Merge branch 'main' into freshness-work

Author: vmagelo

.openpublishing.redirection.azure-monitor.json

@@ -5591,6 +5591,41 @@
             "source_path_from_root": "/articles/azure-monitor/logs/collect-sccm.md",
             "redirect_url": "/mem/configmgr/core/plan-design/changes/deprecated/removed-and-deprecated-cmfeatures",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/vm/vminsights-health-overview.md",
+            "redirect_url": "/azure/azure-monitor/vm/vminsights-overview",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/vm/vminsights-health-migrate.md",
+            "redirect_url": "/azure/azure-monitor/vm/vminsights-overview",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/vm/vminsights-health-enable.md",
+            "redirect_url": "/azure/azure-monitor/vm/vminsights-overview",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/vm/vminsights-health-alerts.md",
+            "redirect_url": "/azure/azure-monitor/vm/vminsights-overview",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/vm/vminsights-health-configure.md",
+            "redirect_url": "/azure/azure-monitor/vm/vminsights-overview",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/vm/vminsights-health-configure-dcr.md",
+            "redirect_url": "/azure/azure-monitor/vm/vminsights-overview",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/vm/vminsights-health-troubleshoot.md",
+            "redirect_url": "/azure/azure-monitor/vm/vminsights-overview",
+            "redirect_document_id": false
         }
     ]
 }

articles/active-directory-b2c/azure-ad-b2c-global-identity-funnel-based-design.md

@@ -51,7 +51,7 @@ This use case demonstrates how a user from their home country/region performs a
 
 ### Existing local user attempts sign up
 
-This use case demonstrates how a user re-registering the same email from their own country, or a different region, is blocked.
+This use case demonstrates how a user re-registering the same email from their own country/region, or a different region, is blocked.
 
 ![Screenshot shows the existing account sign-up flow.](media/azure-ad-b2c-global-identity-design-considerations/local-existing-account-signup.png)
 
@@ -108,7 +108,7 @@ This use case demonstrates how a user can travel across regions and maintain the
 
 ### Local user forgot password
 
-This use case demonstrates how a user can reset their password when they are within their home country.
+This use case demonstrates how a user can reset their password when they are within their home country/region.
 
 ![Screenshot shows the local user forgot password flow.](media/azure-ad-b2c-global-identity-design-considerations/local-user-forgot-password.png)
 

articles/active-directory-b2c/azure-ad-b2c-global-identity-region-based-design.md

@@ -49,7 +49,7 @@ This use case demonstrates how a user from their home country/region performs a
 
 ### Existing local user attempts sign up
 
-This use case demonstrates how a user re-registering the same email from their own country, or a different region, is blocked.
+This use case demonstrates how a user re-registering the same email from their own country/region, or a different region, is blocked.
 
 ![Screenshot shows the existing local user sign up attempt flow.](media/azure-ad-b2c-global-identity-regional-design/existing-local-user-sign-up.png)
 

articles/active-directory/fundamentals/active-directory-data-storage-eu.md

@@ -79,7 +79,7 @@ Administrators can choose to enable or disable certain Azure AD features. If the
 
 * **Azure Active Directory Multi Tenant Collaboration** - With multi tenant collaboration scenarios enabled, customers can configure their tenant to collaborate with users from a different tenant. For example, a customer can invite users to their tenant in a B2B context. A customer can create a multi-tenant SaaS application that allows other third party tenants to provision the application in the third party tenant. Or, the customer can make two or more tenants affiliated with one another and act as a single tenant in certain scenarios, such as multi-tenant organization (MTO) formation, tenant to tenant sync, and shared e-mail domain sharing. Customer configuration and use of multi tenant collaboration may occur with tenants outside of the EU Data Residency and EU Data Boundary resulting in some customer data, such as user and device account data, usage data, and service configuration (application, policy, and group) stored and processed in the location of the collaborating tenant.
 * **Application Proxy** - Allows customers to access their on-premises web applications externally. Customers may choose advanced routing configurations that allow customer data to egress outside of the EU Data Residency and EU Data Boundary, including user account data, usage data, and application configuration data.
-* **Microsoft 365 Multi Geo** - Microsoft 365 Multi-Geo provides customers with the ability to expand their Microsoft 365 presence to multiple geographic regions or countries within a single existing Microsoft 365 tenant. Azure Active Directory will egress customer data to perform backup authentication to the locations configured by the customer. Types of customer data include user and device account data, branding data, and service configuration data (application, policy, and group).
+* **Microsoft 365 Multi Geo** - Microsoft 365 Multi-Geo provides customers with the ability to expand their Microsoft 365 presence to multiple geographic regions/countries within a single existing Microsoft 365 tenant. Azure Active Directory will egress customer data to perform backup authentication to the locations configured by the customer. Types of customer data include user and device account data, branding data, and service configuration data (application, policy, and group).
 
 ### Other EU Data Boundary online services
 

articles/active-directory/fundamentals/azure-ad-data-residency.md

@@ -40,18 +40,18 @@ Azure AD replicates each tenant through its scale unit, across data centers, bas
 
 * Directory data stored in data centers closest to the tenant-residency location, to reduce latency and provide fast user sign-in times
 * Directory data stored in geographically isolated data centers to assure availability during unforeseen single-datacenter, catastrophic events 
-* Compliance with data residency, or other requirements, for specific customers and countries or geographies
+* Compliance with data residency, or other requirements, for specific customers and countries/regions or geographies
 
-During tenant creation (for example, signing up for Office 365 or Azure, or creating more Azure AD instances through the Azure portal) you select a country as the primary location. Azure AD maps the selection to a logical region and a single scale unit in it. Tenant location can’t be changed after it’s set.
+During tenant creation (for example, signing up for Office 365 or Azure, or creating more Azure AD instances through the Azure portal) you select a country/region as the primary location. Azure AD maps the selection to a logical region and a single scale unit in it. Tenant location can’t be changed after it’s set.
 
 ## Azure AD cloud solution models
 
 Use the following table to see Azure AD cloud solution models based on infrastructure, data location, and operation sovereignty.
 
 |Model|Model regions|Data location|Operations personnel|Customer support|Put a tenant in this model|
 |---|---|---|---|---|---|
-|Regional (2)|North America, EMEA, Japan|At rest, in the target region. Exceptions by service or feature|Operated by Microsoft. Microsoft datacenter personnel must pass a background check.|Microsoft, globally|Create the tenant in the sign-up experience. Choose the country in the residency.|
-|Worldwide|Worldwide||Operated by Microsoft. Microsoft datacenter personnel must pass a background check.|Microsoft, globally|Create the tenant in the sign-up experience. Choose a country without a regional model.|
+|Regional (2)|North America, EMEA, Japan|At rest, in the target region. Exceptions by service or feature|Operated by Microsoft. Microsoft datacenter personnel must pass a background check.|Microsoft, globally|Create the tenant in the sign-up experience. Choose the country/region in the residency.|
+|Worldwide|Worldwide||Operated by Microsoft. Microsoft datacenter personnel must pass a background check.|Microsoft, globally|Create the tenant in the sign-up experience. Choose a country/region without a regional model.|
 |Sovereign or national clouds|US government, China|At rest, in the target country or region. No exceptions.|Operated by a data custodian (1). Personnel are screened according to requirements.|Microsoft, country or region|Each national cloud instance has a sign-up experience.
 
 **Table references**:

articles/aks/azure-cni-overlay.md

@@ -4,7 +4,7 @@ description: Learn how to configure Azure CNI Overlay networking in Azure Kubern
 services: container-service
 ms.topic: article
 ms.custom: references_regions
-ms.date: 11/08/2022
+ms.date: 12/12/2022
 ---
 
 # Configure Azure CNI Overlay networking in Azure Kubernetes Service (AKS)
@@ -17,6 +17,7 @@ With Azure CNI Overlay, the cluster nodes are deployed into an Azure Virtual Net
 > Azure CNI Overlay is currently available only in the following regions:
 > - North Central US
 > - West Central US
+> - East US
 
 ## Overview of overlay networking
 
@@ -89,7 +90,6 @@ The overlay solution has the following limitations today
 * You can't deploy multiple overlay clusters on the same subnet.
 * Overlay can be enabled only for new clusters. Existing (already deployed) clusters can't be configured to use overlay.
 * You can't use Application Gateway as an Ingress Controller (AGIC) for an overlay cluster.
-* v5 VM SKUs are currently not supported.
 
 ## Install the aks-preview Azure CLI extension
 

articles/aks/node-access.md

@@ -80,6 +80,10 @@ To connect to another node in the cluster, use the `kubectl debug` command. For
 
 To create the SSH connection to the Windows Server node from another node, use the SSH keys provided when you created the AKS cluster and the internal IP address of the Windows Server node.
 
+> [!IMPORTANT]
+>
+> The following steps for creating the SSH connection to the Windows Server node from another node can only be used if you created your AKS cluster using the Azure CLI and the `--generate-ssh-keys` parameter. If you didn't use this method to create your cluster, you'll use a password instead of an SSH key. To do this, see [Create the SSH connection to a Windows node using a password](#create-the-ssh-connection-to-a-windows-node-using-a-password)
+
 Open a new terminal window and use the `kubectl get pods` command to get the name of the pod started by `kubectl debug`.
 
 ```bash
@@ -155,6 +159,54 @@ azureuser@aksnpwin000000 C:\Users\azureuser>
 >  ssh -o 'ProxyCommand ssh -p 2022 -W %h:%p [email protected]' -o PreferredAuthentications=password [email protected]
 > ```
 
+### Create the SSH connection to a Windows node using a password
+
+If you didn't create your AKS cluster using the Azure CLI and the `--generate-ssh-keys` parameter, you'll use a password instead of an SSH key to create the SSH connection. To do this with Azure CLI, use the following steps:
+
+1. Create a root user called `azureuser`.
+
+    ```azurecli
+    az vmss update -g <nodeRG> -n <vmssName> --set virtualMachineProfile.osProfile.adminUsername=azureuser
+    ```
+
+2. Create a password for the new root user.
+
+    ```azurecli
+    az vmss update -g <nodeRG> -n <vmssName> --set virtualMachineProfile.osProfile.adminPassword=<new password>
+    ```
+
+3. Update the instances to use the above changes.
+
+    ```azurecli
+    az vmss update-instances -g <nodeRG> -n <vmssName> --instance-ids '*'
+    ```
+
+4. Reimage the affected nodes so you can connect using your new credentials.
+
+    ```azurecli
+    az vmss reimage -g <nodeRG> -n <vmssName> --instance-id <affectedNodeInstanceId>
+    ```
+
+5. Use `kubectl debug` to connect to another node.
+
+    ```azurecli
+    kubectl debug node/<nodeName> -it --image=mcr.microsoft.com/dotnet/runtime-deps:6.0
+    ```
+
+6. Open a second terminal to use port forwarding to connect the debug pod to your local computer.
+
+    ```azurecli
+    kubectl port-forward <debugPodName> 2022:22
+    ```
+
+7. Open a third terminal to get the `INTERNAL-IP` of the affected node to initiate the SSH connection. You can get this with `kubectl get nodes -o wide`. Once you have it, use the following command to connect.
+
+    ```azurecli
+     ssh -o 'ProxyCommand ssh -p 2022 -W %h:%p [email protected]' azureuser@<affectedNodeIp>
+    ```
+
+8. Enter your password.
+
 ### Remove SSH access
 
 When done, `exit` the SSH session, stop any port forwarding, and then `exit` the interactive container session. After the interactive container session closes, delete the pod used for SSH access using the `kubectl delete pod` command.
@@ -166,6 +218,7 @@ kubectl delete pod node-debugger-aks-nodepool1-12345678-vmss000000-bkmmx
 ## Update SSH key on an existing AKS cluster (preview)
 
 ### Prerequisites
+
 * Before you start, ensure the Azure CLI is installed and configured. If you need to install or upgrade, see [Install Azure CLI][install-azure-cli].
 * The aks-preview extension version 0.5.111 or later. To learn how to install an Azure extension, see [How to install extensions][how-to-install-azure-extensions].
 

articles/aks/supported-kubernetes-versions.md

@@ -15,7 +15,7 @@ The Kubernetes community releases minor versions roughly every three months. Rec
 Minor version releases include new features and improvements. Patch releases are more frequent (sometimes weekly) and are intended for critical bug fixes within a minor version. Patch releases include fixes for security vulnerabilities or major bugs.
 
 >[!WARNING]
-> AKS clusters with Calico enabled should not upgrade to Kubernetes v1.25 preview.
+> Due to an issue with Calico and AKS. It is highly reccomended that customers using Calico do not upgrade or create new clusters on v1.25.
 
 ## Kubernetes versions
 

articles/app-service/configure-connect-to-azure-storage.md

@@ -268,7 +268,7 @@ To validate that the Azure Storage is mounted successfully for the app:
 
 - To avoid potential issues related to latency, place the app and the Azure Storage account in the same Azure region. Note, however, if the app and Azure Storage account are in same Azure region, and if you grant access from App Service IP addresses in the [Azure Storage firewall configuration](../storage/common/storage-network-security.md), then these IP restrictions are not honored.
 
-- In the Azure Storage account, avoid [regenerating the access key](../storage/common/storage-account-keys-manage.md) that's used to mount the storage in the app. The storage account contains two different keys. Use a stepwise approach to ensure that the storage mount remains available to the app during key regeneration. For example, assuming that you used **key1** to configure storage mount in your app:
+- In the Azure Storage account, avoid [regenerating the access key](../storage/common/storage-account-keys-manage.md) that's used to mount the storage in the app. The storage account contains two different keys. Azure App Services stores Azure storage account key. Use a stepwise approach to ensure that the storage mount remains available to the app during key regeneration. For example, assuming that you used **key1** to configure storage mount in your app:
 
     1. Regenerate **key2**. 
     1. In the storage mount configuration, update the access the key to use the regenerated **key2**.
@@ -297,7 +297,7 @@ To validate that the Azure Storage is mounted successfully for the app:
 
 - Mounting the storage to `/home` is not recommended because it may result in performance bottlenecks for the app. 
 
-- In the Azure Storage account, avoid [regenerating the access key](../storage/common/storage-account-keys-manage.md) that's used to mount the storage in the app. The storage account contains two different keys. Use a stepwise approach to ensure that the storage mount remains available to the app during key regeneration. For example, assuming that you used **key1** to configure storage mount in your app:
+- In the Azure Storage account, avoid [regenerating the access key](../storage/common/storage-account-keys-manage.md) that's used to mount the storage in the app. The storage account contains two different keys. Azure App Services stores Azure storage account key. Use a stepwise approach to ensure that the storage mount remains available to the app during key regeneration. For example, assuming that you used **key1** to configure storage mount in your app:
 
     1. Regenerate **key2**. 
     1. In the storage mount configuration, update the access the key to use the regenerated **key2**.

articles/app-service/environment/migrate.md

@@ -3,7 +3,7 @@ title: Migrate to App Service Environment v3 by using the migration feature
 description: Overview of the migration feature for migration to App Service Environment v3
 author: seligj95
 ms.topic: article
-ms.date: 12/12/2022
+ms.date: 12/21/2022
 ms.author: jordanselig
 ms.custom: references_regions
 ---
@@ -44,6 +44,7 @@ At this time, App Service Environment migrations to v3 using the migration featu
 - Norway West
 - South Central US
 - South India
+- Southeast Asia
 - Switzerland North
 - Switzerland West
 - UAE North