Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into fixEncHost

Author: roygara

articles/aks/control-kubeconfig-access.md

@@ -3,50 +3,50 @@ title: Limit access to kubeconfig in Azure Kubernetes Service (AKS)
 description: Learn how to control access to the Kubernetes configuration file (kubeconfig) for cluster administrators and cluster users
 ms.topic: article
 ms.custom: devx-track-azurecli
-ms.date: 05/06/2020
+ms.date: 03/28/2023
 ---
 
 # Use Azure role-based access control to define access to the Kubernetes configuration file in Azure Kubernetes Service (AKS)
 
-You can interact with Kubernetes clusters using the `kubectl` tool. The Azure CLI provides an easy way to get the access credentials and configuration information to connect to your AKS clusters using `kubectl`. To limit who can get that Kubernetes configuration (*kubeconfig*) information and to limit the permissions they then have, you can use Azure role-based access control (Azure RBAC).
+You can interact with Kubernetes clusters using the `kubectl` tool. The Azure CLI provides an easy way to get the access credentials and *kubeconfig* configuration file to connect to your AKS clusters using `kubectl`. You can use Azure role-based access control (Azure RBAC) to limit who can get access to the *kubeconfig* file and the permissions they have.
 
 This article shows you how to assign Azure roles that limit who can get the configuration information for an AKS cluster.
 
 ## Before you begin
 
-This article assumes that you have an existing AKS cluster. If you need an AKS cluster, see the AKS quickstart [using the Azure CLI][aks-quickstart-cli], [using Azure PowerShell][aks-quickstart-powershell], or [using the Azure portal][aks-quickstart-portal].
+* This article assumes that you have an existing AKS cluster. If you need an AKS cluster, create one using [Azure CLI][aks-quickstart-cli], [Azure PowerShell][aks-quickstart-powershell], or [the Azure portal][aks-quickstart-portal].
+* This article also requires that you're running Azure CLI version 2.0.65 or later. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI][azure-cli-install].
 
-This article also requires that you are running the Azure CLI version 2.0.65 or later. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI][azure-cli-install].
+## Available permissions for cluster roles
 
-## Available cluster roles permissions
+When you interact with an AKS cluster using the `kubectl` tool, a configuration file, called *kubeconfig*, defines cluster connection information. This configuration file is typically stored in *~/.kube/config*. Multiple clusters can be defined in this *kubeconfig* file. You can switch between clusters using the [`kubectl config use-context`][kubectl-config-use-context] command.
 
-When you interact with an AKS cluster using the `kubectl` tool, a configuration file is used that defines cluster connection information. This configuration file is typically stored in *~/.kube/config*. Multiple clusters can be defined in this *kubeconfig* file. You switch between clusters using the [kubectl config use-context][kubectl-config-use-context] command.
+The [`az aks get-credentials`][az-aks-get-credentials] command lets you get the access credentials for an AKS cluster and merges these credentials into the *kubeconfig* file. You can use Azure RBAC to control access to these credentials. These Azure roles let you define who can retrieve the *kubeconfig* file and what permissions they have within the cluster.
 
-The [az aks get-credentials][az-aks-get-credentials] command lets you get the access credentials for an AKS cluster and merges them into the *kubeconfig* file. You can use Azure role-based access control (Azure RBAC) to control access to these credentials. These Azure roles let you define who can retrieve the *kubeconfig* file, and what permissions they then have within the cluster.
+There are two Azure roles you can apply to an Azure Active Directory (Azure AD) user or group:
 
-The two built-in roles are:
+- **Azure Kubernetes Service Cluster Admin Role**
 
-* **Azure Kubernetes Service Cluster Admin Role**  
-  * Allows access to *Microsoft.ContainerService/managedClusters/listClusterAdminCredential/action* API call. This API call [lists the cluster admin credentials][api-cluster-admin].
-  * Downloads *kubeconfig* for the *clusterAdmin* role.
-* **Azure Kubernetes Service Cluster User Role**
-  * Allows access to *Microsoft.ContainerService/managedClusters/listClusterUserCredential/action* API call. This API call [lists the cluster user credentials][api-cluster-user].
-  * Downloads *kubeconfig* for *clusterUser* role.
+     * Allows access to `Microsoft.ContainerService/managedClusters/listClusterAdminCredential/action` API call. This API call [lists the cluster admin credentials][api-cluster-admin].
+     * Downloads *kubeconfig* for the *clusterAdmin* role.
 
-These Azure roles can be applied to an Azure Active Directory (AD) user or group.
+- **Azure Kubernetes Service Cluster User Role**
+
+     * Allows access to `Microsoft.ContainerService/managedClusters/listClusterUserCredential/action` API call. This API call [lists the cluster user credentials][api-cluster-user].
+     * Downloads *kubeconfig* for *clusterUser* role.
 
 > [!NOTE]
-> On clusters that use Azure AD, users with the *clusterUser* role have an empty *kubeconfig* file that prompts a log in. Once logged in, users have access based on their Azure AD user or group settings. Users with the *clusterAdmin* role have admin access.
+> On clusters that use Azure AD, users with the *clusterUser* role have an empty *kubeconfig* file that prompts a login. Once logged in, users have access based on their Azure AD user or group settings. Users with the *clusterAdmin* role have admin access.
 >
-> On clusters that do not use Azure AD, the *clusterUser* role has same effect of *clusterAdmin* role.
+> On clusters that don't use Azure AD, the *clusterUser* role has same effect of *clusterAdmin* role.
 
 ## Assign role permissions to a user or group
 
-To assign one of the available roles, you need to get the resource ID of the AKS cluster and the ID of the Azure AD user account or group. The following example commands:
+To assign one of the available roles, you need to get the resource ID of the AKS cluster and the ID of the Azure AD user account or group using the following steps:
 
-* Get the cluster resource ID using the [az aks show][az-aks-show] command for the cluster named *myAKSCluster* in the *myResourceGroup* resource group. Provide your own cluster and resource group name as needed.
-* Use the [az account show][az-account-show] and [az ad user show][az-ad-user-show] commands to get your user ID.
-* Finally, assign a role using the [az role assignment create][az-role-assignment-create] command.
+1. Get the cluster resource ID using the [`az aks show`][az-aks-show] command for the cluster named *myAKSCluster* in the *myResourceGroup* resource group. Provide your own cluster and resource group name as needed.
+2. Use the [`az account show`][az-account-show] and [`az ad user show`][az-ad-user-show] commands to get your user ID.
+3. Assign a role using the [`az role assignment create`][az-role-assignment-create] command.
 
 The following example assigns the *Azure Kubernetes Service Cluster Admin Role* to an individual user account:
 
@@ -65,55 +65,48 @@ az role assignment create \
     --role "Azure Kubernetes Service Cluster Admin Role"
 ```
 
+If you want to assign permissions to an Azure AD group, update the `--assignee` parameter shown in the previous example with the object ID for the *group* rather than the *user*.
+
+To get the object ID for a group, use the [`az ad group show`][az-ad-group-show] command. The following command gets the object ID for the Azure AD group named *appdev*:
+
+```azurecli-interactive
+az ad group show --group appdev --query objectId -o tsv
+```
+
 > [!IMPORTANT]
-> In some cases, the *user.name* in the account is different than the *userPrincipalName*, such as with Azure AD guest users:
+> In some cases, such as Azure AD guest users, the *user.name* in the account is different than the *userPrincipalName*.
 >
-> ```output
+> ```azurecli-interactive
 > $ az account show --query user.name -o tsv
 > [email protected]
+>
 > $ az ad user list --query "[?contains(otherMails,'[email protected]')].{UPN:userPrincipalName}" -o tsv
 > user_contoso.com#EXT#@contoso.onmicrosoft.com
 > ```
 >
-> In this case, set the value of *ACCOUNT_UPN* to the *userPrincipalName* from the Azure AD user. For example, if your account *user.name* is *user\@contoso.com*:
-> 
+> In this case, set the value of *ACCOUNT_UPN* to the *userPrincipalName* from the Azure AD user. For example, if your account *user.name* is *user\@contoso.com*, this action would look like the following example:
+>
 > ```azurecli-interactive
 > ACCOUNT_UPN=$(az ad user list --query "[?contains(otherMails,'[email protected]')].{UPN:userPrincipalName}" -o tsv)
 > ```
 
-> [!TIP]
-> If you want to assign permissions to an Azure AD group, update the `--assignee` parameter shown in the previous example with the object ID for the *group* rather than a *user*. To obtain the object ID for a group, use the [az ad group show][az-ad-group-show] command. The following example gets the object ID for the Azure AD group named *appdev*: `az ad group show --group appdev --query objectId -o tsv`
-
-You can change the previous assignment to the *Cluster User Role* as needed.
-
-The following example output shows the role assignment has been successfully created:
-
-```
-{
-  "canDelegate": null,
-  "id": "/subscriptions/<guid>/resourcegroups/myResourceGroup/providers/Microsoft.ContainerService/managedClusters/myAKSCluster/providers/Microsoft.Authorization/roleAssignments/b2712174-5a41-4ecb-82c5-12b8ad43d4fb",
-  "name": "b2712174-5a41-4ecb-82c5-12b8ad43d4fb",
-  "principalId": "946016dd-9362-4183-b17d-4c416d1f8f61",
-  "resourceGroup": "myResourceGroup",
-  "roleDefinitionId": "/subscriptions/<guid>/providers/Microsoft.Authorization/roleDefinitions/0ab01a8-8aac-4efd-b8c2-3ee1fb270be8",
-  "scope": "/subscriptions/<guid>/resourcegroups/myResourceGroup/providers/Microsoft.ContainerService/managedClusters/myAKSCluster",
-  "type": "Microsoft.Authorization/roleAssignments"
-}
-```
-
 ## Get and verify the configuration information
 
-With Azure roles assigned, use the [az aks get-credentials][az-aks-get-credentials] command to get the *kubeconfig* definition for your AKS cluster. The following example gets the *--admin* credentials, which work correctly if the user has been granted the *Cluster Admin Role*:
+Once the roles are assigned, use the [`az aks get-credentials`][az-aks-get-credentials] command to get the *kubeconfig* definition for your AKS cluster. The following example gets the *--admin* credentials, which works correctly if the user has been granted the *Cluster Admin Role*:
 
 ```azurecli-interactive
 az aks get-credentials --resource-group myResourceGroup --name myAKSCluster --admin
 ```
 
-You can then use the [kubectl config view][kubectl-config-view] command to verify that the *context* for the cluster shows that the admin configuration information has been applied:
+You can then use the [`kubectl config view`][kubectl-config-view] command to verify that the *context* for the cluster shows that the admin configuration information has been applied.
 
-```
+```azurecli-interactive
 $ kubectl config view
+```
 
+Your output should look similar to the following example output:
+
+```azurecli-interactive
 apiVersion: v1
 clusters:
 - cluster:
@@ -138,7 +131,7 @@ users:
 
 ## Remove role permissions
 
-To remove role assignments, use the [az role assignment delete][az-role-assignment-delete] command. Specify the account ID and cluster resource ID, as obtained in the previous commands. If you assigned the role to a group rather than a user, specify the appropriate group object ID rather than account object ID for the `--assignee` parameter:
+To remove role assignments, use the [`az role assignment delete`][az-role-assignment-delete] command. Specify the account ID and cluster resource ID that you obtained in the previous steps. If you assigned the role to a group rather than a user, specify the appropriate group object ID rather than account object ID for the `--assignee` parameter.
 
 ```azurecli-interactive
 az role assignment delete --assignee $ACCOUNT_ID --scope $AKS_CLUSTER
@@ -158,7 +151,6 @@ For enhanced security on access to AKS clusters, [integrate Azure Active Directo
 [aks-quickstart-powershell]: ./learn/quick-kubernetes-deploy-powershell.md
 [azure-cli-install]: /cli/azure/install-azure-cli
 [az-aks-get-credentials]: /cli/azure/aks#az_aks_get_credentials
-[azure-rbac]: ../role-based-access-control/overview.md
 [api-cluster-admin]: /rest/api/aks/managedclusters/listclusteradmincredentials
 [api-cluster-user]: /rest/api/aks/managedclusters/listclusterusercredentials
 [az-aks-show]: /cli/azure/aks#az_aks_show

articles/app-service/quickstart-html-uiex.md

@@ -103,15 +103,11 @@ The page is running as an Azure App Service web app.
 
 ## 4. Update and redeploy the app
 
-In the Cloud Shell, **type** `nano index.html` to open the nano text editor. 
+In the Cloud Shell, use `sed` to change "Azure App Service - Sample Static HTML Site" to "Azure App Service".
 
-In the `<h1>` heading tag, change "Azure App Service - Sample Static HTML Site" to "Azure App Service".
-
-![Nano index.html](media/quickstart-html/nano-index-html.png)
-
-**Save** your changes by using command `^O`.
-
-**Exit** nano by using command `^X`.
+```bash
+sed  -i 's/Azure App Service - Sample Static HTML Site/Azure App Service/' index.html
+```
 
 Redeploy the app with `az webapp up` command.
 

articles/app-service/quickstart-html.md

@@ -96,11 +96,11 @@ The page is running as an Azure App Service web app.
 
 ## Update and redeploy the app
 
-In the Cloud Shell, type `nano index.html` to open the nano text editor. In the `<h1>` heading tag, change "Azure App Service - Sample Static HTML Site" to "Azure App Service", as shown below.
+In the Cloud Shell, use `sed` to change "Azure App Service - Sample Static HTML Site" to "Azure App Service".
 
-![Nano index.html](media/quickstart-html/nano-index-html.png)
-
-Save your changes and exit nano. Use the command `^O` to save and `^X` to exit.
+```bash
+sed  -i 's/Azure App Service - Sample Static HTML Site/Azure App Service/' index.html
+```
 
 You'll now redeploy the app with the same `az webapp up` command.
 

articles/app-service/quickstart-ruby.md

@@ -263,13 +263,7 @@ The Ruby sample code is running in an Azure App Service Linux web app.
 
 ### [Azure CLI](#tab/cli)
 
-1. From Azure Cloud Shell, launch a text editor - such as `nano` or `vim` - to edit the file in `app/controllers/application_controller.rb`.
-   
-    ```bash
-    nano app/controllers/application_controller.rb
-    ```
-
-1. Edit the *ApplicationController* class so that it shows "Hello world from Azure App Service on Linux!" instead of "Hello from Azure App Service on Linux!".
+1. From Azure Cloud Shell, launch a text editor and edit the file `app/controllers/application_controller.rb`. Edit the *ApplicationController* class so that it shows "Hello world from Azure App Service on Linux!" instead of "Hello from Azure App Service on Linux!".
 
     ```ruby
     class ApplicationController < ActionController::Base

articles/app-service/tutorial-multi-container-app.md

@@ -257,7 +257,7 @@ The following changes have been made for Redis (to be used in a later section):
 * [Adds Redis Object Cache 1.3.8 WordPress plugin.](https://github.com/Azure-Samples/multicontainerwordpress/blob/5669a89e0ee8599285f0e2e6f7e935c16e539b92/docker-entrypoint.sh#L74)
 * [Uses App Setting for Redis host name in WordPress wp-config.php.](https://github.com/Azure-Samples/multicontainerwordpress/blob/5669a89e0ee8599285f0e2e6f7e935c16e539b92/docker-entrypoint.sh#L162)
 
-To use the custom image, you'll update your docker-compose-wordpress.yml file. In Cloud Shell, type `nano docker-compose-wordpress.yml` to open the nano text editor. Change the `image: wordpress` to use `image: mcr.microsoft.com/azuredocs/multicontainerwordpress`. You no longer need the database container. Remove the  `db`, `environment`, `depends_on`, and `volumes` section from the configuration file. Your file should look like the following code:
+To use the custom image, you'll update your docker-compose-wordpress.yml file. In Cloud Shell, open a text editor and change the `image: wordpress` to use `image: mcr.microsoft.com/azuredocs/multicontainerwordpress`. You no longer need the database container. Remove the  `db`, `environment`, `depends_on`, and `volumes` section from the configuration file. Your file should look like the following code:
 
 ```yaml
 version: '3.3'
@@ -270,8 +270,6 @@ services:
      restart: always
 ```
 
-Save your changes and exit nano. Use the command `^O` to save and `^X` to exit.
-
 ### Update app with new configuration
 
 In Cloud Shell, reconfigure your multi-container [web app](overview.md) with the [az webapp config container set](/cli/azure/webapp/config/container#az-webapp-config-container-set) command. Don't forget to replace _\<app-name>_ with the name of the web app you created earlier.
@@ -329,7 +327,7 @@ When the app setting has been created, Cloud Shell shows information similar to
 
 ### Modify configuration file
 
-In the Cloud Shell, type `nano docker-compose-wordpress.yml` to open the nano text editor.
+In the Cloud Shell, opne the file `docker-compose-wordpress.yml` in a text editor.
 
 The `volumes` option maps the file system to a directory within the container. `${WEBAPP_STORAGE_HOME}` is an environment variable in App Service that is mapped to persistent storage for your app. You'll use this environment variable in the volumes option so that the WordPress files are installed into persistent storage instead of the container. Make the following modifications to the file:
 

articles/applied-ai-services/form-recognizer/concept-insurance-card.md

@@ -13,15 +13,10 @@ monikerRange: 'form-recog-3.0.0'
 recommendations: false
 ---
 
-# Azure Form Recognizer health insurance card model (preview)
+# Azure Form Recognizer health insurance card model
 
 **This article applies to:** ![Form Recognizer v3.0 checkmark](media/yes-icon.png) **Form Recognizer v3.0**.
 
-> [!IMPORTANT]
->
-> * The Form Recognizer Studio health insurance card model is currently in gated preview. Features, approaches and processes may change, prior to General Availability (GA), based on user feedback.
-> * Complete and submit the [**Form Recognizer private preview request form**](https://aka.ms/form-recognizer/preview/survey) to request access.
-
 The Form Recognizer health insurance card model combines powerful Optical Character Recognition (OCR) capabilities with deep learning models to analyze and extract key information from US health insurance cards. A health insurance card is a key document for care processing and can be digitally analyzed for patient onboarding, financial coverage information, cashless payments, and insurance claim processing. The health insurance card model analyzes health card images; extracts key information such as insurer, member, prescription, and group number; and returns a structured JSON representation.  Health insurance cards can be presented in various formats and quality including phone-captured images, scanned documents, and digital PDFs.
 
 ***Sample health insurance card processed using Form Recognizer Studio***