Merge pull request #84031 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to master to sync with https://github.com/Microsoft/azure-docs (branch master)

Author: huypub

articles/active-directory/fundamentals/active-directory-deployment-plans.md

@@ -65,3 +65,4 @@ Roles might include the following
 |[Azure AD Application Proxy](https://aka.ms/deploymentplans/appproxy)|Employees today want to be productive at any place, at any time, and from any device. They want to work on their own devices, whether they are tablets, phones, or laptops. And employees expect to be able to access all their applications, both SaaS apps in the cloud and corporate apps on-premises. Providing access to on-premises applications has traditionally involved virtual private networks (VPNs) or demilitarized zones (DMZs). Not only are these solutions complex and hard to make secure, but they are costly to set up and manage. There is a better way! - Azure AD Application Proxy|
 |[User provisioning](https://aka.ms/UserProvisioningDPDownload)|Azure AD helps you automate the creation, maintenance, and removal of user identities in cloud (SaaS) applications, such as Dropbox, Salesforce, ServiceNow, and more.|
 |[Workday-driven Inbound User Provisioning](https://aka.ms/WorkdayDeploymentPlan)|Workday-driven Inbound User Provisioning to Active Directory creates a foundation for ongoing identity governance and enhances the quality of business processes that rely on authoritative identity data. Using this feature, you can seamlessly manage the identity lifecycle of employees and contingent workers by configuring rules that map Joiner-Mover-Leaver processes (such as New Hire, Terminate, Transfer) to IT provisioning actions (such as Create, Enable, Disable, Delete accounts).|
+|[Reporting and Monitoring](https://aka.ms/deploymentplans/reporting)| The design of your Azure AD reporting and monitoring solution depends on your legal, security, and operational requirements as well as your existing environment and processes. This article presents the various design options and guides you to the right deployment strategy.|

articles/active-directory/user-help/security-info-setup-security-key.md

@@ -31,7 +31,7 @@ We currently support several designs and providers of security keys using the [F
 Your administrator or your organization will provide you with a security key if they require it for your work or school account. There are different types of security keys you can use, for example a USB key that you plug in to your device or an NFC key that you tap on an NFC reader. You can find out more information about your security key, including what type it is, from the manufacturer's documentation.
 
 > [!Note]
-> If you're unable to use a FIDO2 security key, there are other passwordless authentication methods you can use such as the Microsoft Authenticator app or Windows Hello. For more information about the Microsoft Authenticator app, see [What is the Microsoft Authenticator app?](https://docs.microsoft.com/azure/active-directory/user-help/user-help-auth-app-overview). For more information about Windows Hello, see [Windows Hello overview](https://www.microsoft.com/windows/windows-hello).
+> If you're unable to use a FIDO2 security key, there are other passwordless authentication methods you can use such as the Microsoft Authenticator app or Windows Hello. For more information about the Microsoft Authenticator app, see [What is the Microsoft Authenticator app?](user-help-auth-app-overview.md). For more information about Windows Hello, see [Windows Hello overview](https://www.microsoft.com/windows/windows-hello).
 
 ## Before you begin
 
@@ -146,7 +146,7 @@ In order to register a security key, you must have at least one additional secur
 
 ## Next steps
 
-- For more information about passwordless authentication methods, read the [Microsoft’s Azure AD begins public preview of FIDO2 security keys, enabling passwordless logins](https://www.onmsft.com/news/microsofts-azure-ad-begins-public-preview-of-fido2-security-keys-enabling-passwordless-logins) blog, or read the [What is the Microsoft Authenticator app?](https://docs.microsoft.com/azure/active-directory/user-help8user-help-auth-app-overview) and [Windows Hello overview](https://www.microsoft.com/windows/windows-hello) articles.
+- For more information about passwordless authentication methods, read the [Microsoft’s Azure AD begins public preview of FIDO2 security keys, enabling passwordless logins](https://www.onmsft.com/news/microsofts-azure-ad-begins-public-preview-of-fido2-security-keys-enabling-passwordless-logins) blog, or read the [What is the Microsoft Authenticator app?](user-help-auth-app-overview.md) and [Windows Hello overview](https://www.microsoft.com/windows/windows-hello) articles.
 
 - For more detailed info about [Microsoft-compliant security keys](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key).
 

articles/application-gateway/application-gateway-faq.md

@@ -319,6 +319,10 @@ Yes. You can enable DDoS protection on the virtual network where the application
 
 Yes. For details see, [Migrate Azure Application Gateway and Web Application Firewall from v1 to v2](migrate-v1-v2.md).
 
+### Does WAF support non UTF-8 encoding?
+
+No. WAF currently supports only UTF-8 encoding.
+
 ## Diagnostics and logging
 
 ### What types of logs does Application Gateway provide?

articles/azure-maps/traffic-coverage.md

@@ -58,7 +58,9 @@ However, Maps does not have the same level of information and accuracy for all r
 |---------|:---------:|:---------:|
 |Andorra   |✓         |✓         |
 |Austria     |✓         |✓         |
+|Belarus    |✓         |✓         |
 |Belgium     |✓         |✓         |
+|Bosnia and Herzegovina    |✓         |✓         |
 |Bulgaria     |✓         |✓         |
 |Croatia     |✓         |✓         |
 |Czech Republic     |✓         |✓         |
@@ -74,6 +76,7 @@ However, Maps does not have the same level of information and accuracy for all r
 |Iceland     |✓         |✓         |
 |Ireland     |✓         |✓         |
 |Italy     |✓         |✓        |
+|Kazakhstan    |✓         |✓        |
 |Latvia     |✓         |✓         |
 |Lesotho     |✓         |✓         |
 |Liechtenstein      |✓         |✓         |
@@ -89,6 +92,7 @@ However, Maps does not have the same level of information and accuracy for all r
 |Romania     |✓         |✓         |
 |Russian Federation     |✓         |✓         |
 |San Marino    |✓         |✓         |
+|Serbia   |✓         |✓         |
 |Slovakia     |✓         |✓         |
 |Slovenia     |✓         |✓         |
 |Spain     |✓         |✓         |

articles/azure-monitor/insights/container-insights-alerts.md

@@ -269,7 +269,7 @@ InsightsMetrics
 | where TimeGenerated < endDateTime
 | where TimeGenerated >= startDateTime
 | where Origin == 'container.azm.ms/telegraf'            
-| where Namespace == 'disk'            
+| where Namespace == 'container.azm.ms/disk'            
 | extend Tags = todynamic(Tags)            
 | project TimeGenerated, ClusterId = Tags['container.azm.ms/clusterId'], Computer = tostring(Tags.hostName), Device = tostring(Tags.device), Path = tostring(Tags.path), DiskMetricName = Name, DiskMetricValue = Val   
 | where ClusterId =~ clusterId       

articles/azure-monitor/log-query/cross-workspace-query.md

@@ -39,9 +39,6 @@ Identifying a workspace can be accomplished one of several ways:
 * Resource name - is a human-readable name of the workspace, sometimes referred to as *component name*. 
 
     `workspace("contosoretail-it").Update | count`
- 
-    >[!NOTE]
-    >Identifying a workspace by name assumes uniqueness across all accessible subscriptions. If you have multiple applications with the specified name, the query fails because of the ambiguity. In this case, you must use one of the other identifiers.
 
 * Qualified name - is the “full name” of the workspace, composed of the subscription name, resource group, and component name in this format: *subscriptionName/resourceGroup/componentName*. 
 
@@ -71,6 +68,9 @@ Identifying an application in Application Insights can be accomplished with the
 
     `app("fabrikamapp")`
 
+    >[!NOTE]
+    >Identifying an application by name assumes uniqueness across all accessible subscriptions. If you have multiple applications with the specified name, the query fails because of the ambiguity. In this case, you must use one of the other identifiers.
+
 * Qualified name - is the “full name” of the app, composed of the subscription name, resource group, and component name in this format: *subscriptionName/resourceGroup/componentName*. 
 
     `app("AI-Prototype/Fabrikam/fabrikamapp").requests | count`

articles/backup/backup-azure-arm-restore-vms.md

@@ -106,7 +106,8 @@ As one of the [restore options](#restore-options), you can create a disk from a
 
 4. In **Restore configuration**, select **OK**. In **Restore**, click **Restore** to trigger the restore operation.
 
-During the VM restore, Azure Backup doesn’t use storage account. But in case of **Restore disks** and **Instant Restore**, storage account is used for storing template.
+When your virtual machine uses managed disks and you select the **Create virtual machine** option, Azure Backup doesn’t use the specified storage account. In the case of **Restore disks** and **Instant Restore**, the storage account is used only for storing the template. Managed disks are created in the specified resource group.
+When your virtual machine uses unmanaged disks, they are restored as blobs to the storage account.
 
 ### Use templates to customize a restored VM
 
@@ -157,7 +158,7 @@ There are a number of common scenarios in which you might need to restore VMs.
 **Zone Pinned VMs** | Azure Backup supports backup and restore of zoned pinned VMs. [Learn more](https://azure.microsoft.com/global-infrastructure/availability-zones/)
 
 ## Track the restore operation
-After you trigger the restore operation, the backup service creates a job for tracking. Azure Backup displays notifications about the job in the portal. If they aren't visible, click on the **Notifications** symbol to see them.
+After you trigger the restore operation, the backup service creates a job for tracking. Azure Backup displays notifications about the job in the portal. If they aren't visible, select the **Notifications** symbol, and then select **View all Jobs** to see the Restore Process Status.
 
 ![Restore triggered](./media/backup-azure-arm-restore-vms/restore-notification1.png)
 

articles/governance/policy/how-to/guest-configuration-create.md

@@ -31,7 +31,7 @@ with the [Azure PowerShell Docker image](https://hub.docker.com/rsdk-powershell/
 
 The Guest Configuration resource module requires the following software:
 
-- PowerShell. If it isn't yet installed, follow [these instructions](/powershell/)
+- PowerShell. If it isn't yet installed, follow [these instructions](/powershell/scripting/install/installing-powershell).
 - Azure PowerShell 1.5.0 or higher. If it isn't yet installed, follow [these instructions](/powershell/azure/install-az-ps).
 
 ### Install the module
@@ -239,7 +239,7 @@ New-GuestConfigurationPolicy
     -ContentUri 'https://storageaccountname.blob.core.windows.net/packages/AuditBitLocker.zip?st=2019-07-01T00%3A00%3A00Z&se=2024-07-01T00%3A00%3A00Z&sp=rl&sv=2018-03-28&sr=b&sig=JdUf4nOCo8fvuflOoX%2FnGo4sXqVfP5BYXHzTl3%2BovJo%3D' `
     -DisplayName 'Audit BitLocker Service.' `
     -Description 'Audit if BitLocker is not enabled on Windows machine.' `
-    -DestinationPath '.\policyDefinitions' `
+    -Path '.\policyDefinitions' `
     -Platform 'Windows' `
     -Version 1.2.3.4 `
     -Verbose
@@ -301,7 +301,7 @@ New-GuestConfigurationPolicy
     -ContentUri 'https://storageaccountname.blob.core.windows.net/packages/AuditBitLocker.zip?st=2019-07-01T00%3A00%3A00Z&se=2024-07-01T00%3A00%3A00Z&sp=rl&sv=2018-03-28&sr=b&sig=JdUf4nOCo8fvuflOoX%2FnGo4sXqVfP5BYXHzTl3%2BovJo%3D' `
     -DisplayName 'Audit Windows Service.' `
     -Description 'Audit if a Windows Service is not enabled on Windows machine.' `
-    -DestinationPath '.\policyDefinitions' `
+    -Path '.\policyDefinitions' `
     -Parameters $PolicyParameterInfo `
     -Platform 'Windows' `
     -Version 1.2.3.4 `
@@ -365,7 +365,7 @@ The `Publish-GuestConfigurationPolicy` cmdlet accepts the path from the PowerShe
 feature means you can create the policy files and publish them in a single set of piped commands.
 
 ```azurepowershell-interactive
-New-GuestConfigurationPolicy -ContentUri 'https://storageaccountname.blob.core.windows.net/packages/AuditBitLocker.zip?st=2019-07-01T00%3A00%3A00Z&se=2024-07-01T00%3A00%3A00Z&sp=rl&sv=2018-03-28&sr=b&sig=JdUf4nOCo8fvuflOoX%2FnGo4sXqVfP5BYXHzTl3%2BovJo%3D' -DisplayName 'Audit BitLocker service.' -Description 'Audit if the BitLocker service is not enabled on Windows machine.' -DestinationPath '.\policyDefinitions' -Platform 'Windows' -Version 1.2.3.4 -Verbose | ForEach-Object {$_.Path} | Publish-GuestConfigurationPolicy -Verbose
+New-GuestConfigurationPolicy -ContentUri 'https://storageaccountname.blob.core.windows.net/packages/AuditBitLocker.zip?st=2019-07-01T00%3A00%3A00Z&se=2024-07-01T00%3A00%3A00Z&sp=rl&sv=2018-03-28&sr=b&sig=JdUf4nOCo8fvuflOoX%2FnGo4sXqVfP5BYXHzTl3%2BovJo%3D' -DisplayName 'Audit BitLocker service.' -Description 'Audit if the BitLocker service is not enabled on Windows machine.' -Path '.\policyDefinitions' -Platform 'Windows' -Version 1.2.3.4 -Verbose | ForEach-Object {$_.Path} | Publish-GuestConfigurationPolicy -Verbose
 ```
 
 With the policy and initiative definitions created in Azure, the last step is to assign the

articles/virtual-machines/windows/dedicated-hosts.md

@@ -24,6 +24,4 @@ ms.author: cynthn
 
 - You can deploy a dedicated host using [Azure PowerShell](dedicated-hosts-powershell.md), the [portal](dedicated-hosts-portal.md), and [Azure CLI](../linux/dedicated-hosts-cli.md).
 
-- For more information, see the [Dedicated hosts](dedicated-hosts.md) overview.
-
-- There is sample template, found [here](https://github.com/Azure/azure-quickstart-templates/blob/master/201-vm-dedicated-hosts/README.md), that uses both zones and fault domains for maximum resiliency in a region.
+- There is sample template, found [here](https://github.com/Azure/azure-quickstart-templates/blob/master/201-vm-dedicated-hosts/README.md), that uses both zones and fault domains for maximum resiliency in a region.