Merge pull request #101025 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to master to sync with https://github.com/Microsoft/azure-docs (branch master)

Author: huypub

articles/active-directory/conditional-access/howto-conditional-access-policy-location.md

@@ -27,7 +27,7 @@ With the location condition in Conditional Access, you can control access to you
 1. Give your location a name.
 1. Choose **IP ranges** if you know the specific externally accessible IPv4 address ranges that make up that location or **Countries/Regions**.
    1. Provide the **IP ranges** or select the **Countries/Regions** for the location you are specifying.
-      * If you chose Countries/Regions, you can optionally choose to include unknown areas.
+      * If you choose Countries/Regions, you can optionally choose to include unknown areas.
 1. Choose **Save**
 
 More information about the location condition in Conditional Access can be found in the article, 

articles/azure-maps/traffic-coverage.md

@@ -42,6 +42,7 @@ However, Maps does not have the same level of information and accuracy for all c
 |Hong Kong SAR     |✓         |✓         |
 |India   |✓         |✓         |
 |Indonesia     |✓         |✓         |
+|Kazakhstan    |✓         |✓         |
 |Macao SAR     |✓         |✓         |
 |Malaysia     |✓         |✓         |
 |New Zealand     |✓         |✓         |

articles/firewall/tutorial-hybrid-ps.md

@@ -47,7 +47,7 @@ This article requires that you run PowerShell locally. You must have the Azure P
 
 There are three key requirements for this scenario to work correctly:
 
-- A User Defined Route (UDR) on the spoke subnet that points to the Azure Firewall IP address as the default gateway. BGP route propagation must be **Disabled** on this route table.
+- A User Defined Route (UDR) on the spoke subnet that points to the Azure Firewall IP address as the default gateway. Virtual network gateway route propagation must be **Disabled** on this route table.
 - A UDR on the hub gateway subnet must point to the firewall IP address as the next hop to the spoke networks.
 
    No UDR is required on the Azure Firewall subnet, as it learns routes from BGP.
@@ -350,7 +350,7 @@ Set-AzVirtualNetwork
 
 #Now create the default route
 
-#Create a table, with BGP route propagation disabled
+#Create a table, with BGP route propagation disabled. The property is now called "Virtual network gateway route propagation," but the API still refers to the parameter as "DisableBgpRoutePropagation."
 $routeTableSpokeDG = New-AzRouteTable `
   -Name 'UDR-DG' `
   -ResourceGroupName $RG1 `

articles/hdinsight/hdinsight-release-notes.md

@@ -28,7 +28,7 @@ This release applies both for HDInsight 3.6 and 4.0. HDInsight release is made a
 ### TLS 1.2 enforcement
 Transport Layer Security (TLS) and Secure Sockets Layer (SSL) are cryptographic protocols that provide communications security over a computer network. Learn more about [TLS](https://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_1.0.2C_2.0_and_3.0). HDInsight uses TLS 1.2 on public HTTPs endpoints but TLS 1.1 is still supported for backward compatibility. 
 
-From this release, cusotmers can opt-in TLS 1.2 enformence for all connections through TLS 1.2. A new property **minSupportedTlsVersion** is introduced via Azure Resource Manager template for cluster creation. If the property is not set, the cluster still supports 1.0, 1.1 and 1.2, same as today's behavior. Customers can set the value for this property to "1.2", which means that the cluster only supports TLS 1.2 and above. 
+With this release, customers can opt into TLS 1.2 only for all connections through the public cluster endpoint. To support this, the new property **minSupportedTlsVersion** is introduced and can be specified during cluster creation. If the property is not set, the cluster still supports TLS 1.0, 1.1 and 1.2, which is the same as today's behavior. Customers can set the value for this property to "1.2", which means that the cluster only supports TLS 1.2 and above. 
 
 ### Bring your own key for disk encryption
 All managed disks in HDInsight are protected with Azure Storage Service Encryption (SSE). Data on those disks is encrypted by Microsoft-managed keys by default. Starting from this release, you can Bring Your Own Key (BYOK) for disk encryption and manage it using Azure Key Vault. BYOK encryption is a one-step configuration during cluster creation with no additional cost. Just register HDInsight as a managed identity with Azure Key Vault and add the encryption key when you create your cluster. 

articles/machine-learning/how-to-troubleshoot-deployment.md

@@ -346,7 +346,7 @@ Local web service deployments require a working Docker installation on your loca
 
 
     myenv = Environment.from_conda_specification(name="env", file_path="myenv.yml")
-    myenv.docker.base_image = NONE
+    myenv.docker.base_image = None
     myenv.docker.base_dockerfile = "FROM mcr.microsoft.com/azureml/base:intelmpi2018.3-ubuntu16.04\nRUN apt-get update && apt-get install vim -y"
     inference_config = InferenceConfig(entry_script="score.py", environment=myenv)
     package = Model.package(ws, [model], inference_config)

articles/security/benchmarks/introduction.md

@@ -24,7 +24,7 @@ The Azure Security Benchmark includes a collection of high-impact security recom
 
 The Azure Security Benchmark documentation specifies security controls and service recommendations.
 
-- **Security Controls**: The Azure Security Benchmark recommendations are categorized by security controls. Security controls represent high-level vendor-agnostic security requirements, such as network security and data protection. Each security control has a set of security recommendations and instructions that help you implment those recommendations. 
+- **Security Controls**: The Azure Security Benchmark recommendations are categorized by security controls. Security controls represent high-level vendor-agnostic security requirements, such as network security and data protection. Each security control has a set of security recommendations and instructions that help you implement those recommendations. 
 - **Service Recommendations**: When available, benchmark recommendations for Azure services will include Azure Security Benchmark recommendations that are tailored specifically for that service. 
 
 The terms "Control", "Benchmark", and "Baseline" are used often in the Azure Security Benchmark documentation and it's important to understand how Azure uses those terms. 
@@ -35,4 +35,4 @@ The terms "Control", "Benchmark", and "Baseline" are used often in the Azure Sec
 | Benchmark | A **benchmark** contains security recommendations for a specific technology, such as Azure. The recommendations are categorized by the control to which they belong. | The Azure Security benchmark comprises the security recommendations specific to the Azure platform  |
 | Baseline | A **baseline** is the security requirements for an organization. The security requirements are based on benchmark recommendations. Each organization decides which benchmark recommendations to include in their baseline. | The Contoso company creates its security baseline by choosing to require specific recommendations in the Azure Security Benchmark. |
 
-We welcome your feedback on the Azure Security Benchmark! We encourage you to provide comments in the feedback area below. If you prefer to share your input more privately with the Azure Security Benchmark team, you are welcome to fill out the form at https://aka.ms/AzSecBenchmark 
+We welcome your feedback on the Azure Security Benchmark! We encourage you to provide comments in the feedback area below. If you prefer to share your input more privately with the Azure Security Benchmark team, you are welcome to fill out the form at https://aka.ms/AzSecBenchmark 

articles/security/fundamentals/ad-passwordless.md

@@ -305,7 +305,7 @@ Passwordless authentication is the wave of the future and the path to a more sec
 
 * Deploy Microsoft Authenticator App for mobility.
 
-* Deploy Windows Hello for Business (1903: stay current).
+* Deploy Windows Hello for Business (1909: stay current).
 
 * Deploy FIDO2 devices for users who can't use phones.