Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into rolyon-rbac-roles-may

Author: rolyon

.openpublishing.redirection.json

@@ -250,6 +250,16 @@
       "redirect_url": "/azure//virtual-machines/windows/sql/virtual-machines-windows-portal-sql-create-failover-cluster-premium-file-share",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/virtual-machines/windows/shared-images.md",
+      "redirect_url": "/azure/virtual-machines/shared-images-powershell",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/virtual-machines/linux/shared-images.md",
+      "redirect_url": "/azure/virtual-machines/shared-images-cli",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/virtual-machines/windows/encrypt-disks.md",
       "redirect_url": "/azure//virtual-machines/windows/disk-encryption-overview",

CODEOWNERS

@@ -1,4 +1,11 @@
 # Testing the new code owners feature in GitHub. Please contact Cory Fowler if you have questions.
+
+# Horizontals
+
+## Azure Policy: Samples
+articles/**/policy-samples.md @DCtheGeek
+includes/policy/ @DCtheGeek
+
 # Cognitive Services
 articles/cognitive-services/ @diberry @erhopf @aahill @ievangelist @patrickfarley @nitinme
 
@@ -9,7 +16,7 @@ articles/jenkins/ @TomArcherMsft
 articles/terraform/ @TomArcherMsft
 
 # Requires Internal Review
-articles/best-practices-availability-paired-regions.md @jpconnock @martinekuan @syntaxc4 @tysonn @snoviking
+articles/best-practices-availability-paired-regions.md @martinekuan @syntaxc4 @snoviking
 
 # Governance
 articles/governance/ @DCtheGeek

articles/active-directory/authentication/overview-authentication.md

@@ -85,14 +85,14 @@ Azure AD provides ways to natively authenticate using passwordless methods to si
 
 ## Next steps
 
-To get started, see the [quickstart for self-service password reset][quickstart-sspr] and [Azure Multi-Factor Authentication tutorial][tutorial-mfa-applications].
+To get started, see the [tutorial for self-service password reset (SSPR)][tutorial-sspr] and [Azure Multi-Factor Authentication][tutorial-azure-mfa].
 
 To learn more about self-service password reset concepts, see [How Azure AD self-service password reset works][concept-sspr].
 
 To learn more about multi-factor authentication concepts, see [How Azure Multi-Factor Authentication works][concept-mfa].
 
 <!-- INTERNAL LINKS -->
-[quickstart-sspr]: quickstart-sspr.md
-[tutorial-mfa-applications]: tutorial-mfa-applications.md
+[tutorial-sspr]: tutorial-enable-sspr.md
+[tutorial-azure-mfa]: tutorial-enable-azure-mfa.md
 [concept-sspr]: concept-sspr-howitworks.md
 [concept-mfa]: concept-mfa-howitworks.md

articles/active-directory/devices/manage-stale-devices.md

@@ -175,7 +175,7 @@ To learn more about the different types, see the [device management overview](ov
 
 Any authentication where a device is being used to authenticate to Azure AD are denied. Common examples are:
 
-- **Hybrid Azure AD joined device** - Users might be to use the device to sign-in to their on-premises domain. However, they can't access Azure AD resources such as Office 365.
+- **Hybrid Azure AD joined device** - Users might be able to use the device to sign-in to their on-premises domain. However, they can't access Azure AD resources such as Office 365.
 - **Azure AD joined device** - Users can't use the device to sign in. 
 - **Mobile devices** - User can't access Azure AD resources such as Office 365. 
 

articles/active-directory/fundamentals/toc.yml

@@ -50,7 +50,7 @@
   - name: Deployment guide
     items:
     - name: Deployment 30, 90, and beyond
-    href: active-directory-deployment-checklist-p2.md
+      href: active-directory-deployment-checklist-p2.md
   - name: Data storage
     items:
     - name: Identity data storage for Europe

articles/advisor/advisor-cost-recommendations.md

@@ -46,6 +46,9 @@ To save 60% of cost, we recommend storing your snapshots in Standard Storage, re
 ## Utilize Lifecycle Management
 Azure Advisor will utilize intelligence regarding your Azure blob storage object count, total size, and transactions to detect if one or more of your storage accounts would be best suited to enable lifecycle management to tier data. It will prompt you to create Lifecycle Management rules to automatically tier your data to Cool or Archive to optimize your storage costs while retaining your data in Azure blob storage for application compatibility.
 
+## Create an Ephemeral OS Disk recommendation
+With [Ephemeral OS Disk](https://docs.microsoft.com/azure/virtual-machines/windows/ephemeral-os-disks), Customers get these benefits: Save on storage cost for OS disk. Get lower read/write latency to OS disk. Faster VM Reimage operation by resetting OS (and Temporary disk) to its original state. It is more preferrable to use Ephemeral OS Disk for short-lived IaaS VMs or VMs with stateless workloads. Advisor has recommendation for resources which can take benefits with Ephemeral OS Disk. 
+
 ## How to access Cost recommendations in Azure Advisor
 
 1. Sign in to the [Azure portal](https://portal.azure.com).

articles/advisor/advisor-high-availability-recommendations.md

@@ -25,6 +25,10 @@ To provide redundancy to your application, we recommend that you group two or mo
 
 Virtual machines that are in an availability set with disks that share either storage accounts or storage scale units are not resilient to single storage scale unit failures during outages. Advisor will identify these availability sets and recommend migrating to Azure Managed Disks. This will ensure that the disks of the different virtual machines in the availability set are sufficiently isolated to avoid a single point of failure. 
 
+## Known issue with Check Point Network Virtual Appliance image version
+
+Advisor can identify if your Virtual Machine might be running a version of Check Point image that has been known to lose network connectivity in the event of a platform servicing operation. Advisor recommendation will help you upgrade to a newer version of the image that addresses this issue. This will ensure business continuity through better network connectivity.
+
 ## Ensure application gateway fault tolerance
 
 This recommendation ensures the business continuity of mission-critical applications that are powered by application gateways. Advisor identifies application gateway instances that are not configured for fault tolerance, and it suggests remediation actions that you can take. Advisor identifies medium or large single-instance application gateways, and it recommends adding at least one more instance. It also identifies single- or multi-instance small application gateways and recommends migrating to medium or large SKUs. Advisor recommends these actions to ensure that your application gateway instances are configured to satisfy the current SLA requirements for these resources.

articles/advisor/advisor-performance-recommendations.md

@@ -24,6 +24,10 @@ Advisor provides you with a consistent, consolidated view of recommendations for
 
 For more information about SQL Database Advisor, see [SQL Database Advisor](https://azure.microsoft.com/documentation/articles/sql-database-advisor/).
 
+## Upgrade your Storage Client Library to the latest version for better reliability and performance
+
+The latest version of Storage Client Library/ SDK contains fixes to issues reported by customers and proactively identified through our QA process. The latest version also carries reliability and performance optimization in addition to new features that can improve your overall experience using Azure Storage. Advisor provides you recommendations and steps to upgrade to latest version of SDK if you are on a stale version. The recommendations is for supported languages - C++ and .Net.
+
 ## Improve App Service performance and reliability
 
 Azure Advisor integrates best practices recommendations for improving your App Services experience and discovering relevant platform capabilities. Examples of App Services recommendations are:
@@ -69,6 +73,26 @@ Migrate your Storage Account deployment model to Azure Resource Manager (Resourc
 
 An Azure region can support a maximum of 250 storage accounts per subscription. Once the limit is reached, you will be unable to create any more storage accounts in that region/subscription combination. Advisor will check your subscriptions and surface recommendations for you to design for fewer storage accounts for any that are close to reaching the maximum limit.
 
+## Consider increasing the size of your VNet Gateway SKU to adress high P2S use
+
+Each gateway SKU can only support a specified count of concurrent P2S connections. If your connection count is close to your gateway limit, so additional connection attempts may fail. Increasing the size of your gateway will allow you to support more concurrent P2S users.Advisor provides recommendation and steps to take, for this.
+
+## Consider increasing the size of your VNet Gateway SKU to address high CPU
+
+Under high traffic load, the VPN gateway may drop packets due to high CPU. You should consider upgrading your VPN Gateway SKU since your VPN has consistently been running at.Increasing the size of your VPN gateway will ensure that connections aren't dropped due to high CPU. Advisor provdes recommendation to address this issue proactively. 
+
+## Increase batch size when loading to maximize load throughput, data compression, and query performance
+
+Advisor can detect that you can increase load performance and throughput by increasing the batch size when loading into your database. You could consider using the COPY statement. If you are unable to use the COPY statement, consider increasing the batch size when using loading utilities such as the SQLBulkCopy API or BCP - a good rule of thumb is a batch size between 100K to 1M rows. This will in increasing load throughput, data compression, and query performance.
+
+## Co-locate the storage account within the same region to minimize latency when loading
+
+Advisor can detect that you are loading from a region that is different from your SQL pool. You should consider loading from a storage account that is within the same region as your SQL pool to minimize latency when loading data. This will help minimize latency and increase load performance.
+
+## Unsupported Kubernetes version is detected
+
+Advisor can detect if an unsupported Kubernetes version is detected. The recommendation will help to ensure Kubernetes cluster runs with a supported version.
+
 ## Optimize the performance of your Azure MySQL, Azure PostgreSQL, and Azure MariaDB servers 
 
 ### Fix the CPU pressure of your Azure MySQL, Azure PostgreSQL, and Azure MariaDB servers with CPU bottlenecks

articles/aks/faq.md

@@ -2,7 +2,7 @@
 title: Frequently asked questions for Azure Kubernetes Service (AKS)
 description: Find answers to some of the common questions about Azure Kubernetes Service (AKS).
 ms.topic: conceptual
-ms.date: 10/02/2019
+ms.date: 05/04/2020
 
 ---
 
@@ -14,21 +14,20 @@ This article addresses frequent questions about Azure Kubernetes Service (AKS).
 
 For a complete list of available regions, see [AKS regions and availability][aks-regions].
 
-## Does AKS support node autoscaling?
+## Can I spread an AKS cluster across regions?
 
-Yes, the ability to automatically scale agent nodes horizontally in AKS is currently available in preview. See [Automatically scale a cluster to meet application demands in AKS][aks-cluster-autoscaler] for instructions. AKS autoscaling is based on the [Kubernetes autoscaler][auto-scaler].
+No. AKS clusters are regional resources and cannot span regions. See [best practices for business continuity and disaster recovery][bcdr-bestpractices] for guidance on how to create an architecture that includes multiple regions.
 
-## Can I deploy AKS into my existing virtual network?
+## Can I spread an AKS cluster across availability zones?
 
-Yes, you can deploy an AKS cluster into an existing virtual network by using the [advanced networking feature][aks-advanced-networking].
+Yes. You can deploy an AKS cluster across one or more [availability zones][availability-zones] in [regions that support them][az-regions].
 
 ## Can I limit who has access to the Kubernetes API server?
 
-Yes, you can limit access to the Kubernetes API server using [API Server Authorized IP Ranges][api-server-authorized-ip-ranges].
+Yes. There are two options for limiting access to the API server:
 
-## Can I make the Kubernetes API server accessible only within my virtual network?
-
-Not at this time, but this is planned. You can track progress on the [AKS GitHub repo][private-clusters-github-issue].
+- Use [API Server Authorized IP Ranges][api-server-authorized-ip-ranges] if you want to maintain a public endpoint for the API server but restrict access to a set of trusted IP ranges.
+- Use [a private cluster][private-clusters] if you want to limit the API server to *only* be accessible from within your virtual network.
 
 ## Can I have different VM sizes in a single cluster?
 
@@ -128,21 +127,6 @@ In a service-level agreement (SLA), the provider agrees to reimburse the custome
 
 It is important to recognize the distinction between AKS service availability which refers to uptime of the Kubernetes control plane and the availability of your specific workload which is running on Azure Virtual Machines. Although the control plane may be unavailable if the control plane is not ready, your cluster workloads running on Azure VMs can still function. Given Azure VMs are paid resources they are backed by a financial SLA. Read [here for more details](https://azure.microsoft.com/support/legal/sla/virtual-machines/v1_8/) on the Azure VM SLA and how to increase that availability with features like [Availability Zones][availability-zones].
 
-## Why can't I set maxPods below 30?
-
-In AKS, you can set the `maxPods` value when you create the cluster by using the Azure
-CLI and Azure Resource Manager templates. However, both Kubenet and Azure CNI require a *minimum value* (validated at creation time):
-
-| Networking | Minimum | Maximum |
-| -- | :--: | :--: |
-| Azure CNI | 30 | 250 |
-| Kubenet | 30 | 110 |
-
-Because AKS is a managed service, we deploy and manage add-ons and pods as part of the cluster. In the past, users could define a `maxPods` value lower than the value that the managed pods required to run (for example, 30). AKS now calculates the minimum number of
-pods by using this formula: ((maxPods or (maxPods * vm_count)) > managed add-on pods minimum.
-
-Users can't override the minimum `maxPods` validation.
-
 ## Can I apply Azure reservation discounts to my AKS agent nodes?
 
 AKS agent nodes are billed as standard Azure virtual machines, so if you've purchased [Azure reservations][reservation-discounts] for the VM size that you are using in AKS, those discounts are automatically applied.
@@ -179,7 +163,7 @@ Most commonly, this is caused by users having one or more Network Security Group
 
 Please confirm your service principal has not expired.  Please see: [AKS service principal](https://docs.microsoft.com/azure/aks/kubernetes-service-principal) and [AKS update credentials](https://docs.microsoft.com/azure/aks/update-credentials).
 
-## My cluster was working, but suddenly can not provision LoadBalancers, mount PVCs, etc.? 
+## My cluster was working, but suddenly cannot provision LoadBalancers, mount PVCs, etc.? 
 
 Please confirm your service principal has not expired.  Please see: [AKS service principal](https://docs.microsoft.com/azure/aks/kubernetes-service-principal)  and [AKS update credentials](https://docs.microsoft.com/azure/aks/update-credentials).
 
@@ -217,6 +201,10 @@ No AKS is a managed service, and manipulation of the IaaS resources is not suppo
 [api-server-authorized-ip-ranges]: ./api-server-authorized-ip-ranges.md
 [multi-node-pools]: ./use-multiple-node-pools.md
 [availability-zones]: ./availability-zones.md
+[private-clusters]: ./private-clusters.md
+[bcdr-bestpractices]: ./operator-best-practices-multi-region.md#plan-for-multiregion-deployment
+[availability-zones]: ./availability-zones.md
+[az-regions]: ../availability-zones/az-region.md
 
 <!-- LINKS - external -->
 [aks-regions]: https://azure.microsoft.com/global-infrastructure/services/?products=kubernetes-service

articles/aks/internal-lb.md

@@ -145,7 +145,7 @@ Learn more about Kubernetes services at the [Kubernetes services documentation][
 [advanced-networking]: configure-azure-cni.md
 [az-aks-show]: /cli/azure/aks#az-aks-show
 [az-role-assignment-create]: /cli/azure/role/assignment#az-role-assignment-create
-[azure-lb-comparison]: ../load-balancer/types.md#skus
+[azure-lb-comparison]: ../load-balancer/skus.md
 [use-kubenet]: configure-kubenet.md
 [aks-quickstart-cli]: kubernetes-walkthrough.md
 [aks-quickstart-portal]: kubernetes-walkthrough-portal.md