Merge pull request #109522 from MicrosoftDocs/repo_sync_working_branch

huypub · web-flow · commit 65bed05f75c7 · 2020-03-30T14:54:55.000-07:00
Confirm merge from repo_sync_working_branch to master to sync with https://github.com/Microsoft/azure-docs (branch master)
diff --git a/articles/active-directory/manage-apps/application-proxy-faq.md b/articles/active-directory/manage-apps/application-proxy-faq.md
@@ -109,15 +109,15 @@ No, this scenario isn't supported because Application Proxy will terminate TLS t
 
 Refer to [Publish Remote Desktop with Azure AD Application Proxy](application-proxy-integrate-with-remote-desktop-services.md).
 
-### Can I use Kerberos Constrained Delegation in the Remote Desktop Gateway publishing scenario?
+### Can I use Kerberos Constrained Delegation (Single Sign-On - Windows Integrated Authentication) in the Remote Desktop Gateway publishing scenario?
 
 No, this scenario isn't supported.  
 
 ### My users don't use Internet Explorer 11 and the pre-authentication scenario doesn’t work for them. Is this expected?
 
 Yes, it’s expected. The pre-authentication scenario requires an ActiveX control, which isn't supported in third-party browsers.
 
-### Is the Remote Desktop Web Client supported?
+### Is the Remote Desktop Web Client (HTML5) supported?
 
 No, this scenario isn't currently supported. Follow our [UserVoice](https://aka.ms/aadapuservoice) feedback forum for updates on this feature.
 
@@ -131,6 +131,10 @@ Yes, it's expected. If the user’s computer is Azure AD joined, the user signs
 
 Refer to [Enable remote access to SharePoint with Azure AD Application Proxy](application-proxy-integrate-with-sharepoint-server.md).
 
+### Can I use the SharePoint mobile app (iOS/ Android) to access a published SharePoint server?
+
+The [SharePoint mobile app](https://docs.microsoft.com/sharepoint/administration/supporting-the-sharepoint-mobile-apps-online-and-on-premises) does not support Azure Active Directory pre-authentication currently.
+
 ## Active Directory Federation Services (AD FS) publishing 
 
 ### Can I use Azure AD Application Proxy as AD FS proxy (like Web Application Proxy)?
@@ -143,7 +147,7 @@ No. Azure AD Application Proxy is designed to work with Azure AD and doesn’t f
 
 Currently, WebSocket protocol support is still in public preview and it may not work for other applications. Some customers have had mixed success using WebSocket protocol with other applications. If you test such scenarios, we would love to hear your results. Please send us your feedback at aadapfeedback@microsoft.com.
 
-Features (Eventlogs, PowerShell and Remote Desktop Services) in Windows Admin Center (WAC) or Remote Desktop Web Client do not work through Azure AD Application Proxy presently.
+Features (Eventlogs, PowerShell and Remote Desktop Services) in Windows Admin Center (WAC) or Remote Desktop Web Client (HTML5) do not work through Azure AD Application Proxy presently.
 
 ## Link translation
 
diff --git a/articles/automation/automation-dsc-onboarding.md b/articles/automation/automation-dsc-onboarding.md
@@ -104,7 +104,7 @@ You can onboard Linux servers running on-premises or in other cloud environments
 
      `/opt/microsoft/dsc/Scripts/Register.py <Automation account registration key> <Automation account registration URL>`
 
-   - To find the registration key and registration URL for your Automation account, see the [Onboarding securely using registration](#onboarding-securely-using-registration) section if this article.
+   - To find the registration key and registration URL for your Automation account, see the [Onboarding securely using registration](#onboarding-securely-using-registration) section of this article.
 
 3. If the PowerShell DSC Local Configuration Manager (LCM) defaults don't match your use case, or you want to onboard machines that only report to Azure Automation State Configuration, follow steps 4-7. Otherwise, proceed directly to step 7.
 
diff --git a/articles/azure-arc/servers/overview.md b/articles/azure-arc/servers/overview.md
@@ -142,7 +142,7 @@ The Azure Connected Machine agent for Windows and Linux can be upgraded to the l
 
 ### Agent status
 
-The Connected Machine agent sends a regular heartbeat message to the service every 5 minutes. If one is not received for 15 minutes, the machine is considered offline and the status will automatically be changed to **Disconnected** in the portal. Upon receiving a subsequent heartbeat message from the Connected Machine agent, its status will automatically be changed to **Connected**.
+The Connected Machine agent sends a regular heartbeat message to the service every 5 minutes. If the service stops receiving these heartbeat messages from a machine, that machine is considered offline and the status will automatically be changed to **Disconnected** in the portal within 15 to 30 minutes. Upon receiving a subsequent heartbeat message from the Connected Machine agent, its status will automatically be changed to **Connected**.
 
 ## Install and configure agent
 
@@ -156,4 +156,4 @@ Connecting machines in your hybrid environment directly with Azure can be accomp
 
 ## Next steps
 
-- To begin evaluating Azure Arc for servers (preview), follow the article [Connect hybrid machines to Azure from the Azure portal](onboard-portal.md). 
+- To begin evaluating Azure Arc for servers (preview), follow the article [Connect hybrid machines to Azure from the Azure portal](onboard-portal.md). 
diff --git a/articles/azure-government/documentation-government-ase-disa-cap.md b/articles/azure-government/documentation-government-ase-disa-cap.md
@@ -1,5 +1,5 @@
 ---
-title: Use DISA CAP to connect to Azure Government
+title: ASE deployment with DISA CAP
 description: This document provides a comparison of features and guidance on developing applications for Azure Government
 services: azure-government
 cloud: gov
@@ -18,53 +18,61 @@ ms.author: joscot
 
 ---
 
-# App Service Environment reference for DoD customers using a DISA CAP connection
+# App Service Environment reference for DoD customers connected to the DISA CAP
 
 This article explains the baseline configuration of an App Service Environment (ASE) with an internal load balancer (ILB) for customers who use the DISA CAP to connect to Azure Government.
 
 ## Environment configuration
 
 ### Assumptions
 
-The customer has deployed an ASE with an ILB and has implemented an ExpressRoute connection via the DISA Cloud Access Point (CAP) process.
+The customer has deployed an ASE with an ILB and has implemented an ExpressRoute connection to the DISA Cloud Access Point (CAP).
 
 ### Route table
 
-When creating the ASE via the portal, a route table with a default route of 0.0.0.0/0 and next hop “Internet” is created.  However, the DISA BGP routes will advertise for 0.0.0.0/0 and this route table should be removed from the ASE subnet.
+When creating the ASE via the portal, a route table with a default route of 0.0.0.0/0 and next hop “Internet” is created. 
+However, since DISA advertises a default route out the ExpressRoute circuit, the User Defined Route (UDR) should either be deleted, or remove the default route to internet.  
 
-### Network security group (NSG)
-
-The ASE will be created with inbound and outbound security rules as shown below.  The inbound security rules MUST allow ports 454-455 with an ephemeral source port range (*).  Source IPs must include the following Azure Government ranges see [App Service Environment management addresses](https://docs.microsoft.com/azure/app-service/environment/management-addresses
+You will need to create new routes in the UDR for the management addresses in order to keep the ASE healthy. For Azure Government ranges see [App Service Environment management addresses](https://docs.microsoft.com/azure/app-service/environment/management-addresses
 )
 
-* 23.97.29.209
-* 23.97.0.17
-* 23.97.16.184
-* 13.72.180.105
-* 13.72.53.37
+Rule 1: 23.97.29.209 --> Internet
+Rule 2: 23.97.0.17 --> Internet 
+Rule 3: 23.97.16.184 --> Internet 
+Rule 4: 13.72.180.105 --> Internet
+Rule 5: 13.72.53.37 --> Internet
+
+Make sure the UDR is applied to the subnet your ASE is deployed to. 
+
+### Network security group (NSG)
 
-#### Default NSG security rules
+The ASE will be created with inbound and outbound security rules as shown below.  The inbound security rules MUST allow ports 454-455 with an ephemeral source port range (*).
 
 The images below describe the default NSG rules created during the ASE creation.  For more information, see [Networking considerations for an App Service Environment](https://docs.microsoft.com/azure/app-service/environment/network-info#network-security-groups)
 
 ![Default inbound NSG security rules for an ILB ASE](media/documentation-government-ase-disacap-inbound-route-table.png)
 
 ![Default outbound NSG security rules for an ILB ASE](media/documentation-government-ase-disacap-outbound-route-table.png)
 
+### Service Endpoints 
+
+Depending what storage you are using you will be required to enable Service Endpoints for SQL and Azure Storage to access them without going back down to the DISA BCAP. You also need to enable EventHub Service Endpoint for ASE logs. 
+
 ## FAQs
 
-* Some configuration changes may take some time to take effect.  Allow for several hours for changes to routing, NSGs, ASE Health, etc. to propagate and take effect.
+* Some configuration changes may take some time to take effect.  Allow for several hours for changes to routing, NSGs, ASE Health, etc. to propagate and take effect, or optionally you can reboot the ASE. 
 
 ## Resource manager template sample
 
 > [!NOTE]
-   > The Azure Portal will not allow the ASE to be configured with non-RFC 1918 IP addresses.  If your solution requires non-RFC 1918 IP addresses, you must use a Resource Manager Template to deploy the ASE.
+   >In order to deploy non-RFC 1918 IP addresses in the portal you must pre-stage the VNet and Subnet for the ASE. You can use a Resource Manager Template to deploy the ASE with non-RFC1918 IPs as well.
    
 <a href="https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2FApp-Service-Environment-AzFirewall%2Fazuredeploy.json" target="_blank">
+
 <img src="https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/1-CONTRIBUTION-GUIDE/images/deploytoazuregov.png"/>
 </a>
 
-This template deploys an **ILB ASE** into the Azure Government DoD regions.
+This template deploys an **ILB ASE** into the Azure Government or Azure DoD regions.
 
 ## Next steps
 [Azure Government overview](documentation-government-welcome.md)
diff --git a/articles/azure-monitor/app/nodejs.md b/articles/azure-monitor/app/nodejs.md
@@ -12,7 +12,7 @@ ms.date: 03/14/2019
 
 To receive, store, and explore your monitoring data, include the SDK in your code, and then set up a corresponding Application Insights resource in Azure. The SDK sends data to that resource for further analysis and exploration.
 
-The Node.js SDK can automatically monitor incoming and outgoing HTTP requests, exceptions, and some system metrics. Beginning in version 0.20, the SDK also can monitor some common third-party packages, like MongoDB, MySQL, and Redis. All events related to an incoming HTTP request are correlated for faster troubleshooting.
+The Node.js SDK can automatically monitor incoming and outgoing HTTP requests, exceptions, and some system metrics. Beginning in version 0.20, the SDK also can monitor some common [third-party packages](https://github.com/microsoft/node-diagnostic-channel/tree/master/src/diagnostic-channel-publishers#currently-supported-modules), like MongoDB, MySQL, and Redis. All events related to an incoming HTTP request are correlated for faster troubleshooting.
 
 You can use the TelemetryClient API to manually instrument and monitor additional aspects of your app and system. We describe the TelemetryClient API in more detail later in this article.
 
diff --git a/articles/cognitive-services/Speech-Service/rest-text-to-speech.md b/articles/cognitive-services/Speech-Service/rest-text-to-speech.md
@@ -207,7 +207,7 @@ Content-Length: 225
 Authorization: Bearer [Base64 access_token]
 
 <speak version='1.0' xml:lang='en-US'><voice xml:lang='en-US' xml:gender='Female'
-    name='en-US-JessaRUS'>
+    name='en-US-AriaRUS'>
         Microsoft Speech Service Text-to-Speech API
 </voice></speak>
 ```
diff --git a/articles/data-explorer/ingest-data-event-hub.md b/articles/data-explorer/ingest-data-event-hub.md
@@ -89,7 +89,7 @@ Now you create a table in Azure Data Explorer, to which Event Hubs will send dat
 1. Copy the following command into the window and select **Run** to map the incoming JSON data to the column names and data types of the table (TestTable).
 
     ```Kusto
-    .create table TestTable ingestion json mapping 'TestMapping' '[{"column":"TimeStamp","path":"$.timeStamp","datatype":"datetime"},{"column":"Name","path":"$.name","datatype":"string"},{"column":"Metric","path":"$.metric","datatype":"int"},{"column":"Source","path":"$.source","datatype":"string"}]'
+    .create table TestTable ingestion json mapping 'TestMapping' '[{"column":"TimeStamp", "Properties": {"Path": "$.timeStamp"}},{"column":"Name", "Properties": {"Path":"$.name"}} ,{"column":"Metric", "Properties": {"Path":"$.metric"}}, {"column":"Source", "Properties": {"Path":"$.source"}}]'
     ```
 
 ## Connect to the event hub
diff --git a/includes/virtual-machines-image-builder-overview.md b/includes/virtual-machines-image-builder-overview.md
@@ -47,7 +47,7 @@ AIB will support Azure Marketplace base OS images:
 - CentOS 7.6, 7.7
 - SLES 12 SP4
 - SLES 15, SLES 15 SP1
-- Windows 10 RS5 Enterprise/Professional/Enterprise for Virtual Desktop (EVD) 
+- Windows 10 RS5 Enterprise/Enterprise multi-session/Professional
 - Windows 2016
 - Windows 2019
 
