Merge pull request #113223 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to master to sync with https://github.com/Microsoft/azure-docs (branch master)

Author: huypub

articles/active-directory/conditional-access/concept-conditional-access-grant.md

@@ -80,7 +80,6 @@ This setting applies to the following iOS and Android apps:
 - Microsoft Kaizala
 - Microsoft Launcher
 - Microsoft Office
-- Microsoft Office Hub
 - Microsoft OneDrive
 - Microsoft OneNote
 - Microsoft Outlook

articles/active-directory/manage-apps/application-proxy-configure-single-sign-on-with-kcd.md

@@ -97,11 +97,13 @@ The Active Directory configuration varies, depending on whether your Application
 
 ## SSO for non-Windows apps
 
-The Kerberos delegation flow in Azure AD Application Proxy starts when Azure AD authenticates the user in the cloud. Once the request arrives on-premises, the Azure AD Application Proxy connector issues a Kerberos ticket on behalf of the user by interacting with the local Active Directory. This process is referred to as Kerberos Constrained Delegation (KCD). In the next phase, a request is sent to the backend application with this Kerberos ticket. 
+The Kerberos delegation flow in Azure AD Application Proxy starts when Azure AD authenticates the user in the cloud. Once the request arrives on-premises, the Azure AD Application Proxy connector issues a Kerberos ticket on behalf of the user by interacting with the local Active Directory. This process is referred to as Kerberos Constrained Delegation (KCD). 
 
-There are several protocols that define how to send such requests. Most non-Windows servers expect to negotiate with SPNEGO. This protocol is supported on Azure AD Application Proxy, but is disabled by default. A server can be configured for SPNEGO or standard KCD, but not both.
+In the next phase, a request is sent to the backend application with this Kerberos ticket. 
 
-If you configure a connector machine for SPNEGO, make sure that all other connectors in that Connector group are also configured with SPNEGO. Applications expecting standard KCD should be routed through other connectors that are not configured for SPNEGO.
+There are several mechanisms that define how to send the Kerberos ticket in such requests. Most non-Windows servers expect to receive it in form of SPNEGO token. This mechanism is supported on Azure AD Application Proxy, but is disabled by default. A connector can be configured for SPNEGO or standard Kerberos token, but not both.
+
+If you configure a connector machine for SPNEGO, make sure that all other connectors in that Connector group are also configured with SPNEGO. Applications expecting standard Kerberos token should be routed through other connectors that are not configured for SPNEGO.
 
 
 To enable SPNEGO:

articles/active-directory/manage-apps/application-proxy-connectors.md

@@ -131,7 +131,7 @@ For more information about optimizing your network, see [Network topology consid
 
 Connectors can run on a machine that is not domain-joined. However, if you want single sign-on (SSO) to applications that use Integrated Windows Authentication (IWA), you need a domain-joined machine. In this case, the connector machines must be joined to a domain that can perform [Kerberos](https://web.mit.edu/kerberos) Constrained Delegation on behalf of the users for the published applications.
 
-Connectors can also be joined to domains or forests that have a partial trust, or to read-only domain controllers.
+Connectors can also be joined to domains in forests that have a partial trust, or to read-only domain controllers.
 
 ## Connector deployments on hardened environments
 

articles/active-directory/manage-apps/application-proxy-faq.md

@@ -92,6 +92,10 @@ If the connector servers and the web application service account are in the same
 If the connector servers and the web application service account are in different domains, Resource-based delegation is used. The delegation permissions are configured on the target web server and web application service account. This method of Constrained Delegation is relatively new. The method was introduced in Windows Server 2012, which supports cross-domain delegation by allowing the resource (web service) owner to control which machine and service accounts can delegate to it. There's no UI to assist with this configuration, so you'll need to use PowerShell.
 For more information, see the whitepaper [Understanding Kerberos Constrained Delegation with Application Proxy](https://aka.ms/kcdpaper).
 
+### Does NTLM authentication work with Azure AD Application Proxy?
+
+NTLM authentication can’t be used as a pre-authentication or single sign-on method. NTLM authentication can be used only when it can be negotiated directly between the client and the published web application. Using NTLM authentication usually causes a sign-in prompt to appear in the browser.
+
 ## Pass-through authentication
 
 ### Can I use Conditional Access Policies for applications published with pass-through authentication?

articles/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-cosmos-db.md

@@ -1,5 +1,5 @@
 ---
-title: Tutorial`:` Use a managed identity to access Azure Cosmos DB - Windows - Azure AD
+title: 'Tutorial: Use a managed identity to access Azure Cosmos DB - Windows - Azure AD'
 description: A tutorial that walks you through the process of using a system-assigned managed identity on a Windows VM, to access Azure Cosmos DB.
 services: active-directory
 documentationcenter: ''

articles/azure-monitor/insights/vminsights-enable-at-scale-powershell.md

@@ -166,7 +166,7 @@ provisioningState       : Succeeded
 
 ## Enable with PowerShell
 
-To enable Azure Monitor for VMs for multiple VMs or virtual machine scale sets, use the PowerShell script [Install-VMInsights.ps1](https://www.powershellgallery.com/packages/Install-VMInsights/1.0). It's available from the Azure PowerShell Gallery. This script iterates through:
+To enable Azure Monitor for VMs for multiple VMs or virtual machine scale sets, use the PowerShell script [Install-VMInsights.ps1](https://www.powershellgallery.com/packages/Install-VMInsights). It's available from the Azure PowerShell Gallery. This script iterates through:
 
 - Every virtual machine and virtual machine scale set in your subscription.
 - The scoped resource group that's specified by *ResourceGroup*.

articles/azure-monitor/insights/vminsights-ga-release-faq.md

@@ -40,7 +40,7 @@ Set-AzureRmOperationalInsightsIntelligencePack -ResourceGroupName <resource-grou
 
 ## What should I do about the Performance counters in my workspace if I install the VMInsights solution?
 
-The previous method of enabling Azure Monitor for VMs used performance counters in your workspace. The current version stores this data in a table named `InsightsMetrics`. You may choose to disable these performance countersin your workspace if you no longer need to use them. 
+The previous method of enabling Azure Monitor for VMs used performance counters in your workspace. The current version stores this data in a table named `InsightsMetrics`. You may choose to disable these performance counters in your workspace if you no longer need to use them. 
 
 >[!NOTE]
 >If you have Alert Rules that reference these counters in the `Perf` table, you need to update them to reference new data stored in the `InsightsMetrics` table. Refer to our documentation for example log queries that you can use that refer to this table.

articles/migrate/tutorial-migrate-hyper-v.md

@@ -33,7 +33,7 @@ Before you begin this tutorial, you should:
 1. [Review](hyper-v-migration-architecture.md) the Hyper-V migration architecture.
 2. [Review](migrate-support-matrix-hyper-v-migration.md#hyper-v-hosts) Hyper-V host requirements, and the Azure URLs that the Hyper-V hosts need to access.
 3. [Review](migrate-support-matrix-hyper-v-migration.md#hyper-v-vms) requirements for Hyper-V VMs that you want to migrate. Hyper-V VMs must conform with [Azure VM requirements](migrate-support-matrix-hyper-v-migration.md#azure-vm-requirements).
-2. We recommend that you complete the previous tutorials in this series. The [first tutorial](tutorial-prepare-hyper-v.md) shows you how to set up Azure and Hyper-V for migration. The second tutorial shows you how to [assess Hyper-V VMs](tutorial-assess-hyper-v.md before migration, using Azure Migrate:Server Assessment. 
+2. We recommend that you complete the previous tutorials in this series. The [first tutorial](tutorial-prepare-hyper-v.md) shows you how to set up Azure and Hyper-V for migration. The second tutorial shows you how to [assess Hyper-V VMs](tutorial-assess-hyper-v.md) before migration, using Azure Migrate:Server Assessment. 
     > [!NOTE]
     > Although we recommend that you try out an assessment, you don't have to run an assessment before you migrate VMs.
     > For migrating Hyper-V VMs, Azure Migrate:Server Migration runs software agents (Microsoft Azure Site Recovery provider and Microsoft Azure Recovery Service agent) on Hyper-V Hosts or cluster nodes, to orchestrate and replicate data to Azure Migrate. The [Azure Migrate appliance](migrate-appliance.md) isn't used for Hyper-V migration.

articles/private-link/create-private-endpoint-powershell.md

@@ -133,7 +133,7 @@ $subnet = $virtualNetwork `
 $privateEndpoint = New-AzPrivateEndpoint -ResourceGroupName "myResourceGroup" `
   -Name "myPrivateEndpoint" `
   -Location "westcentralus" `
-  -Subnet  $subnet`
+  -Subnet  $subnet `
   -PrivateLinkServiceConnection $privateEndpointConnection
 ``` 
 
@@ -194,9 +194,10 @@ mstsc /v:<publicIpAddress>
 ## Access SQL Database Server privately from the VM
 
 1. In the Remote Desktop of myVM, open PowerShell.
-2. Enter `nslookup myserver.database.windows.net`. 
+2. Enter `nslookup myserver.database.windows.net`. Remember to replace `myserver` with your SQL server name.
 
     You'll receive a message similar to this:
+    
     ```azurepowershell
     Server:  UnKnown
     Address:  168.63.129.16
@@ -205,17 +206,21 @@ mstsc /v:<publicIpAddress>
     Address:  10.0.0.5
     Aliases:   myserver.database.windows.net
     ```
-3. Install SQL Server Management Studio
-4. In Connect to server, enter or select this information:
-  	Setting	Value
-	  Server type	Select Database Engine.
-	  Server name	Select myserver.database.windows.net
-	  Username	Enter a username provided during creation.
-	  Password	Enter a password provided during creation.
-	  Remember password	Select Yes.
-5. Select Connect.
-6. Browse Databases from left menu. 
-7. (Optionally) Create or query information from mydatabase
+    
+3. Install SQL Server Management Studio.
+4. In **Connect to server**, enter or select this information:
+
+    | Setting | Value |
+    | --- | --- |
+    | Server type | Database Engine |
+    | Server name | myserver.database.windows.net |
+    | Username | Enter the username provided during creation |
+    | Password | Enter the password provided during creation |
+    | Remember Password | Yes |
+    
+5. Select **Connect**.
+6. Browse **Databases** from the left menu. 
+7. (Optionally) Create or query information from mydatabase.
 8. Close the remote desktop connection to *myVM*. 
 
 ## Clean up resources 

articles/storage/blobs/data-lake-storage-query-acceleration-how-to.md

@@ -362,6 +362,6 @@ static void QueryMysteryBooks(BlobClient blobClient)
 
 ## Next steps
 
-- [Query acceleration enrollment form](https://aka.ms/adls/queryaccelerationpreview)    
+- [Query acceleration enrollment form](https://aka.ms/adls/qa-preview-signup)    
 - [Azure Data Lake Storage query acceleration (preview)](data-lake-storage-query-acceleration.md)
 - [Query acceleration SQL language reference (preview)](query-acceleration-sql-reference.md)