Merge pull request #222196 from MicrosoftDocs/main

12/21 PM Publish

Author: huypub

.openpublishing.redirection.azure-monitor.json

@@ -5591,6 +5591,41 @@
             "source_path_from_root": "/articles/azure-monitor/logs/collect-sccm.md",
             "redirect_url": "/mem/configmgr/core/plan-design/changes/deprecated/removed-and-deprecated-cmfeatures",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/vm/vminsights-health-overview.md",
+            "redirect_url": "/azure/azure-monitor/vm/vminsights-overview",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/vm/vminsights-health-migrate.md",
+            "redirect_url": "/azure/azure-monitor/vm/vminsights-overview",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/vm/vminsights-health-enable.md",
+            "redirect_url": "/azure/azure-monitor/vm/vminsights-overview",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/vm/vminsights-health-alerts.md",
+            "redirect_url": "/azure/azure-monitor/vm/vminsights-overview",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/vm/vminsights-health-configure.md",
+            "redirect_url": "/azure/azure-monitor/vm/vminsights-overview",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/vm/vminsights-health-configure-dcr.md",
+            "redirect_url": "/azure/azure-monitor/vm/vminsights-overview",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/vm/vminsights-health-troubleshoot.md",
+            "redirect_url": "/azure/azure-monitor/vm/vminsights-overview",
+            "redirect_document_id": false
         }
     ]
 }

articles/active-directory-b2c/azure-ad-b2c-global-identity-funnel-based-design.md

@@ -51,7 +51,7 @@ This use case demonstrates how a user from their home country/region performs a
 
 ### Existing local user attempts sign up
 
-This use case demonstrates how a user re-registering the same email from their own country, or a different region, is blocked.
+This use case demonstrates how a user re-registering the same email from their own country/region, or a different region, is blocked.
 
 ![Screenshot shows the existing account sign-up flow.](media/azure-ad-b2c-global-identity-design-considerations/local-existing-account-signup.png)
 
@@ -108,7 +108,7 @@ This use case demonstrates how a user can travel across regions and maintain the
 
 ### Local user forgot password
 
-This use case demonstrates how a user can reset their password when they are within their home country.
+This use case demonstrates how a user can reset their password when they are within their home country/region.
 
 ![Screenshot shows the local user forgot password flow.](media/azure-ad-b2c-global-identity-design-considerations/local-user-forgot-password.png)
 

articles/active-directory-b2c/azure-ad-b2c-global-identity-region-based-design.md

@@ -49,7 +49,7 @@ This use case demonstrates how a user from their home country/region performs a
 
 ### Existing local user attempts sign up
 
-This use case demonstrates how a user re-registering the same email from their own country, or a different region, is blocked.
+This use case demonstrates how a user re-registering the same email from their own country/region, or a different region, is blocked.
 
 ![Screenshot shows the existing local user sign up attempt flow.](media/azure-ad-b2c-global-identity-regional-design/existing-local-user-sign-up.png)
 

articles/active-directory/fundamentals/active-directory-data-storage-eu.md

@@ -79,7 +79,7 @@ Administrators can choose to enable or disable certain Azure AD features. If the
 
 * **Azure Active Directory Multi Tenant Collaboration** - With multi tenant collaboration scenarios enabled, customers can configure their tenant to collaborate with users from a different tenant. For example, a customer can invite users to their tenant in a B2B context. A customer can create a multi-tenant SaaS application that allows other third party tenants to provision the application in the third party tenant. Or, the customer can make two or more tenants affiliated with one another and act as a single tenant in certain scenarios, such as multi-tenant organization (MTO) formation, tenant to tenant sync, and shared e-mail domain sharing. Customer configuration and use of multi tenant collaboration may occur with tenants outside of the EU Data Residency and EU Data Boundary resulting in some customer data, such as user and device account data, usage data, and service configuration (application, policy, and group) stored and processed in the location of the collaborating tenant.
 * **Application Proxy** - Allows customers to access their on-premises web applications externally. Customers may choose advanced routing configurations that allow customer data to egress outside of the EU Data Residency and EU Data Boundary, including user account data, usage data, and application configuration data.
-* **Microsoft 365 Multi Geo** - Microsoft 365 Multi-Geo provides customers with the ability to expand their Microsoft 365 presence to multiple geographic regions or countries within a single existing Microsoft 365 tenant. Azure Active Directory will egress customer data to perform backup authentication to the locations configured by the customer. Types of customer data include user and device account data, branding data, and service configuration data (application, policy, and group).
+* **Microsoft 365 Multi Geo** - Microsoft 365 Multi-Geo provides customers with the ability to expand their Microsoft 365 presence to multiple geographic regions/countries within a single existing Microsoft 365 tenant. Azure Active Directory will egress customer data to perform backup authentication to the locations configured by the customer. Types of customer data include user and device account data, branding data, and service configuration data (application, policy, and group).
 
 ### Other EU Data Boundary online services
 

articles/active-directory/fundamentals/azure-ad-data-residency.md

@@ -40,18 +40,18 @@ Azure AD replicates each tenant through its scale unit, across data centers, bas
 
 * Directory data stored in data centers closest to the tenant-residency location, to reduce latency and provide fast user sign-in times
 * Directory data stored in geographically isolated data centers to assure availability during unforeseen single-datacenter, catastrophic events 
-* Compliance with data residency, or other requirements, for specific customers and countries or geographies
+* Compliance with data residency, or other requirements, for specific customers and countries/regions or geographies
 
-During tenant creation (for example, signing up for Office 365 or Azure, or creating more Azure AD instances through the Azure portal) you select a country as the primary location. Azure AD maps the selection to a logical region and a single scale unit in it. Tenant location can’t be changed after it’s set.
+During tenant creation (for example, signing up for Office 365 or Azure, or creating more Azure AD instances through the Azure portal) you select a country/region as the primary location. Azure AD maps the selection to a logical region and a single scale unit in it. Tenant location can’t be changed after it’s set.
 
 ## Azure AD cloud solution models
 
 Use the following table to see Azure AD cloud solution models based on infrastructure, data location, and operation sovereignty.
 
 |Model|Model regions|Data location|Operations personnel|Customer support|Put a tenant in this model|
 |---|---|---|---|---|---|
-|Regional (2)|North America, EMEA, Japan|At rest, in the target region. Exceptions by service or feature|Operated by Microsoft. Microsoft datacenter personnel must pass a background check.|Microsoft, globally|Create the tenant in the sign-up experience. Choose the country in the residency.|
-|Worldwide|Worldwide||Operated by Microsoft. Microsoft datacenter personnel must pass a background check.|Microsoft, globally|Create the tenant in the sign-up experience. Choose a country without a regional model.|
+|Regional (2)|North America, EMEA, Japan|At rest, in the target region. Exceptions by service or feature|Operated by Microsoft. Microsoft datacenter personnel must pass a background check.|Microsoft, globally|Create the tenant in the sign-up experience. Choose the country/region in the residency.|
+|Worldwide|Worldwide||Operated by Microsoft. Microsoft datacenter personnel must pass a background check.|Microsoft, globally|Create the tenant in the sign-up experience. Choose a country/region without a regional model.|
 |Sovereign or national clouds|US government, China|At rest, in the target country or region. No exceptions.|Operated by a data custodian (1). Personnel are screened according to requirements.|Microsoft, country or region|Each national cloud instance has a sign-up experience.
 
 **Table references**:

articles/aks/node-access.md

@@ -80,6 +80,10 @@ To connect to another node in the cluster, use the `kubectl debug` command. For
 
 To create the SSH connection to the Windows Server node from another node, use the SSH keys provided when you created the AKS cluster and the internal IP address of the Windows Server node.
 
+> [!IMPORTANT]
+>
+> The following steps for creating the SSH connection to the Windows Server node from another node can only be used if you created your AKS cluster using the Azure CLI and the `--generate-ssh-keys` parameter. If you didn't use this method to create your cluster, you'll use a password instead of an SSH key. To do this, see [Create the SSH connection to a Windows node using a password](#create-the-ssh-connection-to-a-windows-node-using-a-password)
+
 Open a new terminal window and use the `kubectl get pods` command to get the name of the pod started by `kubectl debug`.
 
 ```bash
@@ -155,6 +159,54 @@ azureuser@aksnpwin000000 C:\Users\azureuser>
 >  ssh -o 'ProxyCommand ssh -p 2022 -W %h:%p [email protected]' -o PreferredAuthentications=password [email protected]
 > ```
 
+### Create the SSH connection to a Windows node using a password
+
+If you didn't create your AKS cluster using the Azure CLI and the `--generate-ssh-keys` parameter, you'll use a password instead of an SSH key to create the SSH connection. To do this with Azure CLI, use the following steps:
+
+1. Create a root user called `azureuser`.
+
+    ```azurecli
+    az vmss update -g <nodeRG> -n <vmssName> --set virtualMachineProfile.osProfile.adminUsername=azureuser
+    ```
+
+2. Create a password for the new root user.
+
+    ```azurecli
+    az vmss update -g <nodeRG> -n <vmssName> --set virtualMachineProfile.osProfile.adminPassword=<new password>
+    ```
+
+3. Update the instances to use the above changes.
+
+    ```azurecli
+    az vmss update-instances -g <nodeRG> -n <vmssName> --instance-ids '*'
+    ```
+
+4. Reimage the affected nodes so you can connect using your new credentials.
+
+    ```azurecli
+    az vmss reimage -g <nodeRG> -n <vmssName> --instance-id <affectedNodeInstanceId>
+    ```
+
+5. Use `kubectl debug` to connect to another node.
+
+    ```azurecli
+    kubectl debug node/<nodeName> -it --image=mcr.microsoft.com/dotnet/runtime-deps:6.0
+    ```
+
+6. Open a second terminal to use port forwarding to connect the debug pod to your local computer.
+
+    ```azurecli
+    kubectl port-forward <debugPodName> 2022:22
+    ```
+
+7. Open a third terminal to get the `INTERNAL-IP` of the affected node to initiate the SSH connection. You can get this with `kubectl get nodes -o wide`. Once you have it, use the following command to connect.
+
+    ```azurecli
+     ssh -o 'ProxyCommand ssh -p 2022 -W %h:%p [email protected]' azureuser@<affectedNodeIp>
+    ```
+
+8. Enter your password.
+
 ### Remove SSH access
 
 When done, `exit` the SSH session, stop any port forwarding, and then `exit` the interactive container session. After the interactive container session closes, delete the pod used for SSH access using the `kubectl delete pod` command.
@@ -166,6 +218,7 @@ kubectl delete pod node-debugger-aks-nodepool1-12345678-vmss000000-bkmmx
 ## Update SSH key on an existing AKS cluster (preview)
 
 ### Prerequisites
+
 * Before you start, ensure the Azure CLI is installed and configured. If you need to install or upgrade, see [Install Azure CLI][install-azure-cli].
 * The aks-preview extension version 0.5.111 or later. To learn how to install an Azure extension, see [How to install extensions][how-to-install-azure-extensions].
 

articles/aks/supported-kubernetes-versions.md

@@ -15,7 +15,7 @@ The Kubernetes community releases minor versions roughly every three months. Rec
 Minor version releases include new features and improvements. Patch releases are more frequent (sometimes weekly) and are intended for critical bug fixes within a minor version. Patch releases include fixes for security vulnerabilities or major bugs.
 
 >[!WARNING]
-> AKS clusters with Calico enabled should not upgrade to Kubernetes v1.25 preview.
+> Due to an issue with Calico and AKS. It is highly reccomended that customers using Calico do not upgrade or create new clusters on v1.25.
 
 ## Kubernetes versions
 

articles/app-service/index.yml

@@ -7,7 +7,7 @@ metadata:
   title: Azure App Service documentation
   description: Host websites, web apps, RESTful APIs, and mobile back ends in Azure App Service. Find quickstarts, tutorials, and samples to help you succeed with App Service.
   ms.topic: landing-page
-  ms.author: cephalin
+  ms.author: msangapu
   ms.service: app-service
   ms.date: 01/14/2022
 
@@ -39,6 +39,8 @@ landingContent:
             url: quickstart-nodejs.md
           - text: Deploy a PHP web app
             url: quickstart-php.md
+          - text: Deploy a Go app (experimental)
+            url: quickstart-golang.md           
           - text: Deploy a Java app
             url: quickstart-java.md
           - text: Create a WordPress site
@@ -227,4 +229,4 @@ landingContent:
       - linkListType: tutorial
         links:            
           - text: Set up an Azure Arc-enabled Kubernetes cluster to run App Service, Functions, and Logic Apps (Preview)
-            url: manage-create-arc-environment.md
+            url: manage-create-arc-environment.md

articles/automation/how-to/private-link-security.md

@@ -42,7 +42,7 @@ For more information, see  [Key Benefits of Private Link](../../private-link/pri
 - In the current implementation of Private Link, Automation account cloud jobs cannot access Azure resources that are secured using private endpoint. For example, Azure Key Vault, Azure SQL, Azure Storage account, etc. To workaround this, use a [Hybrid Runbook Worker](../automation-hybrid-runbook-worker.md) instead. Hence, on-premises VMs are supported to run Hybrid Runbook Workers against an Automation Account with Private Link enabled.
 - You need to use the latest version of the [Log Analytics agent](../../azure-monitor/agents/log-analytics-agent.md) for Windows or Linux.
 - The [Log Analytics Gateway](../../azure-monitor/agents/gateway.md) does not support Private Link.
-- Azure alert (metric, log, and activity log) can't to be used to trigger an Automation webhook when the Automation account is configured with  **Public access** set to **Disable**.
+- Azure alert (metric, log, and activity log) can't be used to trigger an Automation webhook when the Automation account is configured with  **Public access** set to **Disable**.
 
 ## How it works
 

articles/azure-app-configuration/TOC.yml

@@ -117,6 +117,8 @@
   items:
     - name: Azure CLI
       href: cli-samples.md
+    - name: Azure PowerShell
+      href: powershell-samples.md
     - name: Python SDK
       href: quickstart-python.md
     - name: Samples on GitHub