Merge pull request #107550 from MicrosoftDocs/master

3/12 PM Publish

Author: huypub

.openpublishing.redirection.json

@@ -3585,6 +3585,11 @@
       "redirect_url": "/azure/sql-database/troubleshoot-connectivity-issues-microsoft-azure-sql-database",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/sql-database/sql-database-operate-query-store.md",
+      "redirect_url": "https://docs.microsoft.com/sql/relational-databases/performance/best-practice-with-the-query-store#Insight",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/sql-database/sql-database-customer-implementations.md",
       "redirect_url": "http://customers.microsoft.com",
@@ -3680,6 +3685,11 @@
       "redirect_url": "/azure/sql-database/sql-database-performance-guidance",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/sql-database/sql-database-performance.md",
+      "redirect_url": "/azure/sql-database/sql-database-monitor-overview",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/sql-database/sql-database-managed-instance-vnet-configuration.md",
       "redirect_url": "/azure/sql-database/sql-database-managed-instance-configure-vnet-subnet",
@@ -32814,6 +32824,11 @@
       "redirect_url": "/azure/role-based-access-control/built-in-roles",
       "redirect_document_id": true
     },
+    {
+      "source_path": "articles/sql-database/sql-database-control-access.md",
+      "redirect_url": "/azure/sql-database/sql-database-manage-logins",
+      "redirect_document_id": true
+    },
     {
       "source_path": "articles/active-directory/role-based-access-control-access-change-history-report.md",
       "redirect_url": "/azure/role-based-access-control/change-history-report",

articles/active-directory/users-groups-roles/directory-assign-admin-roles.md

@@ -986,18 +986,19 @@ Can manage all aspects of the Exchange product.
 
 | **Actions** | **Description** |
 | --- | --- |
+| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets. |
 | microsoft.directory/groups/unified/appRoleAssignments/update | Update groups.unified property in Azure Active Directory. |
 | microsoft.directory/groups/unified/basic/update | Update basic properties of Office 365 Groups. |
 | microsoft.directory/groups/unified/create | Create Office 365 Groups. |
 | microsoft.directory/groups/unified/delete | Delete Office 365 Groups. |
 | microsoft.directory/groups/unified/members/update | Update membership of Office 365 Groups. |
 | microsoft.directory/groups/unified/owners/update | Update ownership of Office 365 Groups. |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets. |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
 | microsoft.office365.exchange/allEntities/allTasks | Manage all aspects of Exchange Online. |
 | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Office 365 Service Health. |
 | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+| microsoft.office365.usageReports/allEntities/read | Read Office 365 usage reports. |
+| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
 
 ### External Identity Provider Administrator permissions
 
@@ -1097,7 +1098,6 @@ Can manage all aspects of groups and group settings like naming and expiration p
 | microsoft.office365.messageCenter/messages/read | Read messages in microsoft.office365.messageCenter. |
 | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Office 365 Service Health. |
 | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
-| microsoft.office365.usageReports/allEntities/read | Read Office 365 usage reports. |
 
 ### Guest Inviter permissions
 Can invite guest users independent of the ‘members can invite guests’ setting.
@@ -1208,10 +1208,12 @@ Can manage all aspects of the Skype for Business product.
 | --- | --- |
 | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
 | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets. |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
 | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Office 365 Service Health. |
 | microsoft.office365.skypeForBusiness/allEntities/allTasks | Manage all aspects of Skype for Business Online. |
 | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+| microsoft.office365.usageReports/allEntities/read	| Read Office 365 usage reports. |
+| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
+
 
 ### Message Center Privacy Reader permissions
 
@@ -1256,7 +1258,6 @@ Can manage Office apps' cloud services, including policy and settings management
 | microsoft.office365.messageCenter/messages/read | Read messages in microsoft.office365.messageCenter. |
 | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Office 365 Service Health. |
 | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
-| microsoft.office365.usageReports/allEntities/read | Read Office 365 usage reports. |
 | microsoft.office365.userCommunication/allEntities/allTasks | Read and update What’s New messages visibility. |
 | microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
 
@@ -1438,7 +1439,6 @@ Can create and manage all aspects of Microsoft Search settings.
 | microsoft.office365.search/allEntities/allProperties/allTasks | Create and delete all resources, and read and update all properties in microsoft.office365.search. |
 | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Office 365 Service Health. |
 | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
-| microsoft.office365.usageReports/allEntities/read | Read Office 365 usage reports. |
 | microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
 
 ### Search Editor permissions
@@ -1454,7 +1454,6 @@ Can create and manage the editorial content such as bookmarks, Q and As, locatio
 | --- | --- |
 | microsoft.office365.messageCenter/messages/read | Read messages in microsoft.office365.messageCenter. |
 | microsoft.office365.search/content/allProperties/allTasks | Create and delete content, and read and update all properties in microsoft.office365.search. |
-| microsoft.office365.usageReports/allEntities/read | Read Office 365 usage reports. |
 
 ### Security Administrator permissions
 
@@ -1503,7 +1502,6 @@ Creates and manages security events.
 | microsoft.azure.advancedThreatProtection/allEntities/read | Read and configure Azure AD Advanced Threat Protection. |
 | microsoft.intune/allEntities/allTasks | Manage all aspects of Intune. |
 | microsoft.office365.securityComplianceCenter/allEntities/allTasks | Read and configure Security & Compliance Center. |
-| microsoft.office365.usageReports/allEntities/read | Read Office 365 usage reports. |
 | microsoft.windows.defenderAdvancedThreatProtection/allEntities/read | Read and configure Windows Defender Advanced Threat Protection. |
 
 ### Security Reader permissions
@@ -1556,18 +1554,19 @@ Can manage all aspects of the SharePoint service.
 
 | **Actions** | **Description** |
 | --- | --- |
+| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
+| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets. |
 | microsoft.directory/groups/unified/appRoleAssignments/update | Update groups.unified property in Azure Active Directory. |
 | microsoft.directory/groups/unified/basic/update | Update basic properties of Office 365 Groups. |
 | microsoft.directory/groups/unified/create | Create Office 365 Groups. |
 | microsoft.directory/groups/unified/delete | Delete Office 365 Groups. |
 | microsoft.directory/groups/unified/members/update | Update membership of Office 365 Groups. |
 | microsoft.directory/groups/unified/owners/update | Update ownership of Office 365 Groups. |
-| microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health. |
-| microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets. |
-| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
 | microsoft.office365.serviceHealth/allEntities/allTasks | Read and configure Office 365 Service Health. |
 | microsoft.office365.sharepoint/allEntities/allTasks | Create and delete all resources, and read and update standard properties in microsoft.office365.sharepoint. |
 | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
+| microsoft.office365.usageReports/allEntities/read	| Read Office 365 usage reports. |
+| microsoft.office365.webPortal/allEntities/basic/read | Read basic properties on all resources in microsoft.office365.webPortal. |
 
 ### Teams Communications Administrator permissions
 

articles/aks/TOC.yml

@@ -117,18 +117,12 @@
   items:
   - name: Cluster operations
     items:
-    - name: Create an AKS cluster
-      href: /cli/azure/aks#az-aks-create
-      maintainContext: true
     - name: Scale an AKS cluster
       href: scale-cluster.md
     - name: Upgrade an AKS cluster
       href: upgrade-cluster.md
     - name: Process node OS updates
       href: node-updates-kured.md
-    - name: Delete an AKS cluster
-      href: /cli/azure/aks#az-aks-delete
-      maintainContext: true
     - name: Integrate ACR with an AKS cluster
       href: cluster-container-registry-integration.md
     - name: Create virtual nodes

articles/aks/certificate-rotation.md

@@ -32,7 +32,7 @@ AKS generates and uses the following certificates, Certificate Authorities, and
 * The `kubectl` client has a certificate for communicating with the AKS cluster.
 
 > [!NOTE]
-> AKS clusters created prior to March 2019 have certificates that expire after two years. Any cluster created after March 2019 or any cluster that has its certificates rotated have certificates that expire after 30 years. To verify when your cluster was created, use `kubectl get nodes` to see the *Age* of your node pools.
+> AKS clusters created prior to March 2019 have certificates that expire after two years. Any cluster created after March 2019 or any cluster that has its certificates rotated have Cluster CA certificates that expire after 30 years. All other certificates expire after two years. To verify when your cluster was created, use `kubectl get nodes` to see the *Age* of your node pools.
 > 
 > Additionally, you can check the expiration date of your cluster's certificate. For example, the following command displays the certificate details for the *myAKSCluster* cluster.
 > ```console

articles/aks/private-clusters.md

@@ -7,93 +7,16 @@ ms.date: 2/21/2020
 
 ---
 
-# Create a private Azure Kubernetes Service cluster (preview)
+# Create a private Azure Kubernetes Service cluster
 
 In a private cluster, the control plane or API server has internal IP addresses that are defined in the [RFC1918 - Address Allocation for Private Internets](https://tools.ietf.org/html/rfc1918) document. By using a private cluster, you can ensure that network traffic between your API server and your node pools remains on the private network only.
 
 The control plane or API server is in an Azure Kubernetes Service (AKS)-managed Azure subscription. A customer's cluster or node pool is in the customer's subscription. The server and the cluster or node pool can communicate with each other through the [Azure Private Link service][private-link-service] in the API server virtual network and a private endpoint that's exposed in the subnet of the customer's AKS cluster.
 
-> [!IMPORTANT]
-> AKS preview features are self-service and are offered on an opt-in basis. Previews are provided *as is* and *as available* and are excluded from the service-level agreement (SLA) and limited warranty. AKS previews are partially covered by customer support on a *best effort* basis. Therefore, the features aren't meant for production use. For more information, see the following support articles:
->
-> * [AKS Support Policies](support-policies.md)
-> * [Azure Support FAQ](faq.md)
-
 ## Prerequisites
 
-* The Azure CLI version 2.0.77 or later, and the Azure CLI AKS Preview extension version 0.4.18
-
-## Currently supported regions
-
-* Australia East
-* Australia Southeast
-* Brazil South
-* Canada Central
-* Canada East
-* Cenral US
-* East Asia
-* East US
-* East US 2
-* East US 2 EUAP
-* France Central
-* Germany North
-* Japan East
-* Japan West
-* Korea Central
-* Korea South
-* North Central US
-* North Europe
-* North Europe
-* South Central US
-* UK South
-* West Europe
-* West US
-* West US 2
-* East US 2
-
-## Currently Supported Availability Zones
-
-* Central US
-* East US
-* East US 2
-* France Central
-* Japan East
-* North Europe
-* Southeast Asia
-* UK South
-* West Europe
-* West US 2
-
-## Install the latest Azure CLI AKS Preview extension
-
-To use private clusters, you need the Azure CLI AKS Preview extension version 0.4.18 or later. Install the Azure CLI AKS Preview extension by using the [az extension add][az-extension-add] command, and then check for any available updates by using the following [az extension update][az-extension-update] command:
-
-```azurecli-interactive
-# Install the aks-preview extension
-az extension add --name aks-preview
-
-# Update the extension to make sure you have the latest version installed
-az extension update --name aks-preview
-```
-> [!CAUTION]
-> When you register a feature on a subscription, you can't currently un-register that feature. After you enable some preview features, you can use default settings for all AKS clusters that were created in the subscription. Don't enable preview features on production subscriptions. Use a separate subscription to test preview features and gather feedback.
-
-```azurecli-interactive
-az feature register --name AKSPrivateLinkPreview --namespace Microsoft.ContainerService
-```
-
-It might take several minutes for the registration status to show as *Registered*. You can check on the status by using the following [az feature list][az-feature-list] command:
-
-```azurecli-interactive
-az feature list -o table --query "[?contains(name, 'Microsoft.ContainerService/AKSPrivateLinkPreview')].{Name:name,State:properties.state}"
-```
-
-When the state is registered, refresh the registration of the *Microsoft.ContainerService* resource provider by using the following [az provider register][az-provider-register] command:
+* The Azure CLI version 2.2.0 or later
 
-```azurecli-interactive
-az provider register --namespace Microsoft.ContainerService
-az provider register --namespace Microsoft.Network
-```
 ## Create a private AKS cluster
 
 ### Create a resource group
@@ -155,6 +78,7 @@ As mentioned, VNet peering is one way to access your private cluster. To use VNe
 9. Go to the virtual network where you have the VM, select **Peerings**, select the AKS virtual network, and then create the peering. If the address ranges on the AKS virtual network and the VM's virtual network clash, peering fails. For more information, see  [Virtual network peering][virtual-network-peering].
 
 ## Dependencies  
+
 * The Private Link service is supported on Standard Azure Load Balancer only. Basic Azure Load Balancer isn't supported.  
 * To use a custom DNS server, deploy an AD server with DNS to forward to this IP 168.63.129.16
 
@@ -169,7 +93,6 @@ As mentioned, VNet peering is one way to access your private cluster. To use VNe
 * No support for converting existing AKS clusters into private clusters
 * Deleting or modifying the private endpoint in the customer subnet will cause the cluster to stop functioning. 
 * Azure Monitor for containers Live Data isn't currently supported.
-* *Bring your own DNS* isn't currently supported.
 
 
 <!-- LINKS - internal -->

articles/analysis-services/analysis-services-qs-firewall.md

@@ -17,7 +17,8 @@ This quickstart helps you configure a firewall for your Azure Analysis Services
 
 - An Analysis Services server in your subscription. To learn more, see [Quickstart: Create a server - Portal](analysis-services-create-server.md) or [Quickstart: Create a server - PowerShell](analysis-services-create-powershell.md)
 - One or more IP address ranges for client computers (if needed).
-- Please Note that Import scenario from Power BI Premium is currently not supported.
+- Some scenarios where Power BI Premium connects to Azure Analysis Services, including data import (refresh) and paginated reports, are currently not supported even when Allow access from Power BI is enabled. The more common scenario of using Live Connect from Power BI Premium is supported. All Power BI Pro scenarios are supported.
+
 
 ## Sign in to the Azure portal 
 

articles/automation/automation-update-management-query-logs.md

@@ -3,7 +3,7 @@ title: Query Azure Update Management logs
 description: This article describes how to query the logs for Update Management in your Log Analytics workspace.
 services: automation
 ms.subservice: update-management
-ms.date: 01/10/2020
+ms.date: 03/11/2020
 ms.topic: conceptual
 ---
 # Query update records for Update Management in Azure Monitor Logs
@@ -138,8 +138,8 @@ A record with a type of `UpdateSummary` is created that provides update summary
 | CriticalUpdatesMissing | Number of critical updates missing that are applicable. | 
 | ManagementGroupName | Name of the Operations Manager management group or Log Analytics workspace. |
 | NETRuntimeVersion | Version of .NET Framework installed on the Windows computer. |
-| OldestMissingSecurityUpdateBucket | | 
-| OldestMissingSecurityUpdateInDays | |
+| OldestMissingSecurityUpdateBucket | Values are:<br> *Recent*<br> *30 days ago*<br> *60 days ago*<br> *Older* | 
+| OldestMissingSecurityUpdateInDays | Total number of days for the oldest update detected as applicable that has not been installed. |
 | OsVersion | The version of the operating system. |
 | OtherUpdatesMissing | Count of detected updates missing. |
 | Resource |  Name of the resource. |