Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into heidist-fresh

Author: HeidiSteen

articles/active-directory/hybrid/TOC.yml

@@ -403,4 +403,6 @@
   - name: msExchUserHoldPolicies and cloudMSExchUserHoldPolicies
     href: reference-connect-msexchuserholdpolicies.md
   - name: Azure AD Connect version history archive
-    href:  reference-connect-version-history-archive.md
+    href:  reference-connect-version-history-archive.md
+  - name: How to use BypassDirSyncOverrides
+    href: how-to-bypassdirsyncoverrides.md

articles/active-directory/hybrid/how-to-bypassdirsyncoverrides.md

@@ -0,0 +1,141 @@
+---
+title: How to use the BypassDirSyncOverrides feature of an Azure AD tenant
+description: Describes how to use bypassdirsyncoverrides tenant feature to restore synchronization of Mobile and OtherMobile attributes from on-premises Active Directory.
+services: active-directory
+author: billmath
+ms.date: 08/11/2022
+ms.author: billmath
+ms.topic: how-to
+ms.service: active-directory
+ms.workload: identity
+ms.subservice: hybrid
+---
+
+# How to use the BypassDirSyncOverrides feature of an Azure AD tenant.
+
+This article describes the _BypassDirsyncOverrides_  feature and how to restore synchronization of Mobile and otherMobile attributes from Azure AD to on-premises Active Directory.
+
+Generally, synchronized users cannot be changed from Azure or Microsoft 365 admin portals, neither through PowerShell using AzureAD or MSOnline modules. The exception to this is the Azure AD user’s attributes called _MobilePhone_ and _AlternateMobilePhones_. These attributes are synchronized from on-premises Active Directory attributes mobile and otherMobile, respectively, but end users can update their own phone number in _MobilePhone_ attribute in Azure AD through their profile page. Admins can also update synchronized user’s _MobilePhone_ and _AlternateMobilePhones_ values in Azure AD using MSOnline PowerShell module.  
+
+Giving users and admins the ability to update phone numbers directly in Azure AD enables enterprises to reduce the administrative overhead of managing user’s phone numbers in local Active Directory as these can change more frequently.
+
+The caveat however, is that once a synchronized user's _MobilePhone_ or _AlternateMobilePhones_ number is updated via admin portal or PowerShell, the synchronization API will no longer honor updates to these attributes when they originate from on-premises Active Directory. This is commonly known as a _“DirSyncOverrides”_ feature. Administrators will notice this behavior when updates to Mobile or otherMobile attributes in Active Directory, do not update the correspondent user’s MobilePhone or AlternateMobilePhones in Azure AD accordingly, even though, the object is successfully synchronized through Azure AD Connect's engine.
+
+## Identifying users with different Mobile and otherMobile values
+
+You can export a list of users with different Mobile and otherMobile values between Active Directory and Azure Active Directory using _‘Compare-ADSyncToolsDirSyncOverrides’_ from _ADSyncTools_ PowerShell module. This will allow you to determine the users and respective values that are different between on-premises Active Directory and Azure Active Directory. This is important to know because enabling the _BypassDirSyncOverrides_ feature will overwrite all the different values in Azure Active Directory with the value coming from on-premises Active Directory.
+
+### Using Compare-ADSyncToolsDirSyncOverrides
+
+As a prerequisite you need to be running Azure AD Connect version 2 or later and install the latest ADSyncTools module from PowerShell Gallery with the following command:
+
+```powershell
+Install-Module ADSyncTools 
+```
+
+To compare all the synchronized user’s Mobile and OtherMobile values, run the following command:
+
+```powershell
+Compare-ADSyncToolsDirSyncOverrides -Credential $(Get-Credential) 
+```
+
+>[!NOTE]
+> The target API used by this feature does not handle authentication user interactions. MFA or conditional policies will block authentication. When prompted to enter credentials, please use a Global Administrator account that doesn't have MFA enabled or any conditional access policy applied. As a last resort, please create a temporary Global Administrator user account without MFA or Conditional Access that can be deleted after completing the desired operations using the BypassDirSyncOverridees feature.
+
+This function will export a CSV file with a list of users where Mobile or OtherMobile values in on-premises Active Directory are different than the respective MobilePhone or AlternateMobilePhones in Azure AD.
+
+At this stage you can use this data to reset the values of the on-premises Active Directory _Mobile_ and _otherMobile_ properties to the values that are present in Azure Active Directory. This way you can capture the most updated phone numbers from Azure AD and persist this data in on-premises Active Directory, before enabling _BypassDirSyncOverrides_ feature. To do this, import the data from the resulting CSV file and then use the _'Set-ADSyncToolsDirSyncOverrides'_ from _ADSyncTools_ module to persist the value in on-premises Active Directory.
+
+For example, to import data from the CSV file and extract the values in Azure AD for a given UserPrincipalName, use the following command:
+
+```powershell
+$upn = '<UserPrincipalName>' 
+$user = Import-Csv 'ADSyncTools-DirSyncOverrides_yyyyMMMdd-HHmmss.csv' | 
+where UserPrincipalName -eq $upn | 
+select UserPrincipalName,*InAAD  
+Set-ADSyncToolsDirSyncOverridesUser -Identity $upn -MobileInAD $user.MobileInAAD
+```
+
+## Enabling BypassDirSyncOverrides feature
+
+By default, _BypassDirSyncOverrides_ feature is turned off. Enabling _BypassDirSyncOverrides_ allows your tenant to bypass any changes made in _MobilePhone_ or _AlternateMobilePhones_ by users or admins directly in Azure AD and always honor the values present in on-premises Active Directory _Mobile_ or _OtherMobile_.
+
+If you do not wish to have end users updating their own mobile phone number or there is no requirement to have admins updating mobile or alternative mobile phone numbers using PowerShell, you should leave the feature _BypassDirsyncOverrides_ enabled on the tenant.  
+
+With this feature turned on, even if an end user or admin updates either _MobilePhone_ or _AlternateMobilePhones_ in Azure Active Directory, the values synchronized from on-premises Active Directory will persist upon the next sync cycle. This means that any updates to these values only persist when the update is performed in on-premises Active Directory and then synchronized to Azure Active Directory.
+
+### Enable the _BypassDirSyncOverrides_ feature:
+
+To enable BypassDirSyncOverrides  feature use the MSOnline PowerShell module.
+
+```powershell
+Set-MsolDirSyncFeature -Feature BypassdirSyncOverrides -Enable $true
+```
+
+Once the feature is enabled, start a full synchronization cycle in Azure AD Connect using the following command:
+
+```powershell
+Start-ADSyncSyncCycle -PolicyType Initial
+```
+
+[!NOTE] Only objects with a different _MobilePhone_ or _AlternateMobilePhones_ value from on-premises Active Directory will be updated.
+
+### Verify the status of the _BypassDirSyncOverrides_ feature:
+
+```powershell
+Get-MsolDirSyncFeatures -Feature BypassdirSyncOverrides 
+```
+
+## Disabling _BypassDirSyncOverrides_ feature
+
+If you desire to restore the ability to update mobile phone numbers from the portal or PowerShell, you can disable _BypassDirSyncOverrides_ feature using the following Microsoft Online PowerShell module command:
+
+```powershell
+Set-MsolDirSyncFeature -Feature BypassdirSyncOverrides -Enable $false
+```
+
+When this feature is turned off, anytime a user or admin updates the _MobilePhone_ or _AlternateMobilePhones_ directly in Azure AD, a _DirSyncOverrides_ is created which prevents any future updates to these attributes coming from on-premises Active Directory. From this point on, a user or admin can only manage these attributes from Azure AD as any new updates from on-premises _Mobile_ or _OtherMobile_ will be dismissed.
+
+## Managing mobile phone numbers in Azure AD and on-premises Active Directory
+
+To manage the user’s phone numbers, an admin can use the following set of functions from _ADSyncTools_ module to read, write and clear the values in either Azure AD or on-premises Active Directory.
+
+### Get _Mobile_ and _OtherMobile_ properties from on-premises Active Directory:
+
+```powershell
+Get-ADSyncToolsDirSyncOverridesUser '[email protected]' -FromAD
+```
+
+### Get _MobilePhone_ and _AlternateMobilePhones_ properties from Azure AD:
+
+```powershell
+Get-ADSyncToolsDirSyncOverridesUser '[email protected]' -FromAzureAD
+```
+
+### Set _MobilePhone_ and _AlternateMobilePhones_ properties in Azure AD:
+
+```powershell
+Set-ADSyncToolsDirSyncOverridesUser '[email protected]' -MobileInAD '999888777'  -OtherMobileInAD '0987654','1234567'
+```
+
+### Set _Mobile_ and _otherMobile_ properties in on-premises Active Directory:
+
+```powershell
+Set-ADSyncToolsDirSyncOverridesUser '[email protected]' -MobilePhoneInAAD '999888777' -AlternateMobilePhonesInAAD '0987654','1234567'
+```
+
+### Clear _MobilePhone_ and _AlternateMobilePhones_ properties in Azure AD:
+
+```powershell
+Clear-ADSyncToolsDirSyncOverridesUser '[email protected]' -MobileInAD -OtherMobileInAD
+```
+
+### Clear _Mobile_ and _otherMobile_ properties in on-premises Active Directory:
+
+```powershell
+Clear-ADSyncToolsDirSyncOverridesUser '[email protected]' -MobilePhoneInAAD -AlternateMobilePhonesInAAD
+```
+
+## Next Steps
+
+Learn more about [Azure AD Connect: ADSyncTools PowerShell Module](reference-connect-adsynctools.md)

articles/azure-arc/data/includes/azure-arc-data-preview-release.md

@@ -10,26 +10,26 @@ ms.date: 08/02/2022
 At this time, a test or preview build is not available for the next release.
 -->
 
-The current test release published on September 27, 2022.
+The current preview release published on October 4, 2022.
 
 |Component|Value|
 |-----------|-----------|
-|Container images registry/repository |`mcr.microsoft.com/arcdata/test`|
+|Container images registry/repository |`mcr.microsoft.com/arcdata/preview`|
 |Container images tag |`v1.12.0_2022-10-11`|
-|CRD names and version|`datacontrollers.arcdata.microsoft.com`: v1beta1, v1 through v6<br/>`exporttasks.tasks.arcdata.microsoft.com`: v1beta1, v1, v2<br/>`kafkas.arcdata.microsoft.com`: v1beta1<br/>`monitors.arcdata.microsoft.com`: v1beta1, v1, v2<br/>`sqlmanagedinstances.sql.arcdata.microsoft.com`: v1beta1, v1 through v7<br/>`postgresqls.arcdata.microsoft.com`: v1beta1, v1beta2, v1beta3<br/>`sqlmanagedinstancerestoretasks.tasks.sql.arcdata.microsoft.com`: v1beta1, v1<br/>`failovergroups.sql.arcdata.microsoft.com`: v1beta1, v1beta2, v1 through v2<br/>`activedirectoryconnectors.arcdata.microsoft.com`: v1beta1, v1beta2, v1<br/>`sqlmanagedinstancereprovisionreplicatask.tasks.sql.arcdata.microsoft.com`: v1beta1<br/>`otelcollectors.arcdata.microsoft.com`: v1beta1<br/>`telemetryrouters.arcdata.microsoft.com`: v1beta1<br/>|
+|CRD names and version|`datacontrollers.arcdata.microsoft.com`: v1beta1, v1 through v6<br/>`exporttasks.tasks.arcdata.microsoft.com`: v1beta1, v1, v2<br/>`kafkas.arcdata.microsoft.com`: v1beta1, v1beta2<br/>`monitors.arcdata.microsoft.com`: v1beta1, v1, v2<br/>`sqlmanagedinstances.sql.arcdata.microsoft.com`: v1beta1, v1 through v7<br/>`postgresqls.arcdata.microsoft.com`: v1beta1, v1beta2, v1beta3<br/>`sqlmanagedinstancerestoretasks.tasks.sql.arcdata.microsoft.com`: v1beta1, v1<br/>`failovergroups.sql.arcdata.microsoft.com`: v1beta1, v1beta2, v1 through v2<br/>`activedirectoryconnectors.arcdata.microsoft.com`: v1beta1, v1beta2, v1<br/>`sqlmanagedinstancereprovisionreplicatask.tasks.sql.arcdata.microsoft.com`: v1beta1<br/>`otelcollectors.arcdata.microsoft.com`: v1beta1, v1beta2<br/>`telemetryrouters.arcdata.microsoft.com`: v1beta1, v1beta2<br/>|
 |Azure Resource Manager (ARM) API version|2022-03-01-preview (No change)|
 |`arcdata` Azure CLI extension version|1.4.7 ([Download](https://aka.ms/az-cli-arcdata-ext))|
 |Arc enabled Kubernetes helm chart extension version|1.12.0|
 |Arc Data extension for Azure Data Studio<br/>`arc`<br/>`azcli`|*No Changes*<br/>1.5.4 ([Download](https://aka.ms/ads-arcdata-ext))</br>1.5.4 ([Download](https://aka.ms/ads-azcli-ext))|
 
 New for this release:
-<!--
 - Arc data controller
-  - 
--->
+  - Updates to TelemetryRouter implementation to include inbound and outbound TelemetryCollector layers alongside Kafka as a persistent buffer
+  - AD connector will now be upgraded when data controller is upgraded
 
 - Arc-enabled SQL managed instance
   - New reprovision replica task lets you rebuild a broken sql instance replica. For more information, see [Reprovision replica](#reprovision-replica).
+  - Edit Active Directory settings from the Azure portal
 
 <!--
 - Arc-enabled PostgreSQL server
@@ -38,6 +38,8 @@ New for this release:
 - `arcdata` Azure CLI extension
   - Columns for release information added to the following commands: `az sql mi-arc list` this makes it easy to see what instance may need to be updated.
   - Alternately you can run `az arcdata dc list-upgrades'
+  - New command to list AD Connectors `az arcdata ad-connector list --k8s-namespace <namespace> --use-k8s`
+  - Az CLI Polling for AD Connector create/update/delete: This feature changes the default behavior of `az arcdata ad-connector create/update/delete` to hang and wait until the operation finishes. To override this behavior, the user has to use the `--no-wait` flag when invoking the command. 
 
 ### Reprovision replica
 

articles/dms/media/tutorial-sql-server-azure-sql-database-offline-ads/migration-source-credentials.png

@@ -15,6 +15,9 @@ ms.date: 09/28/2022
 ---
 # Tutorial: Migrate SQL Server to an Azure SQL Database offline using Azure Data Studio with DMS (Preview)
 
+> [!NOTE]
+> Azure SQL Database targets are only available using the [Azure Data Studio Insiders](/sql/azure-data-studio/download-azure-data-studio#download-the-insiders-build-of-azure-data-studio) version of the Azure SQL Migration extension.
+
 You can use the Azure SQL migration extension in Azure Data Studio to migrate the database(s) from a SQL Server instance to Azure SQL Database (Preview).
 
 In this tutorial, you'll learn how to migrate the **AdventureWorks2019** database from an on-premises instance of SQL Server to Azure SQL Database (Preview) by using the Azure SQL Migration extension for Azure Data Studio. This tutorial focuses on the offline migration mode that considers an acceptable downtime during the migration process.

articles/dms/tutorial-sql-server-azure-sql-database-offline-ads.md

@@ -198,6 +198,15 @@ $connection = Get-AzVirtualNetworkGatewayConnection -Name "MyConnection" -Resour
 $connection.ExpressRouteGatewayBypass = $True
 Set-AzVirtualNetworkGatewayConnection -VirtualNetworkGatewayConnection $connection
 ``` 
+### FastPath virtual network peering and user defined routes (UDRs).
+
+With FastPath and virtual network peering, you can enable ExpressRoute connectivity directly to VMs in a local or peered virtual network, bypassing the ExpressRoute virtual network gateway in the data path.
+
+With FastPath and UDR, you can configure a UDR on the GatewaySubnet to direct ExpressRoute traffic to an Azure Firewall or third party NVA. FastPath will honor the UDR and send traffic directly to the target Azure Firewall or NVA, bypassing the ExpressRoute virtual network gateway in the data path.
+
+> [!NOTE]
+> * Virtual network peering and UDR support is enabled by default for all new FastPath connections 
+> * To enable virtual network peering and UDR support for FastPath connections configured before 9/19/2022, disable and enable FastPath on the target connection.
 
 ### FastPath and Private Link for 100 Gbps ExpressRoute Direct
 
@@ -220,22 +229,6 @@ Register-AzProviderFeature -FeatureName ExpressRoutePrivateEndpointGatewayBypass
 
 ## Enroll in ExpressRoute FastPath features (preview)
 
-FastPath support for virtual network peering is now in Public preview, both IPv4 and IPv6 scenarios are supported. IPv4 FastPath and VNet peering can be enabled on connections associated to both ExpressRoute Direct and ExpressRoute Partner circuits. IPv6 FastPath support for VNet peering is limited to connections associated to ExpressRoute Direct.
-
-### FastPath virtual network peering and user defined routes (UDRs).
-
-With FastPath and virtual network peering, you can enable ExpressRoute connectivity directly to VMs in a local or peered virtual network, bypassing the ExpressRoute virtual network gateway in the data path.
-
-With FastPath and UDR, you can configure a UDR on the GatewaySubnet to direct ExpressRoute traffic to an Azure Firewall or third party NVA. FastPath will honor the UDR and send traffic directly to the target Azure Firewall or NVA, bypassing the ExpressRoute virtual network gateway in the data path.
-
-> [!NOTE]
-> The previews for virtual network peering and user defined routes (UDRs) are offered together. You cannot enable only one scenario.
->
-
-To enroll in these previews, send an email to [email protected] and include the following information:
-* Subscription ID
-* Service key of the target ExpressRoute circuit
-* Name and Resource Group/ARM resource ID of the target virtual network(s)
 ### FastPath and Private Link for 10 Gbps ExpressRoute Direct
 
 With FastPath and Private Link, Private Link traffic sent over ExpressRoute bypasses the ExpressRoute virtual network gateway in the data path. This preview supports connections associated to 10 Gbps ExpressRoute Direct circuits. This preview doesn't support ExpressRoute circuits managed by an ExpressRoute partner.

articles/expressroute/expressroute-howto-linkvnet-arm.md

@@ -121,7 +121,7 @@ By default, storage accounts accept connections from clients on any network. You
 ---
 
 > [!CAUTION]
-> If you set **Public network access** to **Disabled** after previously setting it to **Enabled from selected virtual networks and IP addresses**, any [Resource instances](#grant-access-from-azure-resource-instances) and [Exceptions](#manage-exceptions) you previously configured, including [Allow Azure services on the trusted services list to access this storage account](#grant-access-to-trusted-azure-services), will remain in effect. For this reason, those resources and services may still have access to the storage account.
+> By design, access to a storage account from trusted services takes the highest precedence over other network access restrictions. For this reason, if you set **Public network access** to **Disabled** after previously setting it to **Enabled from selected virtual networks and IP addresses**, any [resource instances](#grant-access-from-azure-resource-instances) and [exceptions](#manage-exceptions) you had previously configured, including [Allow Azure services on the trusted services list to access this storage account](#grant-access-to-trusted-azure-services), will remain in effect. As a result, those resources and services may still have access to the storage account after setting **Public network access** to **Disabled**.
 
 ## Grant access from a virtual network
 

articles/storage/common/storage-network-security.md

@@ -4,7 +4,7 @@ description: Learn how to use customer-managed keys with your Azure disks in dif
 author: roygara
 ms.service: storage
 ms.topic: how-to
-ms.date: 09/23/2022
+ms.date: 10/04/2022
 ms.author: rogarana
 ms.subservice: disks
 ---
@@ -37,7 +37,7 @@ If you have questions about cross-tenant customer-managed keys with managed disk
 
 ## Limitations
 
-- Currently this feature is only available in the North Central US, West Central US, and West US regions.
+- Currently this feature is only available in the North Central US, West Central US, West US, East US 2, and North Europe regions.
 - Managed Disks and the customer's Key Vault must be in the same Azure region, but they can be in different subscriptions.
 - This feature doesn't support Ultra Disks or Azure Premium SSD v2 managed disks.