.
-
-Register the `DedicatedHostGroupPreview` feature flag by using the [az feature register][az-feature-register] command, as shown in the following example:
-
-```azurecli-interactive
-az feature register --namespace "Microsoft.ContainerService" --name "DedicatedHostGroupPreview"
-```
-
-It takes a few minutes for the status to show *Registered*. Verify the registration status by using the [az feature list][az-feature-list] command:
-
-```azurecli-interactive
-az feature list -o table --query "[?contains(name, 'Microsoft.ContainerService/DedicatedHostGroupPreview')].{Name:name,State:properties.state}"
-```
-
-When ready, refresh the registration of the *Microsoft.ContainerService* resource provider by using the [az provider register][az-provider-register] command:
-
-```azurecli-interactive
-az provider register --namespace Microsoft.ContainerService
-```
+* Before you start, ensure that your version of the Azure CLI is 2.39.0 or later. If it's an earlier version, [install the latest version](/cli/azure/install-azure-cli).
 
 ## Limitations
 
@@ -142,7 +106,7 @@ az role assignment create --assignee <id> --role "Contributor" --scope <Resource
 Create an AKS cluster, and add the Host Group you just configured.
 
 ```azurecli-interactive
-az aks create -g MyResourceGroup -n MyManagedCluster --location eastus --kubernetes-version 1.20.13 --nodepool-name agentpool1 --node-count 1 --host-group-id <id> --node-vm-size Standard_D2s_v3 --enable-managed-identity --assign-identity <id>
+az aks create -g MyResourceGroup -n MyManagedCluster --location eastus --nodepool-name agentpool1 --node-count 1 --host-group-id <id> --node-vm-size Standard_D2s_v3 --enable-managed-identity --assign-identity <id>
 ```
 
 ## Add a Dedicated Host Node Pool to an existing AKS cluster