Merge pull request #116656 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to master to sync with https://github.com/MicrosoftDocs/azure-docs (branch master)

Author: huypub

articles/active-directory/manage-apps/application-proxy-connectors.md

@@ -170,9 +170,9 @@ and Windows performance counters.
 
 ![Add counters to the connector with the Performance Monitor](./media/application-proxy-connectors/performance-monitor.png)
 
-The connectors have both admin and session logs. The admin logs include key events and their errors. The session logs include all the transactions and their processing details.
+The connectors have both **Admin** and **Session** logs. The **Admin** log includes key events and their errors. The **Session** log includes all the transactions and their processing details.
 
-To see the logs, go to the Event Viewer, open the **View** menu, and enable **Show analytic and debug logs**. Then, enable them to start collecting events. These logs do not appear in Web Application Proxy in Windows Server 2012 R2, as the connectors are based on a more recent version.
+To see the logs, open **Event Viewer** and go to **Applications and Services Logs** > **Microsoft** > **AadApplicationProxy** > **Connector**. To make the **Session** log visible, on the **View** menu, select **Show Analytic and Debug Logs**. The **Session** log is typically used for troubleshooting, and it's disabled by default. Enable it to start collecting events and disable it when it's no longer needed.
 
 You can examine the state of the service in the Services window. The connector is made up of two Windows Services: the actual connector, and the updater. Both of them must run all the time.
 

articles/application-gateway/application-gateway-autoscaling-zone-redundant.md

@@ -40,7 +40,7 @@ With the v2 SKU, the pricing model is driven by consumption and is no longer att
 - **Fixed price** - This is hourly (or partial hour) price to provision a Standard_v2 or WAF_v2 Gateway. Please note that 0 additional minimum instances still ensures high availability of the service which is always included with fixed price.
 - **Capacity Unit price** - This is a consumption-based cost that is charged in addition to the fixed cost. Capacity unit charge is also computed hourly or partial hourly. There are three dimensions to capacity unit - compute unit, persistent connections, and throughput. Compute unit is a measure of processor capacity consumed. Factors affecting compute unit are TLS connections/sec, URL Rewrite computations, and WAF rule processing. Persistent connection is a measure of established TCP connections to the application gateway in a given billing interval. Throughput is average Megabits/sec processed by the system in a given billing interval.  The billing is done at a Capacity Unit level for anything above the reserved instance count.
 
-Each capacity unit is composed of at most: 1 compute unit, or 2500 persistent connections, or 2.22-Mbps throughput.
+Each capacity unit is composed of at most: 1 compute unit, 2500 persistent connections, and 2.22-Mbps throughput.
 
 Compute unit guidance:
 

articles/application-gateway/application-gateway-faq.md

@@ -408,9 +408,6 @@ But if you'd like to use Application Gateway V2 with only private IP, you can fo
 Sample NSG configuration for private IP only access:
 ![Application Gateway V2 NSG Configuration for private IP access only](./media/application-gateway-faq/appgw-privip-nsg.png)
 
-### Does Application Gateway affinity cookie support SameSite attribute?
-Yes, the [Chromium browser](https://www.chromium.org/Home) [v80 update](https://chromiumdash.appspot.com/schedule) introduced a mandate on HTTP cookies without SameSite attribute to be treated as SameSite=Lax. This means that the Application Gateway affinity cookie won't be sent by the browser in a third-party context. 
-To support this scenario, Application Gateway injects another cookie called *ApplicationGatewayAffinityCORS* in addition to the existing *ApplicationGatewayAffinity* cookie.  These cookies are similar, but the *ApplicationGatewayAffinityCORS* cookie has two more attributes added to it: *SameSite=None; Secure*. These attributes maintain sticky sessions even for cross-origin requests. See the [cookie based affinity section](configuration-overview.md#cookie-based-affinity) for more information.
 
 ## Next steps
 

articles/azure-app-configuration/concept-enable-rbac.md

@@ -9,10 +9,10 @@ ms.service: azure-app-configuration
 
 ---
 # Authorize access to Azure App Configuration using Azure Active Directory
-Azure App Configuration supports using Azure Active Directory (Azure AD) to authorize requests to App Configuration instances.  Azure AD allows you to use role-based access control (RBAC) to grant permissions to a security principal.  A security principal may be a user, or an [application service principal](../active-directory/develop/app-objects-and-service-principals.md).  To learn more about roles and role assignments, see [Understanding different roles](../role-based-access-control/overview.md).
+Besides using Hash-based Message Authentication Code (HMAC), Azure App Configuration supports using Azure Active Directory (Azure AD) to authorize requests to App Configuration instances.  Azure AD allows you to use role-based access control (RBAC) to grant permissions to a security principal.  A security principal may be a user, a [managed identity](../active-directory/managed-identities-azure-resources/overview.md) or an [application service principal](../active-directory/develop/app-objects-and-service-principals.md).  To learn more about roles and role assignments, see [Understanding different roles](../role-based-access-control/overview.md).
 
 ## Overview
-Requests made by security principal (a user, or an application) to access an App Configuration resource must be authorized.  With Azure AD, access to a resource is a two-step process.
+Requests made by a security principal to access an App Configuration resource must be authorized. With Azure AD, access to a resource is a two-step process:
 1. The security principal's identity is authenticated and an OAuth 2.0 token is returned.  The resource name to request a token is `https://login.microsoftonline.com/{tenantID}` where `{tenantID}` matches the Azure Active Directory tenant ID to which the service principal belongs.
 2. The token is passed as part of a request to the App Configuration service to authorize access to the specified resource.
 
@@ -30,8 +30,11 @@ Azure provides the following built-in RBAC roles for authorizing access to App C
 
 - **App Configuration Data Owner**: Use this role to give read/write/delete access to App Configuration data. This does not grant access to the App Configuration resource.
 - **App Configuration Data Reader**: Use this role to give read access to App Configuration data. This does not grant access to the App Configuration resource.
-- **Contributor**: Use this role to manage the App Configuration resource. While the App Configuration data can be accessed using access keys, this role does not grant access to the data using Azure AD.
+- **Contributor**: Use this role to manage the App Configuration resource. While the App Configuration data can be accessed using access keys, this role does not grant direct access to the data using Azure AD.
 - **Reader**: Use this role to give read access to the App Configuration resource. This does not grant access to the resource's access keys, nor to the data stored in App Configuration.
 
+> [!NOTE]
+> Currently, the Azure portal and CLI only support HMAC authentication to access App Configuration data. Azure AD authentication is not supported. Therefore, users of the Azure portal and CLI require the *Contributor* role to retrieve the access keys of the App Configuration resource. Granting *App Configuration Data Reader* or *App Configuration Data Owner* roles has no impact on access through the portal and CLI.
+
 ## Next steps
 Learn more about using [managed identities](howto-integrate-azure-managed-service-identity.md) to administer your App Configuration service.

articles/azure-monitor/index.yml

@@ -81,7 +81,7 @@ landingContent:
     linkLists: 
       - linkListType: learn
         links:
-          - text: Free Pluralsite Training - Azure Administrator
+          - text: Free Pluralsight Training - Azure Administrator
             url: https://go.microsoft.com/fwlink/?linkid=2012827
 
   # Card

articles/azure-monitor/insights/container-insights-overview.md

@@ -44,7 +44,7 @@ Azure Monitor for containers delivers a comprehensive monitoring experience usin
 
 The main differences in monitoring a Windows Server cluster compared to a Linux cluster are the following:
 
-- Memory RSS metric isn't available for Windows node and containers.
+- Windows doesn't have a Memory RSS metric and therefore isn't available for Windows node and containers. Working Set is available. Learn more about [memory management in windows](https://docs.microsoft.com/windows/win32/memory/working-set).
 - Disk storage capacity information isn't available for Windows nodes.
 - Container logs aren't available for containers running in Windows nodes.
 - Live Data (preview) feature support is available with the exception of Windows container logs.

articles/connectors/apis-list.md

@@ -105,7 +105,7 @@ Logic Apps provides built-in actions for running your own code in your logic app
 
 |   |   |   |   |
 |---|---|---|---|
-| [![API icon][azure-functions-icon]<br>**Azure Functions**][azure-functions-doc] | Call Azure functions that run custom code snippets (C# or Node.js) from your logic apps. | [![API icon][inline-code-icon]<br>**Inline code**][azure-functions-doc] | Add and run JavaScript code snippets from your logic apps. |
+| [![API icon][azure-functions-icon]<br>**Azure Functions**][azure-functions-doc] | Call Azure functions that run custom code snippets (C# or Node.js) from your logic apps. | [![API icon][inline-code-icon]<br>**Inline code**][inline-code-doc] | Add and run JavaScript code snippets from your logic apps. |
 |||||
 
 ### Control workflow
@@ -392,6 +392,7 @@ To call APIs that run custom code or aren't available as connectors, you can ext
 [http-response-doc]: ./connectors-native-reqres.md "Respond to HTTP requests from your logic apps"
 [http-swagger-doc]: ./connectors-native-http-swagger.md "Call REST endpoints from your logic apps"
 [http-webhook-doc]: ./connectors-native-webhook.md "Wait for specific events from HTTP or HTTPS endpoints"
+[inline-code-doc]: ../logic-apps/logic-apps-add-run-inline-code.md "Add and run JavaScript code snippets from your logic apps"
 [nested-logic-app-doc]: ../logic-apps/logic-apps-http-endpoint.md "Integrate logic apps with nested workflows"
 [query-doc]: ../logic-apps/logic-apps-perform-data-operations.md#filter-array-action "Select and filter arrays with the Query action"
 [schedule-doc]: ../logic-apps/concepts-schedule-automated-recurring-tasks-workflows.md "Run logic apps based a schedule"

articles/key-vault/general/private-link-service.md

@@ -122,7 +122,7 @@ az network private-dns zone create --resource-group {RG} --name privatelink.vaul
 ```
 ### Link Private DNS Zone to Virtual Network 
 ```console
-az network private-dns link vnet create --resoruce-group {RG} --virtual-network {vNet NAME} --zone-name privatelink.vaultcore.azure.net --name {dnsZoneLinkName} --registration-enabled true
+az network private-dns link vnet create --resource-group {RG} --virtual-network {vNet NAME} --zone-name privatelink.vaultcore.azure.net --name {dnsZoneLinkName} --registration-enabled true
 ```
 ### Create a Private Endpoint (Automatically Approve) 
 ```console

articles/service-fabric/service-fabric-sfctl-chaos.md

@@ -78,7 +78,7 @@ If Chaos is not already running in the cluster, it starts Chaos with the passed
 
 |Argument|Description|
 | --- | --- |
-| --app-type-health-policy-map | JSON encoded list with max percentage unhealthy applications for specific application types. Each entry specifies as a key the application type name and as  a value an integer that represents the MaxPercentUnhealthyApplications percentage used to evaluate the applications of the specified application type. <br><br> Defines a map with max percentage unhealthy applications for specific application types. Each entry specifies as key the application type name and as value an integer that represents the MaxPercentUnhealthyApplications percentage used to evaluate the applications of the specified application type. The application type health policy map can be used during cluster health evaluation to describe special application types. The application types included in the map are evaluated against the percentage specified in the map, and not with the global MaxPercentUnhealthyApplications defined in the cluster health policy. The applications of application types specified in the map are not counted against the global pool of applications. For example, if some applications of a type are critical, the cluster administrator can add an entry to the map for that application type and assign it a value of 0% (that is, do not tolerate any failures). All other applications can be evaluated with MaxPercentUnhealthyApplications set to 20% to tolerate some failures out of the thousands of application instances. The application type health policy map is used only if the cluster manifest enables application type health evaluation using the configuration entry for HealthManager/EnableApplicationTypeHealthEvaluation. |
+| --app-type-health-policy-map | JSON encoded array of dictionary (key / value) entries with max percentage unhealthy applications for specific application types. Each dictionary entry specifies as a key the application type name and an integer for value that represents the MaxPercentUnhealthyApplications percentage used to evaluate the applications of the specified application type. <br><br> Defines a map with max percentage unhealthy applications for specific application types. The application type health policy map can be used during cluster health evaluation to describe individual application types. The application types included in the map are evaluated against the percentage specified in the map, and not with the global MaxPercentUnhealthyApplications defined in the cluster health policy. The applications of application types specified in the map are not counted against the global pool of applications. For example, if some applications of a type are critical, the cluster administrator can add an entry to the map for that application type and assign it a value of 0% (do not tolerate any failures). All other applications can be evaluated with MaxPercentUnhealthyApplications set to 20% to tolerate some failures out of the thousands of application instances. The application type health policy map is used only if the cluster manifest enables application type health evaluation using the configuration entry for HealthManager/EnableApplicationTypeHealthEvaluation. <br><br> Example JSON encoded string: [{\"key\": \"fabric:/Voting\", \"value\": \"0\"}] |
 | --chaos-target-filter | JSON encoded dictionary with two string type keys. The two keys are NodeTypeInclusionList and ApplicationInclusionList. Values for both of these keys are list of string. chaos_target_filter defines all filters for targeted Chaos faults, for example, faulting only certain node types or faulting only certain applications. <br><br> If chaos_target_filter is not used, Chaos faults all cluster entities. If chaos_target_filter is used, Chaos faults only the entities that meet the chaos_target_filter specification. NodeTypeInclusionList and ApplicationInclusionList allow a union semantics only. It is not possible to specify an intersection of NodeTypeInclusionList and ApplicationInclusionList. For example, it is not possible to specify "fault this application only when it is on that node type." Once an entity is included in either NodeTypeInclusionList or ApplicationInclusionList, that entity cannot be excluded using ChaosTargetFilter. Even if applicationX does not appear in ApplicationInclusionList, in some Chaos iteration applicationX can be faulted because it happens to be on a node of nodeTypeY that is included in NodeTypeInclusionList. If both NodeTypeInclusionList and ApplicationInclusionList are empty, an ArgumentException is thrown. All types of faults (restart node, restart code package, remove replica, restart replica, move primary, and move secondary) are enabled for the nodes of these node types. If a node type (say NodeTypeX) does not appear in the NodeTypeInclusionList, then node level faults (like NodeRestart) will never be enabled for the nodes of NodeTypeX, but code package and replica faults can still be enabled for NodeTypeX if an application in the ApplicationInclusionList happens to reside on a node of NodeTypeX. At most 100 node type names can be included in this list, to increase this number, a config upgrade is required for MaxNumberOfNodeTypesInChaosEntityFilter configuration. All replicas belonging to services of these applications are amenable to replica faults (restart replica, remove replica, move primary, and move secondary) by Chaos. Chaos may restart a code package only if the code package hosts replicas of these applications only. If an application does not appear in this list, it can still be faulted in some Chaos iteration if the application ends up on a node of a node type that is included in NodeTypeInclusionList. However if applicationX is tied to nodeTypeY through placement constraints and applicationX is absent from ApplicationInclusionList and nodeTypeY is absent from NodeTypeInclusionList, then applicationX will never be faulted. At most 1000 application names can be included in this list, to increase this number, a config upgrade is required for MaxNumberOfApplicationsInChaosEntityFilter configuration. |
 | --context | JSON encoded map of (string, string) type key-value pairs. The map can be used to record information about the Chaos run. There cannot be more than 100 such pairs and each string (key or value) can be at most 4095 characters long. This map is set by the starter of the Chaos run to optionally store the context about the specific run. |
 | --disable-move-replica-faults | Disables the move primary and move secondary faults. |
@@ -126,4 +126,4 @@ Stops Chaos from executing new faults. In-flight faults will continue to execute
 
 ## Next steps
 - [Setup](service-fabric-cli.md) the Service Fabric CLI.
-- Learn how to use the Service Fabric CLI using the [sample scripts](/azure/service-fabric/scripts/sfctl-upgrade-application).
+- Learn how to use the Service Fabric CLI using the [sample scripts](/azure/service-fabric/scripts/sfctl-upgrade-application).

articles/synapse-analytics/toc.yml

@@ -893,7 +893,7 @@
   - name: Service updates
     href: https://azure.microsoft.com/updates/?product=sql-data-warehouse
   - name: Stack Overflow
-    href: https://stackoverflow.com/questions/tagged/azure-sqldw/
+    href: https://stackoverflow.com/questions/tagged/azure-synapse/
   - name: Support
     href: ./sql-data-warehouse/sql-data-warehouse-get-started-create-support-ticket.md?toc=/azure/synapse-analytics/toc.json&bc=/azure/synapse-analytics/breadcrumb/toc.json
   - name: Customer self-help