Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into rolyon-rbac-roles-website-contributor

Author: rolyon

articles/active-directory-b2c/partner-f5.md

@@ -59,7 +59,7 @@ The secure hybrid access solution for this scenario is made up of the following
 
 - **Application** - Backend service being protected by Azure AD B2C and BIG-IP secure hybrid access
 
-- **Azure AD B2C** - The IdP and Open ID Connect (OIDC) authorization server, responsible for verification of user credentials, multi-factor authentication (MFA), and SSO to the BIG-IP APM.
+- **Azure AD B2C** - The IdP and Open ID Connect (OIDC) authorization server, responsible for verification of user credentials, multifactor authentication (MFA), and SSO to the BIG-IP APM.
 
 - **BIG-IP** - As the reverse proxy for the application, the BIG-IP APM also becomes the OIDC client, delegating authentication to the OIDC authorization server, before performing header-based SSO to the backend service.
 
@@ -222,9 +222,9 @@ Here, we'll configure Azure AD B2C as the OAuth2 IdP. You’ll notice that the G
 
   |Properties | Descriptions|
   |:---------|:---------|
-  | Client ID | The client ID of the application representing the BIG-IP in your Azure AD B2C tenant.|
+  | Client ID | The client ID of the application representing the BIG-IP in your Azure AD B2C tenant. |
   | Client secret | The application’s corresponding client secret. |
-  |Client-server SSL profile | Setting an SSL profile will ensure the APM communicates with the Azure AD B2C IdP over TLS. Select the default serverssl option.|
+  |Client-server SSL profile | Setting an SSL profile will ensure the APM communicates with the Azure AD B2C IdP over TLS. Select the default `serverssl` option. |
 
 - **OAuth request settings**
 
@@ -281,7 +281,7 @@ Here, we'll configure Azure AD B2C as the OAuth2 IdP. You’ll notice that the G
   | Service port | HTTPS |
   | Enable redirect port | Check to have users auto redirected from http to https |
   | Redirect port | HTTP |
-  | Client SSL profile | Swap the pre-defined clientssl profile with the one containing your SSL certificate. Testing with the default profile is also ok but will likely cause a browser alert.|
+  | Client SSL profile | Swap the predefined `clientssl` profile with the one containing your SSL certificate. Testing with the default profile is also ok but will likely cause a browser alert. |
 
 - **Pool properties**
 

articles/active-directory/cloud-sync/tutorial-pilot-aadc-aadccp.md

@@ -198,7 +198,7 @@ Azure AD Connect sync synchronizes changes occurring in your on-premises directo
 >[!NOTE] 
 >If you are running your own custom scheduler for Azure AD Connect sync, then please enable the scheduler. 
 
-Once the scheduler is enabled, Azure AD Connect will stop exporting any changes on objects with `cloudNoFlow=true` in the metaverse, unless any reference attribute (eg. manager) is being updated. In case there is any reference attribute update on the object, Azure AD Connect will ignore the `cloudNoFlow` signal and export all updates on the object.
+Once the scheduler is enabled, Azure AD Connect will stop exporting any changes on objects with `cloudNoFlow=true` in the metaverse, unless any reference attribute (such as `manager`) is being updated. In case there is any reference attribute update on the object, Azure AD Connect will ignore the `cloudNoFlow` signal and export all updates on the object.
 
 ## Something went wrong
 In case the pilot does not work as expected, you can go back to the Azure AD Connect sync setup by following the steps below:

articles/active-directory/conditional-access/terms-of-use.md

@@ -41,7 +41,7 @@ Azure AD terms of use policies have the following capabilities:
 - Require employees or guests to accept your terms of use policy prior to registering security information in Azure AD Multi-Factor Authentication (MFA).
 - Require employees to accept your terms of use policy prior to registering security information in Azure AD self-service password reset (SSPR).
 - Present a general terms of use policy for all users in your organization.
-- Present specific terms of use policies based on a user attributes (ex. doctors vs nurses or domestic vs international employees, by using [dynamic groups](../enterprise-users/groups-dynamic-membership.md)).
+- Present specific terms of use policies based on a user attributes (such as doctors versus nurses, or domestic versus international employees) by using [dynamic groups](../enterprise-users/groups-dynamic-membership.md)).
 - Present specific terms of use policies when accessing high business impact applications, like Salesforce.
 - Present terms of use policies in different languages.
 - List who has or hasn't accepted to your terms of use policies.

articles/active-directory/manage-apps/f5-bigip-deployment-guide.md

@@ -42,9 +42,9 @@ Prior F5 BIG-IP experience or knowledge isn't necessary, however, we do recommen
 
 - A wildcard or Subject Alternative Name (SAN) certificate, to publish web applications over Secure Socket Layer (SSL). [Let’s encrypt](https://letsencrypt.org/) offers free 90 days certificate for  testing.
 
-- An SSL certificate for securing the BIG-IPs management interface. A certificate used to publish web apps can be used, if its subject corresponds to the BIG-IP's Fully qualified domain name (FQDN). For example, a wildcard certificate defined with a subject *.contoso.com would be suitable for `https://big-ip-vm.contoso.com:8443`
+- An SSL certificate for securing the BIG-IPs management interface. A certificate used to publish web apps can be used, if its subject corresponds to the BIG-IP's Fully qualified domain name (FQDN). For example, a wildcard certificate defined with a subject `*.contoso.com` would be suitable for `https://big-ip-vm.contoso.com:8443`
 
-VM deployment and base system configs take approx. 30 minutes, at which point your BIG-IP platform will be ready for implementing any of the SHA scenarios listed [here](f5-aad-integration.md).
+VM deployment and base system configs take approximately 30 minutes, at which point your BIG-IP platform will be ready for implementing any of the SHA scenarios listed in [Integrate F5 BIG-IP with Azure Active Directory](f5-aad-integration.md).
 
 For testing the scenarios, this tutorial assumes the BIG-IP will be deployed into an Azure resource group containing an Active Directory (AD) environment. The environment should consist of a Domain Controller (DC) and web host (IIS) VMs. Having these servers in other locations to the BIG-IP VM is also ok, providing the BIG-IP has line of sight to each of the roles required to support a given scenario. Scenarios where the BIG-IP VM is connected to another environment over a VPN connection are also supported.
 
@@ -230,7 +230,7 @@ The following steps assume the DNS zone of the public domain used for your SHA s
   If you manage your DNS domain namespace using an external provider like [GoDaddy](https://www.godaddy.com/), then you'll need to create records using their own DNS management facility.
 
 >[!NOTE]
->You can also use a PC’s local hosts file if testing and frequently switching DNS records. The localhosts file on a Windows PC can be accessed by pressing Win + R on the keyboard and submitting the word **drivers** in the run box. Just be mindful that a localhost record will only provide DNS resolution for the local PC, not other clients.
+>You can also use a PC’s local hosts file if testing and frequently switching DNS records. The local hosts file on a Windows PC can be accessed by pressing Win + R on the keyboard and entering *drivers* in the **Run** box. Just be mindful that a local host record will only provide DNS resolution for the local PC, not other clients.
 
 ## Client traffic
 
@@ -351,15 +351,15 @@ Provisioning both, Client and Server SSL profiles will have the BIG-IP pre-confi
 
 2. From the **Import Type** drop down list, select **PKCS 12(IIS)**
 
-3. Provide a name for the imported certificate, for example,  `ContosoWilcardCert`
+3. Provide a name for the imported certificate, such as `ContosoWildcardCert`.
 
 4. Select **Choose File** to browse to the SSL web certificate who’s subject name corresponds to the domain suffix you plan on using for published services
 
 5. Provide the **password** for the imported certificate then select **Import**
 
 6. From the left-navigation bar, go to **Local Traffic** > **Profiles** > **SSL** > **Client** and then select **Create**
 
-7. In the **New Client SSL Profile** page, provide a unique friendly name for the new client SSL profile and ensure the Parent profile is set to **clientssl**
+7. In the **New Client SSL Profile** page, provide a unique friendly name for the new client SSL profile and ensure the Parent profile is set to `clientssl`.
 
 ![The image shows update big-ip](./media/f5ve-deployment-plan/client-ssl.png)
 
@@ -371,7 +371,7 @@ Provisioning both, Client and Server SSL profiles will have the BIG-IP pre-confi
 
 10.	Repeat steps 6-9 to create an **SSL server certificate profile**. From the top ribbon, select **SSL** > **Server** > **Create**.
 
-11.	In the **New Server SSL Profile** page, provide a unique friendly name for the new server SSL profile and ensure the Parent profile is set to **serverssl**
+11.	In the **New Server SSL Profile** page, provide a unique friendly name for the new server SSL profile and ensure the Parent profile is set to `serverssl`.
 
 12.	Select the far-right check box for the Certificate and Key rows and from the drop-down list select your imported certificate, followed by **Finished**.
 

articles/azure-monitor/visualize/workbooks-tile-visualizations.md

@@ -101,7 +101,7 @@ The author has an option to set the tile width in the tile settings.
 
 * `fixed` (default)
 
-    The default behavior of tiles is to be the same fixed width, approx. 160 pixels wide, plus the space around the tiles.
+    The default behavior of tiles is to be the same fixed width, approximately 160 pixels wide, plus the space around the tiles.
 
     ![Screenshot displaying fixed width tiles](./media/workbooks-tile-visualizations/tiles-fixed.png)
 * `auto`

articles/azure-vmware/deploy-zerto-disaster-recovery.md

@@ -0,0 +1,129 @@
+---
+title: Deploy Zerto disaster recovery on Azure VMware Solution (Initial Availability)
+description: Learn how to implement Zerto disaster recovery for on-premises VMware or Azure VMware Solution virtual machines. 
+ms.topic: how-to 
+ms.date: 10/25/2021
+
+---
+
+# Deploy Zerto disaster recovery on Azure VMware Solution (Initial Availability)
+
+This article explains how to implement disaster recovery for on-premises VMware or Azure VMware Solution-based virtual machines (VMs). The solution in this article uses [Zerto disaster recovery](https://www.zerto.com/solutions/use-cases/disaster-recovery/). Instances of Zerto are deployed at both the protected and the recovery sites. 
+
+Zerto is a disaster recovery solution designed to minimize downtime of the VMs if there was a disaster. Zerto's platform is built on the foundation of Continuous Data Protection (CDP), which enables minimal or close to no data loss. It provides the level of protection wanted for many business-critical and mission-critical enterprise applications. Zerto also automates and orchestrates failover and failback, ensuring minimal downtime in a disaster. Overall, Zerto simplifies management through automation and ensures fast and highly predictable recovery times.
+
+
+## Core components of the Zerto platform
+
+| Component | Description |
+| --- | --- |
+| **Zerto Virtual Manager (ZVM)**   | Management application for Zerto implemented as a Windows service installed on a Windows VM. The private cloud administrator installs and manages the Windows VM. The ZVM enables Day 0 and Day 2 disaster recovery configuration. For example, configuring primary and disaster recovery sites, protecting VMs, recovering VMs, and so on. However, it doesn't handle the replication data of the protected customer VMs.     |
+| **Virtual Replication appliance (vRA)**   | Linux VM to handle data replication from the source to the replication target. One instance of vRA is installed per ESXi host, delivering a true scale architecture that grows and shrinks along with the private cloud's hosts. The VRA manages data replication to and from protected VMs to its local or remote target, storing the data in the journal.    |
+| **Zerto ESXi host driver**   | Installed on each VMware ESXi host configured for Zerto disaster recovery. The host driver intercepts a vSphere VM's IO and sends the replication data to the chosen vRA for that host. The vRA is then responsible for replicating the VM's data to one or more disaster recovery targets.    |
+| **Zerto Cloud Appliance (ZCA)**   | Windows VM only used when Zerto is used to recover vSphere VMs as Azure Native IaaS VMs. The ZCA is composed of:<ul><li>**ZVM:** A Windows service that hosts the UI and integrates with the native APIs of Azure for management and orchestration.</li><li>**VRA:** A Windows service that replicates the data from or to Azure.</li></ul>The ZCA integrates natively with the platform it's deployed on, allowing you to use Azure Blob storage within a storage account on Microsoft Azure. As a result, it ensures the most cost-efficient deployment on each of these platforms.   |
+| **Virtual Protection Group (VPG)**   | Logical group of VMs created on the ZVM. Zerto allows configuring disaster recovery, Backup, and Mobility policies on a VPG. This mechanism enables a consistent set of policies to be applied to a group of VMs.  |
+
+
+To learn more about Zerto platform architecture, see the [Zerto Platform Architecture Guide](https://www.zerto.com/wp-content/uploads/2021/07/Zerto-Platform-Architecture-Guide.pdf). 
+
+
+## Supported Zerto scenarios
+
+You can use Zerto with Azure VMware Solution for the following three scenarios. 
+
+### Scenario 1: On-premises VMware to Azure VMware Solution disaster recovery
+
+In this scenario, the primary site is an on-premises vSphere-based environment. The disaster recovery site is an Azure VMware Solution private cloud. 
+
+:::image type="content" source="media/zerto-disaster-recovery/zerto-disaster-recovery-scenario-1.png" alt-text="Diagram showing Scenario 1 for the Zerto disaster recovery solution on Azure VMware Solution.":::
+
+
+### Scenario 2: Azure VMware Solution to Azure VMware Solution cloud disaster recovery
+
+In this scenario, the primary site is an Azure VMware Solution private cloud in one Azure Region. The disaster recovery site is an Azure VMware Solution private cloud in a different Azure Region.
+
+:::image type="content" source="media/zerto-disaster-recovery/zerto-disaster-recovery-scenario-2.png" alt-text="Diagram showing scenario 2 for the Zerto disaster recovery solution on Azure VMware Solution." border="false":::
+
+
+### Scenario 3: Azure VMware Solution to IaaS VMs cloud disaster recovery
+
+In this scenario, the primary site is an Azure VMware Solution private cloud in one Azure Region. Azure Blobs and Azure IaaS (Hyper-V based) VMs are used in times of Disaster.
+
+:::image type="content" source="media/zerto-disaster-recovery/zerto-disaster-recovery-scenario-3.png" alt-text="Diagram showing Scenario 3 for the Zerto disaster recovery solution on Azure VMware Solution." border="false":::
+
+
+
+## Prerequisites
+
+### On-premises VMware to Azure VMware Solution disaster recovery
+
+- Azure VMware Solution private cloud deployed as a secondary region.
+
+- VPN or ExpressRoute connectivity between on-premises and Azure VMware Solution.
+
+
+
+### Azure VMware Solution to Azure VMware Solution cloud disaster recovery
+
+- Azure VMware Solution private cloud must be deployed in the primary and secondary region.
+
+   :::image type="content" source="media/zerto-disaster-recovery/zerto-disaster-recovery-scenario-2a-prerequisite.png" alt-text="Diagram shows the first prerequisite for Scenario 2 of the Zerto disaster recovery solution on Azure VMware Solution.":::
+ 
+- Connectivity, like ExpressRoute Global Reach, between the source and target Azure VMware Solution private cloud.
+
+### Azure VMware Solution IaaS VMs cloud disaster recovery
+
+- Network connectivity, ExpressRoute based, from Azure VMware Solution to the vNET used for disaster recovery.   
+
+- Follow the [Zerto Virtual Replication Azure Enterprise Guidelines](http://s3.amazonaws.com/zertodownload_docs/Latest/Zerto%20Virtual%20Replication%20Azure%20Enterprise%20Guidelines.pdf) for the rest of the prerequisites.
+
+
+
+## Install Zerto on Azure VMware Solution
+
+Currently, Zerto disaster recovery on Azure VMware Solution is in Initial Availability (IA) phase. In the IA phase, you must contact Microsoft to request and qualify for IA support.
+
+To request IA support for Zerto on Azure VMware Solution, send an email request to [email protected]. In the IA phase, Azure VMware Solution only supports manual installation and onboarding of Zerto. However, Microsoft will work with you to ensure that you can manually install Zerto on your private cloud.
+
+> [!NOTE]
+> As part of the manual installation, Microsoft will create a new vCenter user account for Zerto. This user account is only for Zerto Virtual Manager (ZVM) to perform operations on the Azure VMware Solution vCenter. When installing ZVM on Azure VMware Solution, don’t select the “Select to enforce roles and permissions using Zerto vCenter privileges” option. 
+
+
+After the ZVM installation, select the options below from the Zerto Virtual Manager **Site Settings**. 
+
+:::image type="content" source="media/zerto-disaster-recovery/zerto-disaster-recovery-install-5.png" alt-text="Screenshot of the Workload Automation section that shows to select all of the options listed for the blue checkboxes.":::
+
+>[!NOTE]
+>General Availability of Azure VMware Solution will enable self-service installation and Day 2 operations of Zerto on Azure VMware Solution.
+
+
+## Configure Zerto for disaster recovery
+
+To configure Zerto for the on-premises VMware to Azure VMware Solution disaster recovery and Azure VMware Solution to Azure VMware Solution Cloud disaster recovery scenarios, see the [Zerto Virtual Manager Administration Guide vSphere Environment](https://s3.amazonaws.com/zertodownload_docs/8.5_Latest/Zerto%20Virtual%20Manager%20vSphere%20Administration%20Guide.pdf?cb=1629311409).
+
+
+For more information, see the [Zerto technical documentation](https://www.zerto.com/myzerto/technical-documentation/). Alternatively, you can download all the Zerto guides part of the [v8.5 Search Tool for Zerto Software PDFs documentation bundle](https://s3.amazonaws.com/zertodownload_docs/8.5_Latest/SEARCH_TOOL.zip?cb=1629311409).
+
+
+
+## Ongoing management of Zerto
+
+- As you scale your Azure VMware Solution private cloud operations, you might need to add new Azure VMware Solution hosts for Zerto protection or configure Zerto disaster recovery to new Azure VMware Solution vSphere Clusters. In both these scenarios, you'll be required to open a Support Request with the Azure VMware Solution team in the Initial Availability phase. You can open the [support ticket](https://rc.portal.azure.com/#create/Microsoft.Support) from the Azure portal for these Day 2 configurations. 
+
+   :::image type="content" source="media/zerto-disaster-recovery/support-request-zerto-disaster-recovery.png" alt-text="Screenshot showing the support request for Day 2 Zerto disaster recovery configurations.":::
+
+- In the GA phase, all the above operations will be enabled in an automated self-service fashion.
+
+
+## FAQs
+
+### Can I use a pre-existing Zerto product license on Azure VMware Solution?
+
+You can reuse pre-existing Zerto product licenses for Azure VMware Solution environments. If you need new Zerto licenses, email Zerto at **[email protected]** to acquire new licenses. 
+
+### How is Zerto supported?
+
+Zerto disaster recovery is a solution that is sold and supported by Zerto. For any support issue with Zerto disaster recovery, always contact [Zerto support](https://www.zerto.com/company/support-and-service/support/).
+
+Zerto and Microsoft support teams will engage each other as needed to troubleshoot Zerto disaster recovery issues on Azure VMware Solution.
+