Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr

Author: v-sonan

.openpublishing.redirection.json

@@ -42602,6 +42602,16 @@
       "source_path": "articles/security/fundamentals/mvp.md",
       "redirect_url": "https://mvp.microsoft.com/",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/azure-cache-for-redis/cache-how-to-troubleshoot.md",
+      "redirect_url": "/azure/azure-cache-for-redis/cache-troubleshoot-server",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/azure-cache-for-redis/cache-howto-manage-redis-cache-powershell.md",
+      "redirect_url": "/azure/azure-cache-for-redis/cache-how-to-manage-redis-cache-powershell",
+      "redirect_document_id": false
     }
   ]
 }

articles/active-directory/authentication/active-directory-passwords-troubleshoot.md

@@ -140,7 +140,7 @@ A best practice when you troubleshoot problems with password writeback is to ins
 | 33001| ADUnKnownError| This event indicates that there was an unknown error returned by Active Directory. Check the Azure AD Connect server event log for events from the ADSync source for more information.|
 | 33002| ADUserNotFoundError| This event indicates that the user who is trying to reset or change a password was not found in the on-premises directory. This error can occur when the user has been deleted on-premises but not in the cloud. This error can also occur if there is a problem with sync. Check your sync logs and the last few sync run details for more information.|
 | 33003| ADMutliMatchError| When a password reset or change request originates from the cloud, we use the cloud anchor specified during the setup process of Azure AD Connect to determine how to link that request back to a user in your on-premises environment. This event indicates that we found two users in your on-premises directory with the same cloud anchor attribute. Check your sync logs and the last few sync run details for more information.|
-| 33004| ADPermissionsError| This event indicates that the Active Directory Management Agent (ADMA) service account does not have the appropriate permissions on the account in question to set a new password. Ensure that the ADMA account in the user’s forest has reset and change password permissions on all objects in the forest. For more information on how to set the permissions, see Step 4: Set up the appropriate Active Directory permissions.|
+| 33004| ADPermissionsError| This event indicates that the Active Directory Management Agent (ADMA) service account does not have the appropriate permissions on the account in question to set a new password. Ensure that the ADMA account in the user’s forest has reset and change password permissions on all objects in the forest. For more information on how to set the permissions, see Step 4: Set up the appropriate Active Directory permissions. This error could also occur when the user's attribute AdminCount is set to 1.|
 | 33005| ADUserAccountDisabled| This event indicates that we attempted to reset or change a password for an account that was disabled on-premises. Enable the account and try the operation again.|
 | 33006| ADUserAccountLockedOut| This event indicates that we attempted to reset or change a password for an account that was locked out on-premises. Lockouts can occur when a user has tried a change or reset password operation too many times in a short period. Unlock the account and try the operation again.|
 | 33007| ADUserIncorrectPassword| This event indicates that the user specified an incorrect current password when performing a password change operation. Specify the correct current password and try again.|

articles/active-directory/authentication/concept-authentication-passwordless.md

@@ -73,6 +73,7 @@ The following providers offer FIDO2 security keys of different form factors that
 | HID | [https://www.hidglobal.com/contact-us](https://www.hidglobal.com/contact-us) |
 | Ensurity | [https://www.ensurity.com/contact](https://www.ensurity.com/contact) |
 | eWBM | [https://www.ewbm.com/page/sub1_5](https://www.ewbm.com/page/sub1_5) |
+| AuthenTrend | [https://authentrend.com/about-us/#pg-35-3](https://authentrend.com/about-us/#pg-35-3) |
 
 If you are a vendor and want to get your device on this list, contact [[email protected]](mailto:[email protected]).
 

articles/active-directory/conditional-access/concept-conditional-access-block-legacy-authentication.md

@@ -30,9 +30,11 @@ Before you can block legacy authentication in your directory, you need to first
 
 1. Navigate to the Azure portal > Azure Active Directory > Sign-ins.
 1. Add the Client App column if it is not shown by clicking on Columns > Client App.
-1. Filter by Client App > Other Clients and click Apply.
+1. Filter by Client App > check all the Other Client options presented and click Apply.
+1. Filter by Status > Success and click Apply. 
+1. Expand your date range if necessary using the Date filter.
 
-Filtering will only show you sign-in attempts that were made by legacy authentication protocols. Clicking on each individual sign-in attempt will show you additional details. The Client App field under the Basic Info tab will indicate which legacy authentication protocol was used. 
+Filtering will only show you successful sign-in attempts that were made by the selected legacy authentication protocols. Clicking on each individual sign-in attempt will show you additional details. The Client App column or the Client App field under the Basic Info tab after selecting an individual row of data will indicate which legacy authentication protocol was used. 
 These logs will indicate which users are still depending on legacy authentication and which applications are using legacy protocols to make authentication requests. For users that do not appear in these logs and are confirmed to not be using legacy authentication, implement a Conditional Access policy or enable the Baseline policy: block legacy authentication for these users only.
 
 ## Moving away from legacy authentication 

articles/ansible/ansible-manage-azure-dynamic-inventories.md

@@ -66,11 +66,20 @@ Ansible can be used to pull inventory information from various sources (includin
 
 You can [use tags to organize your Azure resources](https://docs.microsoft.com/azure/azure-resource-manager/resource-group-using-tags#azure-cli) by user-defined categories. 
 
+### Using Ansible version < 2.8
 Enter the following [az resource tag](/cli/azure/resource?view=azure-cli-latest.md#az-resource-tag) command to tag the virtual machine `ansible-inventory-test-vm1` with the key `nginx`:
 
 ```azurecli-interactive
 az resource tag --tags nginx --id /subscriptions/<YourAzureSubscriptionID>/resourceGroups/ansible-inventory-test-rg/providers/Microsoft.Compute/virtualMachines/ansible-inventory-test-vm1
 ```
+
+### Using Ansible version >= 2.8
+Enter the following [az resource tag](/cli/azure/resource?view=azure-cli-latest.md#az-resource-tag) command to tag the virtual machine `ansible-inventory-test-vm1` with the key `Ansible=nginx`:
+
+```azurecli-interactive
+az resource tag --tags Ansible=nginx --id /subscriptions/<YourAzureSubscriptionID>/resourceGroups/ansible-inventory-test-rg/providers/Microsoft.Compute/virtualMachines/ansible-inventory-test-vm1
+```
+
 ## Generate a dynamic inventory
 
 Once you have your virtual machines defined (and tagged), it's time to generate the dynamic inventory.
@@ -119,10 +128,14 @@ Starting with Ansible 2.8, Ansible provides an [Azure dynamic-inventory plugin](
 1. The inventory plugin requires a configuration file. The configuration file must end in `azure_rm` and have an extension of either `yml` or `yaml`. For this tutorial example, save the following playbook as `myazure_rm.yml`:
 
     ```yml
-    plugin: azure_rm
-    include_vm_resource_groups:
-    - ansible-inventory-test-rg
-    auth_source: auto
+        plugin: azure_rm
+        include_vm_resource_groups:
+        - ansible-inventory-test-rg
+        auth_source: auto
+    
+        keyed_groups:
+        - prefix: tag
+          key: tags
     ```
 
 1. Run the following command to ping VMs in the resource group:
@@ -151,33 +164,49 @@ Starting with Ansible 2.8, Ansible provides an [Azure dynamic-inventory plugin](
     ```
 
 ## Enable the VM tag
-Once you've set a tag, you need to "enable" that tag. One way to enable a tag is by exporting the tag to an environment variable  `AZURE_TAGS` via the `export` command:
 
-```azurecli-interactive
-export AZURE_TAGS=nginx
-```
+### If you're using Ansible < 2.8,
 
-- If you're using Ansible < 2.8, run the following command:
+- Once you've set a tag, you need to "enable" that tag. One way to enable a tag is by exporting the tag to an environment variable  `AZURE_TAGS` via the `export` command:
+
+    ```azurecli-interactive
+    export AZURE_TAGS=nginx
+    ```
+    
+- Run the following command:
 
     ```bash
     ansible -i azure_rm.py ansible-inventory-test-rg -m ping
     ```
+    
+    You now see only one virtual machine (the one whose tag matches the value exported into the `AZURE_TAGS` environment variable):
+
+    ```Output
+       ansible-inventory-test-vm1 | SUCCESS => {
+        "changed": false,
+        "failed": false,
+        "ping": "pong"
+    }
+    ```
+
+### If you're using Ansible >=  2.8
+
+- run the this command `ansible-inventory -i myazure_rm.yml --graph` to get the following:
+
+    ```Output
+        @all:
+          |--@tag_Ansible_nginx:
+          |  |--ansible-inventory-test-vm1_9e2f
+          |--@ungrouped:
+          |  |--ansible-inventory-test-vm2_7ba9
+    ```
 
-- If you're using Ansible >=  2.8, run the following command:
+- You can also run the following command to test connection to the Nginx VM:
   
     ```bash
-    ansible all -m ping -i ./myazure_rm.yml
+    ansible -i ./myazure_rm.yml -m ping tag_Ansible_nginx
     ```
 
-You now see only one virtual machine (the one whose tag matches the value exported into the `AZURE_TAGS` environment variable):
-
-```Output
-ansible-inventory-test-vm1 | SUCCESS => {
-    "changed": false,
-    "failed": false,
-    "ping": "pong"
-}
-```
 
 ## Set up Nginx on the tagged VM
 
@@ -192,19 +221,19 @@ The purpose of tags is to enable the ability to quickly and easily work with sub
 1. Paste the following sample code into the editor:
 
     ```yml
-    ---
-    - name: Install and start Nginx on an Azure virtual machine
-      hosts: all
-      become: yes
-      tasks:
-      - name: install nginx
-        apt: pkg=nginx state=installed
-        notify:
-        - start nginx
-
-      handlers:
-        - name: start nginx
-          service: name=nginx state=started
+        ---
+        - name: Install and start Nginx on an Azure virtual machine
+          hosts: all
+          become: yes
+          tasks:
+          - name: install nginx
+            apt: pkg=nginx state=installed
+            notify:
+            - start nginx
+    
+          handlers:
+            - name: start nginx
+              service: name=nginx state=started
     ```
 
 1. Save the file and exit the editor.
@@ -213,15 +242,15 @@ The purpose of tags is to enable the ability to quickly and easily work with sub
 
    - Ansible < 2.8:
 
-    ```bash
-    ansible-playbook -i azure_rm.py nginx.yml
-    ```
+     ```bash
+     ansible-playbook -i azure_rm.py nginx.yml
+     ```
 
    - Ansible >= 2.8:
 
-    ```bash
-     ansible-playbook  -i ./myazure_rm.yml  nginx.yml
-    ```
+     ```bash
+     ansible-playbook  -i ./myazure_rm.yml  nginx.yml --limit=tag_Ansible_nginx
+     ```
 
 1. After running the playbook, you see output similar to the following results:
 
@@ -286,4 +315,4 @@ This section illustrates one technique to test that Nginx is installed on your v
 ## Next steps
 
 > [!div class="nextstepaction"] 
-> [Quickstart: Configure Linux virtual machines in Azure using Ansible](/azure/virtual-machines/linux/ansible-create-vm)
+> [Quickstart: Configure Linux virtual machines in Azure using Ansible](/azure/virtual-machines/linux/ansible-create-vm)

articles/app-service/overview-local-cache.md

@@ -90,7 +90,7 @@ You enable Local Cache on a per-web-app basis by using this app setting:
 ```
 
 ## Change the size setting in Local Cache
-By default, the local cache size is **300 MB**. This includes the /site and /siteextensions folders that are copied from the content store, as well as any locally created logs and data folders. To increase this limit, use the app setting `WEBSITE_LOCAL_CACHE_SIZEINMB`. You can increase the size up to **2 GB** (2000 MB) per app.
+By default, the local cache size is **1 GB**. This includes the /site and /siteextensions folders that are copied from the content store, as well as any locally created logs and data folders. To increase this limit, use the app setting `WEBSITE_LOCAL_CACHE_SIZEINMB`. You can increase the size up to **2 GB** (2000 MB) per app.
 
 ## Best practices for using App Service Local Cache
 We recommend that you use Local Cache in conjunction with the [Staging Environments](../app-service/deploy-staging-slots.md) feature.
@@ -102,6 +102,7 @@ We recommend that you use Local Cache in conjunction with the [Staging Environme
 * Sticky settings include name and sticky to a slot. So when the Staging slot gets swapped into Production, it inherits the Local Cache app settings. The newly swapped Production slot will run against the local cache after a few minutes and will be warmed up as part of slot warmup after swap. So when the slot swap is complete, your Production slot is running against the local cache.
 
 ## Frequently asked questions (FAQ)
+
 ### How can I tell if Local Cache applies to my app?
 If your app needs a high-performance, reliable content store, does not use the content store to write critical data at runtime, and is less than 2 GB in total size, then the answer is "yes"! To get the total size of your /site and /siteextensions folders, you can use the site extension "Azure Web Apps Disk Usage."
 

articles/availability-zones/az-overview.md

@@ -67,6 +67,7 @@ The combinations of Azure services and regions that support Availability Zones a
 | Event Hubs                      | ✓   |   ✓ | ✓  | ✓  | ✓ | ✓ | ✓ | ✓ | ✓ | ✓       |
 | **Integration**                     |            |              |           |           |                |              |          |             |            |                |
 | Service Bus (Premium Tier Only) | ✓   |  ✓  | ✓  | ✓  | ✓  | ✓     |✓   | ✓    |✓      | ✓       |
+| Event Grid | ✓   |  ✓  | ✓  | ✓  | ✓  | ✓     |✓   | ✓    |✓      | ✓       |
 
 
 

articles/azure-cache-for-redis/TOC.yml

@@ -89,6 +89,8 @@
       href: cache-administration.md#schedule-updates
     - name: Configure redis-cli.exe access
       href: cache-how-to-redis-cli-tool.md
+    - name: Deprecate use of TLS 1.0 and 1.1
+      href: cache-deprecate-tls-10-11.md
   - name: Monitor
     items:
     - name: Monitor in Azure portal

articles/azure-cache-for-redis/cache-deprecate-tls-10-11.md

@@ -0,0 +1,102 @@
+---
+title: Remove use of TLS 1.0 and 1.1 with Azure Cache for Redis | Microsoft Docs
+description: Learn how to remove TLS 1.0 and 1.1 from your application when communicating with Azure Cache for Redis
+services: cache
+documentationcenter: ''
+author: yegu-ms
+manager: maiye
+editor: ''
+
+ms.assetid:
+ms.service: cache
+ms.workload: tbd
+ms.tgt_pltfrm: cache
+ms.devlang: na
+ms.topic: article
+ms.date: 10/22/2019
+ms.author: yegu
+
+---
+
+# Remove use of TLS 1.0 and 1.1 with Azure Cache for Redis
+
+There is an industry-wide push towards using TLS 1.2 or higher exclusively. TLS Versions 1.0 and 1.1 are known to be susceptible to attacks such as BEAST and POODLE and have other Common Vulnerabilities and Exposures (CVE) weaknesses. They also do not support the modern encryption methods and cipher suites recommended by PCI compliance standards. This [TLS security blog](https://www.acunetix.com/blog/articles/tls-vulnerabilities-attacks-final-part/) explains some of these vulnerabilities in more details.
+
+While none of these pose immediate problems, you should consider moving away from using TLS 1.0 and 1.1 as early as possible. Azure Cache for Redis will stop supporting these TLS versions starting on March 31, 2020. Your application will be required to use at least TLS 1.2 in order to communicate with your cache after this date.
+
+This article provides general guidance on how to detect and remove these dependencies from your application.
+
+## Check if your application is already compliant
+
+The easiest way to figure out if your application will work with TLS 1.2 is to set the Minimum TLS version on a test or staging cache it uses to TLS 1.2. You can find the Minimum TLS version setting in the [Advanced settings](cache-configure.md#advanced-settings) of your cache instance in the Azure portal. If the application continues to function as expected after this change, it is most likely to be compliant. Some Redis client libraries used by our application may need to be specifically configured to enable TLS 1.2 in order to connect to Azure Cache for Redis over that security protocol.
+
+## Configure your application to use TLS 1.2
+
+Most applications utilize Redis client libraries to handle communication with their caches. Below are instructions on how to configure some of the popular client libraries in various programming languages and frameworks to use TLS 1.2.
+
+### .NET Framework
+
+Redis .NET clients use the lowest TLS version by default on .NET Framework 4.5.2 or below and the highest TLS version on 4.6 or above. If you're using an older version of .NET Framework, you can enable TLS 1.2 manually:
+
+* StackExchange.Redis: set `ssl=true` and `sslprotocls=tls12` in the connection string.
+* ServiceStack.Redis: follow [these instructions](https://github.com/ServiceStack/ServiceStack.Redis/pull/247).
+
+### .NET Core
+
+Redis .NET Core clients use the highest TLS version by default.
+
+### Java
+
+Redis Java clients use TLS 1.0 on Java version 6 or below. Jedis, Lettuce and Radisson won't be able to connect to Azure Cache for Redis if TLS 1.0 is disabled on the cache. There is no known workaround currently.
+
+On Java 7 or above, Redis clients don't use TLS 1.2 by default but may be configured for it. Lettuce and Radisson don't support this right now. They will break if the cache only accepts TLS 1.2 connections. Jedis allows you to specify the underlying TLS settings with the following code snippet:
+
+``` Java
+SSLSocketFactory sslSocketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
+SSLParameters sslParameters = new SSLParameters();
+sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
+sslParameters.setProtocols(new String[]{"TLSv1", "TLSv1.1", "TLSv1.2"});
+ 
+URI uri = URI.create("rediss://host:port");
+JedisShardInfo shardInfo = new JedisShardInfo(uri, sslSocketFactory, sslParameters, null);
+ 
+shardInfo.setPassword("cachePassword");
+ 
+Jedis jedis = new Jedis(shardInfo);
+```
+
+### Node.js
+
+Node Redis and IORedis use TLS 1.2 by default.
+
+### PHP
+
+Predis on PHP 7 won't work since the latter only supports TLS 1.0. On PHP 7.2.1 or below, Predis uses TLS 1.0 or 1.1 by default. You can specify TLS 1.2 when instantiating the client:
+
+``` PHP
+$redis=newPredis\Client([
+    'scheme'=>'tls',
+    'host'=>'host',
+    'port'=>6380,
+    'password'=>'password',
+    'ssl'=>[
+        'crypto_type'=>STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT,
+    ],
+]);
+```
+
+On PHP 7.3 or above, Predis uses the latest TLS version.
+
+PhpRedis doesn't support TLS on any PHP version.
+
+### Python
+
+Redis-py uses TLS 1.2 by default.
+
+### GO
+
+Redigo uses TLS 1.2 by default.
+
+## Additional information
+
+- [How to configure Azure Cache for Redis](cache-configure.md)

articles/azure-cache-for-redis/cache-troubleshoot-client.md

@@ -1,5 +1,5 @@
 ---
-title: Troubleshoot Redis client | Microsoft Docs
+title: Troubleshoot Azure Cache for Redis client-side issues | Microsoft Docs
 description: Learn how to resolve common client-side issues with Azure Cache for Redis
 services: cache
 documentationcenter: ''