Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Banani-Rath

.openpublishing.publish.config.json

@@ -346,6 +346,26 @@
       "url": "https://github.com/Azure-Samples/azure-sdk-for-go-samples",
       "branch": "master"
     },
+    {
+      "path_to_root": "azure-sdk-for-java-event-hubs",
+      "url": "https://github.com/Azure/azure-sdk-for-java/",
+      "branch": "master"
+    },
+    {
+      "path_to_root": "azure-sdk-for-java-script-event-hubs",
+      "url": "https://github.com/Azure/azure-sdk-for-js/",
+      "branch": "master"
+    },        
+    {
+      "path_to_root": "azure-sdk-for-net-event-hubs",
+      "url": "https://github.com/Azure/azure-sdk-for-net/",
+      "branch": "master"
+    },
+    {
+      "path_to_root": "azure-sdk-for-python-event-hubs",
+      "url": "https://github.com/Azure/azure-sdk-for-python/",
+      "branch": "master"
+    },      
     {
       "path_to_root": "cosmos-dotnet-getting-started",
       "url": "https://github.com/Azure-Samples/cosmos-dotnet-getting-started",

articles/active-directory/privileged-identity-management/pim-troubleshoot.md

@@ -31,7 +31,7 @@ This problem can happen when the User Access Administrator role for the PIM serv
 
 ### Resolution
 
-Assign the User Access Administrator role to the Privileged identity Management service principal name (MS–PIM) at the subscription level. This assignment should allow the Privileged identity Management service to access the Azure resources. The role can be assigned on a management group level or at the subscription level, depending on your requirements. For more information service principals, see [Assign an application to a role](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal#assign-the-application-to-a-role).
+Assign the User Access Administrator role to the Privileged identity Management service principal name (MS–PIM) at the subscription level. This assignment should allow the Privileged identity Management service to access the Azure resources. The role can be assigned on a management group level or at the subscription level, depending on your requirements. For more information service principals, see [Assign an application to a role](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal#assign-a-role-to-the-application).
 
 ## Next steps
 

articles/analysis-services/analysis-services-monitor.md

@@ -4,7 +4,7 @@ description: Learn how Analysis Services use Azure Metrics Explorer, a free tool
 author: minewiskan
 ms.service: azure-analysis-services
 ms.topic: conceptual
-ms.date: 10/30/2019
+ms.date: 03/04/2020
 ms.author: owend
 ms.reviewer: minewiskan
 
@@ -63,7 +63,7 @@ Use this table to determine which metrics are best for your monitoring scenario.
 |RowsWrittenPerSec|Processing: Rows written per sec|CountPerSecond|Average|Rate of rows written during processing.|
 |qpu_metric|QPU|Count|Average|QPU. Range 0-100 for S1, 0-200 for S2 and 0-400 for S4|
 |QueryPoolBusyThreads|Query Pool Busy Threads|Count|Average|Number of busy threads in the query thread pool.|
-|SuccessfullConnectionsPerSec|Successful Connections Per Sec|CountPerSecond|Average|Rate of successful connection completions.|
+|SuccessfulConnectionsPerSec|Successful Connections Per Sec|CountPerSecond|Average|Rate of successful connection completions.|
 |CommandPoolBusyThreads|Threads: Command pool busy threads|Count|Average|Number of busy threads in the command thread pool.|
 |CommandPoolIdleThreads|Threads: Command pool idle threads|Count|Average|Number of idle threads in the command thread pool.|
 |LongParsingBusyThreads|Threads: Long parsing busy threads|Count|Average|Number of busy threads in the long parsing thread pool.|

articles/app-service/app-service-web-configure-tls-mutual-auth.md

@@ -16,6 +16,8 @@ You can restrict access to your Azure App Service app by enabling different type
 > If you access your site over HTTP and not HTTPS, you will not receive any client certificate. So if your application requires client certificates, you should not allow requests to your application over HTTP.
 >
 
+[!INCLUDE [Prepare your web app](../../includes/app-service-ssl-prepare-app.md)]
+
 ## Enable client certificates
 
 To set up your app to require client certificates, you need to set the `clientCertEnabled` setting for your app to `true`. To set the setting, run the following command in the [Cloud Shell](https://shell.azure.com).

articles/app-service/deploy-staging-slots.md

@@ -4,7 +4,7 @@ description: Learn how to deploy apps to a non-production slot and autoswap into
 
 ms.assetid: e224fc4f-800d-469a-8d6a-72bcde612450
 ms.topic: article
-ms.date: 09/19/2019
+ms.date: 03/04/2020
 ms.custom: fasttrack-edit
 
 ---
@@ -19,7 +19,7 @@ Deploying your application to a non-production slot has the following benefits:
 * Deploying an app to a slot first and swapping it into production makes sure that all instances of the slot are warmed up before being swapped into production. This eliminates downtime when you deploy your app. The traffic redirection is seamless, and no requests are dropped because of swap operations. You can automate this entire workflow by configuring [auto swap](#Auto-Swap) when pre-swap validation isn't needed.
 * After a swap, the slot with previously staged app now has the previous production app. If the changes swapped into the production slot aren't as you expect, you can perform the same swap immediately to get your "last known good site" back.
 
-Each App Service plan tier supports a different number of deployment slots. There's no additional charge for using deployment slots. To find out the number of slots your app's tier supports, see [App Service limits](https://docs.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits#app-service-limits). 
+Each App Service plan tier supports a different number of deployment slots. There's no additional charge for using deployment slots. To find out the number of slots your app's tier supports, see [App Service limits](../azure-resource-manager/management/azure-subscription-service-limits.md#app-service-limits). 
 
 To scale your app to a different tier, make sure that the target tier supports the number of slots your app already uses. For example, if your app has more than five slots, you can't scale it down to the **Standard** tier, because the **Standard** tier supports only five deployment slots. 
 
@@ -299,7 +299,7 @@ New-AzWebAppSlot -ResourceGroupName [resource group name] -Name [app name] -Slot
 ---
 ### Initiate a swap with a preview (multi-phase swap), and apply destination slot configuration to the source slot
 ```powershell
-$ParametersObject = @{targetSlot  = "[slot name – e.g. “production”]"}
+$ParametersObject = @{targetSlot  = "[slot name – e.g. "production"]"}
 Invoke-AzResourceAction -ResourceGroupName [resource group name] -ResourceType Microsoft.Web/sites/slots -ResourceName [app name]/[slot name] -Action applySlotConfig -Parameters $ParametersObject -ApiVersion 2015-07-01
 ```
 
@@ -312,7 +312,7 @@ Invoke-AzResourceAction -ResourceGroupName [resource group name] -ResourceType M
 ---
 ### Swap deployment slots
 ```powershell
-$ParametersObject = @{targetSlot  = "[slot name – e.g. “production”]"}
+$ParametersObject = @{targetSlot  = "[slot name – e.g. "production"]"}
 Invoke-AzResourceAction -ResourceGroupName [resource group name] -ResourceType Microsoft.Web/sites/slots -ResourceName [app name]/[slot name] -Action slotsswap -Parameters $ParametersObject -ApiVersion 2015-07-01
 ```
 

articles/asc-for-iot/concept-customizable-security-alerts.md

@@ -13,7 +13,7 @@ ms.devlang: na
 ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: na
-ms.date: 1/27/2020
+ms.date: 03/04/2020
 ms.author: mlottner
 
 ---
@@ -25,7 +25,7 @@ We encourage you to create custom alerts based on your knowledge of expected dev
 
 The following list of Azure Security Center for IoT alerts are definable by you based on your expected IoT Hub and/or device behavior. For more details about how to customize each alert, see [create custom alerts](quickstart-create-custom-alerts.md).
 
-## Azure Security Center for IoT alerts available for customization 
+## IoT Hub alerts available for customization 
 
 
 
@@ -45,14 +45,19 @@ The following list of Azure Security Center for IoT alerts are definable by you
 | Low      | Custom alert - number of command queue purges is outside the allowed range                               | IoT Hub     | The amount of command queue purges within a specific time window is outside the currently configured and allowable range.||
 | Low      | Custom alert - number of module twin updates is outside the allowed range                                       | IoT Hub     | The amount of module twin updates within a specific time window is outside the currently configured and allowable range.|
 | Low      | Custom alert - number of unauthorized operations is outside the allowed range  | IoT Hub     | The amount of unauthorized operations within a specific time window is outside the currently configured and allowable range.|
+|
+
+## Agent alerts available for customization 
+
+| Severity | Alert name | Data source | Description | Suggested remediation|
+|---|---|---|---|---|
 | Low      | Custom alert - number of active connections is outside the allowed range  | Agent       | Number of active connections within a specific time window is outside the currently configured and allowable range.|  Investigate the device logs. Learn where the connection originated and determine if it is benign or malicious. If malicious, remove possible malware and understand source. If benign, add the source to the allowed connection list.  |
 | Low      | Custom alert - outbound connection created to an IP that isn't allowed                             | Agent       | An outbound connection was created to an IP that is outside your allowed IP list. |Investigate the device logs. Learn where the connection originated and determine if it is benign or malicious. If malicious, remove possible malware and understand source. If benign, add the source to the allowed IP list.                        |
 | Low      | Custom alert - number of failed local logins is outside the allowed range                               | Agent       | The amount of failed local logins within a specific time window is outside the currently configured and allowable range. |   |
 | Low      | Custom alert - login of a user that is not on the allowed user list | Agent       | A local user outside your allowed user list, logged in to the device.|  If you are saving raw data, navigate to your log analytics account and use the data to investigate the device, identify the source and then fix the allow/block list for those settings. If you are not currently saving raw data, go to the device and fix the allow/block list for those settings.|
 | Low      | Custom alert - a process was executed that is not allowed | Agent       | A process that is not allowed was executed on the device. |If you are saving raw data, navigate to your log analytics account and use the data to investigate the device, identify the source and then fix the allow/block list for those settings. If you are not currently saving raw data, go to the device and fix the allow/block list for those settings.  |
 |
 
-
 ## Next steps
 
 - Learn how to [customize an alert](quickstart-create-custom-alerts.md)

articles/asc-for-iot/concept-recommendations.md

@@ -47,7 +47,7 @@ Operational recommendations provide insights and suggestions to improve security
 | Low      | Agent sends unutilized messages          | Agent       | 10% or more of security messages were smaller than 4 KB during the last 24 hours.  |
 | Low      | Security twin configuration not optimal | Agent       | Security twin configuration is not optimal.                                        |
 | Low      | Security twin configuration conflict    | Agent       | Conflicts were identified in the security twin configuration. |                          |
-
+|
 
 ## Recommendations for IoT Hub