Merge pull request #99489 from MicrosoftDocs/master

12/19 PM Publish

Author: huypub

.openpublishing.redirection.json

@@ -42218,6 +42218,26 @@
       "redirect_url": "/azure/iot-central/preview/quick-monitor-devices/",
       "redirect_document_id": true
     },
+    {
+      "source_path": "articles/iot-pnp/quickstart-connect-pnp-device-linux.md",
+      "redirect_url": "/azure/iot-pnp/quickstart-connect-pnp-device-c-linux/",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "articles/iot-pnp/quickstart-connect-pnp-device.md",
+      "redirect_url": "/azure/iot-pnp/quickstart-connect-pnp-device-c-windows/",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "articles/iot-pnp/quickstart-connect-pnp-device-solution.md",
+      "redirect_url": "/azure/iot-pnp/quickstart-connect-pnp-device-solution-node/",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "articles/iot-pnp/quickstart-create-pnp-device.md",
+      "redirect_url": "/azure/iot-pnp/quickstart-create-pnp-device-windows/",
+      "redirect_document_id": true
+    },
     {
       "source_path": "articles/iot-central/core/overview-iot-options.md",
       "redirect_url": "/azure/iot-fundamentals/iot-services-and-technologies/",

articles/active-directory/hybrid/reference-connect-version-history.md

@@ -38,7 +38,7 @@ Not all releases of Azure AD Connect will be made available for auto upgrade. Th
 >
 > You need to make sure you are running a recent version of Azure AD Connect to receive an optimal support experience. 
 >
->If you run a deprecated version of Azure AD Connect you may not have the latest security fixes, performance improvements, toubleshooting and diagnostic tools and service enhancements, and if you require support we may not be able to provide you with the level of service your organization needs.
+>If you run a deprecated version of Azure AD Connect you may not have the latest security fixes, performance improvements, troubleshooting and diagnostic tools and service enhancements, and if you require support we may not be able to provide you with the level of service your organization needs.
 >
 >If you have enabled Azure AD Connect for sync you will soon automatically begin receiving Health notifications that warn you about upcoming deprecations when you are running one of the older versions.
 >

articles/active-directory/manage-apps/access-panel-workspaces.md

@@ -13,7 +13,7 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: article
-ms.date: 10/29/2019
+ms.date: 12/19/2019
 ms.author: mimart
 ms.reviewer: kasimpso
 ms.collection: M365-identity-device-management
@@ -41,7 +41,7 @@ Your users can use the My Apps (preview) portal to view and start the cloud-base
    ![User preview features](media/access-panel-workspaces/user-preview-features.png)
 
 > [!NOTE]
-> To open the My Apps portal, users can use the link `https://myapps.microsoft.com` or the customized link for your organization, such as `https://myapps.microsoft.com/contoso.com`. If users aren't redirected to the My Apps preview version, users should try `https://myapplications.microsoft.com` or `https://myapplications.microsoft.com/contoso.com`.
+> To open the My Apps portal, users can use the link `https://myapps.microsoft.com` or the customized link for your organization, such as `https://myapps.microsoft.com/contoso.com`. After you enable the new My Apps experience, the **An updated My Applications experience is available** banner will display at the top of the My Apps page, and users can select **Try it** to view the new experience. To stop using the new experience, users can select **Yes** from the **Leave new experience** banner at the top of the page.
 
 ## Create a workspace
 
@@ -94,6 +94,15 @@ You can access audit logs in the [Azure portal](https://portal.azure.com) by sel
 
    ![Assign roles to users and groups](media/access-panel-workspaces/audit-log-myapps.png)
 
+## Get support for My Account pages
+
+From the My Apps page, a user can select **My account** > **View my account** to open their account settings. On the Azure AD **My Account** page, users can manage their security info, devices, passwords, and more. They can also access their Office account settings.
+
+In case you need to submit a support request for an issue with the Azure AD account page or the Office account page, follow these steps so your request is routed properly: 
+
+* For issues with the **Azure AD "My Account"** page, open a support request from within the Azure portal. Go to **Azure portal** > **Azure Active Directory** > **New support request**.
+
+* For issues with the **Office "My account"** page, open a support request from within the Microsoft 365 admin center. Go to **Microsoft 365 admin center** > **Support**. 
 
 ## Next steps
 [End-user experiences for applications in Azure Active Directory](end-user-experiences.md)

articles/active-directory/manage-apps/application-proxy-powershell-samples.md

@@ -16,7 +16,7 @@ ms.collection: M365-identity-device-management
 
 # Azure AD PowerShell examples for Azure AD Application Proxy
 
-The following table includes links to PowerShell script examples for Azure AD Application Proxy. These samples require the Azure Active Directory PowerShell Module Version for Graph. These samples require either the [AzureAD V2 PowerShell for Graph module](https://docs.microsoft.com/powershell/azure/active-directory/install-adv2?view=azureadps-2.0) or the [AzureAD V2 PowerShell for Graph module preview version](https://docs.microsoft.com/powershell/azure/active-directory/install-adv2?view=azureadps-2.0-preview), unless otherwise noted.
+The following table includes links to PowerShell script examples for Azure AD Application Proxy. These samples require either the [AzureAD V2 PowerShell for Graph module](https://docs.microsoft.com/powershell/azure/active-directory/install-adv2?view=azureadps-2.0) or the [AzureAD V2 PowerShell for Graph module preview version](https://docs.microsoft.com/powershell/azure/active-directory/install-adv2?view=azureadps-2.0-preview), unless otherwise noted.
 
 
 For more information about the cmdlets used in these samples, see [Application Proxy Application Management](https://docs.microsoft.com/powershell/module/azuread/?view=azureadps-2.0#application_proxy_application_management) and [Application Proxy Connector Management](https://docs.microsoft.com/powershell/module/azuread/?view=azureadps-2.0#application_proxy_connector_management).

articles/aks/certificate-rotation.md

@@ -34,7 +34,13 @@ AKS generates and uses the following certificates, Certificate Authorities, and
 * The `kubectl` client has a certificate for communicating with the AKS cluster.
 
 > [!NOTE]
-> AKS clusters created prior to March 2019 have certificates that expire after two years. Any cluster created after March 2019 or any cluster that has its certificates rotated have certificates that expire after 30 years.
+> AKS clusters created prior to March 2019 have certificates that expire after two years. Any cluster created after March 2019 or any cluster that has its certificates rotated have certificates that expire after 30 years. To verify when your cluster was created, use `kubectl get nodes` to see the *Age* of your node pools.
+> 
+> Additionally, you can check the expiration date of your cluster's certificate. For example, the following command displays the certificate details for the *myAKSCluster* cluster.
+> ```console
+> kubectl config view --raw -o jsonpath='{.clusters[?(@.name == "myAKSCluster")].cluster.certificate-authority-data}' | base64 -d > my-cert.crt
+> openssl x509 -in my-cert.crt -text
+> ```
 
 ## Rotate your cluster certificates
 

articles/azure-cache-for-redis/cache-configure.md

@@ -116,7 +116,7 @@ The following settings are configured on the **Advanced settings** blade.
 By default, non-SSL access is disabled for new caches. To enable the non-SSL port, click **No** for **Allow access only via SSL** on the **Advanced settings** blade and then click **Save**.
 
 > [!NOTE]
-> SSL access to Azure Cache for Redis supports TLS 1.0 by default. The minimum supported TLS version can be raised up to TLS 1.2 if desired by using the **Minimum TLS version** dropdown on the **Advanced settings** blade and then click **Save**.
+> SSL  access to Azure Cache for Redis supports TLS 1.0, 1.1 and 1.2 currently, but versions 1.0 and 1.1 are being retired soon.  Please read our [Remove TLS 1.0 and 1.1 page](cache-remove-tls-10-11.md) for more details.
 
 ![Azure Cache for Redis Access Ports](./media/cache-configure/redis-cache-access-ports.png)
 

articles/azure-cache-for-redis/cache-remove-tls-10-11.md

@@ -14,7 +14,15 @@ ms.author: yegu
 
 There's an industry-wide push toward the exclusive use of Transport Layer Security (TLS) version 1.2 or later. TLS versions 1.0 and 1.1 are known to be susceptible to attacks such as BEAST and POODLE, and to have other Common Vulnerabilities and Exposures (CVE) weaknesses. They also don't support the modern encryption methods and cipher suites recommended by Payment Card Industry (PCI) compliance standards. This [TLS security blog](https://www.acunetix.com/blog/articles/tls-vulnerabilities-attacks-final-part/) explains some of these vulnerabilities in more detail.
 
-Although none of these considerations pose an immediate problem, we recommend that you stop using TLS 1.0 and 1.1 soon. Azure Cache for Redis will stop supporting these TLS versions on March 31, 2020. After that date, your application will be required to use TLS 1.2 or later to communicate with your cache.
+As a part of this effort, we'll be making the following changes to Azure Cache for Redis:
+
+* Starting on January 13, 2020 we will configure the default minimum TLS version to be 1.2 for newly created cache instances.  Existing cache instances won't be updated at this point.  You'll be allowed to [change the minimum TLS version](cache-configure.md#access-ports) back to 1.0 or 1.1 for backward compatibility, if needed.  This change can be done through the Azure portal or other management APIs.
+* Starting on March 31, 2020 we'll stop supporting TLS versions 1.0 and 1.1. After this change, your application will be required to use TLS 1.2 or later to communicate with your cache.
+
+Additionally, as a part of this change, we'll be removing support for older, insecure cypher suites.  Our supported cypher suites will be restricted to the following when the cache is configured with a minimum TLS version of 1.2.
+
+* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384
+* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
 
 This article provides general guidance about how to detect dependencies on these earlier TLS versions and remove them from your application.
 

articles/azure-functions/durable/durable-functions-entities.md

@@ -199,8 +199,8 @@ public static async Task<HttpResponseMessage> Run(
     [DurableClient] IDurableEntityClient client)
 {
     var entityId = new EntityId(nameof(Counter), "myCounter");
-    JObject state = await client.ReadEntityStateAsync<JObject>(entityId);
-    return req.CreateResponse(HttpStatusCode.OK, state);
+    EntityStateResponse<JObject> stateResponse = await client.ReadEntityStateAsync<JObject>(entityId);
+    return req.CreateResponse(HttpStatusCode.OK, stateResponse.EntityState);
 }
 ```
 
@@ -210,7 +210,8 @@ const df = require("durable-functions");
 module.exports = async function (context) {
     const client = df.getClient(context);
     const entityId = new df.EntityId("Counter", "myCounter");
-    return context.df.readEntityState(entityId);
+    const stateResponse = await context.df.readEntityState(entityId);
+    return stateResponse.entityState;
 };
 ```
 
@@ -245,13 +246,12 @@ module.exports = df.orchestrator(function*(context){
 
     // Two-way call to the entity which returns a value - awaits the response
     currentValue = yield context.df.callEntity(entityId, "get");
-    if (currentValue < 10) {
-        // One-way signal to the entity which updates the value - does not await a response
-        yield context.df.signalEntity(entityId, "add", 1);
-    }
 });
 ```
 
+> [!NOTE]
+> JavaScript does not currently support signaling an entity from an orchestrator. Use `callEntity` instead.
+
 Only orchestrations are capable of calling entities and getting a response, which could be either a return value or an exception. Client functions that use the [client binding](durable-functions-bindings.md#entity-client) can only signal entities.
 
 > [!NOTE]

articles/azure-functions/functions-recover-storage-account.md

@@ -27,6 +27,8 @@ We'll walk through the four most common error cases, how to identify, and how to
 1. Storage Account credentials invalid
 1. Storage Account Inaccessible
 1. Daily Execution Quota Full
+1. App is behind a firewall
+
 
 ## Storage account deleted
 
@@ -77,6 +79,12 @@ If you have a Daily Execution Quota configured, your Function App will be tempor
     * `The Function App has reached daily usage quota and has been stopped until the next 24 hours time frame.`
 * Remove the quota and restart your app to resolve the issue.
 
+## App is behind a firewall
+
+Your function runtime will be unreachable if your function app is hosted in an [internally load balanced App Service Environment](../app-service/environment/create-ilb-ase.md) and is configured to block inbound internet traffic, or has [inbound IP restrictions](/azure-functions/functions-networking-options#inbound-ip-restrictions) configured to block internet access. The Azure portal makes calls directly to the running app to fetch the list of functions and also makes http call to KUDU endpoint. Platform level settings under the `Platform Features` tab will still be available.
+
+* To verify your ASE configuration, navigate to NSG of the subnet where ASE resides and validate inbound rules to allow traffic coming from the public IP of the computer where you are accessing the application. You can also use the portal from a computer connected to the virtual network running your app or a virtual machine running in your virtual network. [Read more about inbound rule configuration here](https://docs.microsoft.com/azure/app-service/environment/network-info#network-security-groups)
+
 ## Next Steps
 
 Now that your Function App is back and operational take a look at our quickstarts and developer references to get up and running again!

articles/azure-maps/migrate-from-google-maps-android-app.md

@@ -207,14 +207,14 @@ To display a map using the Azure Maps SDK for Android, the following steps need
 
     The map control contains its own lifecycle methods for managing Android's OpenGL lifecycle, which must be called directly from the containing Activity. In order for your app to correctly, call the map control's lifecycle methods, you must override the following lifecycle methods in the Activity that contains the map control and call the respective map control method. 
 
-    * onCreate(Bundle) 
-    * onStart() 
-    * onResume() 
-    * onPause() 
-    * onStop() 
-    * onDestroy() 
-    * onSaveInstanceState(Bundle) 
-    * onLowMemory() 
+    * `onCreate(Bundle)` 
+    * `onStart()` 
+    * `onResume()` 
+    * `onPause()` 
+    * `onStop()` 
+    * `onDestroy()` 
+    * `onSaveInstanceState(Bundle)` 
+    * `onLowMemory()`
 
     Edit the **MainActivity.java** file as follows: