Merge pull request #197349 from MicrosoftDocs/main

Merge Main to Live, 4 AM

Author: PMEds28

articles/active-directory/authentication/howto-authentication-use-email-signin.md

@@ -32,11 +32,21 @@ If your vault is configured with [network restrictions](../key-vault/general/ove
 
 1. Make sure the application has outbound networking capabilities configured, as described in [App Service networking features](./networking-features.md) and [Azure Functions networking options](../azure-functions/functions-networking-options.md).
 
-    Linux applications attempting to use private endpoints additionally require that the app be explicitly configured to have all traffic route through the virtual network. This requirement will be removed in a forthcoming update. To set this, use the following CLI command:
+    Linux applications attempting to use private endpoints additionally require that the app be explicitly configured to have all traffic route through the virtual network. This requirement will be removed in a forthcoming update. To set this, use the following Azure CLI or Azure PowerShell command:
+
+    # [Azure CLI](#tab/azure-cli)
 
     ```azurecli
-    az webapp config set --subscription <sub> -g <rg> -n <appname> --generic-configurations '{"vnetRouteAllEnabled": true}'
+    az webapp config set --subscription <sub> -g MyResourceGroupName -n MyAppName --generic-configurations '{"vnetRouteAllEnabled": true}'
+    ```
+    
+    # [Azure PowerShell](#tab/azure-powershell) 
+
+    ```azurepowershell
+    Update-AzFunctionAppSetting -Name MyAppName -ResourceGroupName MyResourceGroupName -AppSetting @{vnetRouteAllEnabled = $true}
     ```
+    
+    ---
 
 2. Make sure that the vault's configuration accounts for the network or subnet through which your app will access it.
 
@@ -53,11 +63,24 @@ Once you have granted permissions to the user-assigned identity, follow these st
 
 1. Configure the app to use this identity for Key Vault reference operations by setting the `keyVaultReferenceIdentity` property to the resource ID of the user-assigned identity.
 
+    # [Azure CLI](#tab/azure-cli)
+    
     ```azurecli-interactive
     userAssignedIdentityResourceId=$(az identity show -g MyResourceGroupName -n MyUserAssignedIdentityName --query id -o tsv)
     appResourceId=$(az webapp show -g MyResourceGroupName -n MyAppName --query id -o tsv)
     az rest --method PATCH --uri "${appResourceId}?api-version=2021-01-01" --body "{'properties':{'keyVaultReferenceIdentity':'${userAssignedIdentityResourceId}'}}"
     ```
+    # [Azure PowerShell](#tab/azure-powershell) 
+    
+    ```azurepowershell-interactive   
+    $userAssignedIdentityResourceId = Get-AzUserAssignedIdentity -ResourceGroupName MyResourceGroupName -Name MyUserAssignedIdentityName | Select-Object -ExpandProperty Id
+    $appResourceId = Get-AzFunctionApp -ResourceGroupName MyResourceGroupName -Name MyAppName | Select-Object -ExpandProperty Id
+    
+    $Path = "{0}?api-version=2021-01-01" -f $appResourceId
+    Invoke-AzRestMethod -Method PATCH -Path $Path -Payload "{'properties':{'keyVaultReferenceIdentity':'$userAssignedIdentityResourceId'}}"
+    ```
+    
+    ---
 
 This configuration will apply to all references for the app.
 

articles/active-directory/authentication/media/howto-authentication-use-email-signin/azure-ad-connect-screen.png

@@ -157,6 +157,16 @@ The following features are supported for Linux containers:
 1. From the left navigation, click **Configuration** > **Path Mappings** > **New Azure Storage Mount**. 
 1. Configure the storage mount according to the following table. When finished, click **OK**.
 
+    ::: zone pivot="code-windows"
+    | Setting | Description |
+    |-|-|
+    | **Name** | Name of the mount configuration. Spaces are not allowed. |
+    | **Configuration options** | Select **Basic** if the storage account is not using [private endpoints](../storage/common/storage-private-endpoints.md). Otherwise, select **Advanced**. |
+    | **Storage accounts** | Azure Storage account. It must contain an Azure Files share. |
+    | **Share name** | Files share to mount. |
+    | **Access key** (Advanced only) | [Access key](../storage/common/storage-account-keys-manage.md) for your storage account. |
+    | **Mount path** | Directory inside your file/blob storage that you want to mount. Only `/mounts/pathname` is supported.|
+    ::: zone-end
     ::: zone pivot="container-windows"
     | Setting | Description |
     |-|-|

articles/active-directory/authentication/media/howto-authentication-use-email-signin/email-alternate-login-id-logs.png

@@ -107,7 +107,7 @@ A record with a type of `UpdateRunProgress` is created that provides update depl
 | CorrelationId | Unique identifier of the runbook job run for the update. |
 | EndTime | The time when the synchronization process ended. *This property is currently not used. See TimeGenerated.* |
 | ErrorResult | Windows Update error code generated if an update fails to install. |
-| InstallationStatus | The possible installation states of an update on the client computer,<br> `NotStarted` - job not triggered yet.<br> `Failed` - job started but failed with an exception.<br> `InProgress` - job in progress.<br> `MaintenanceWindowExceeded` - if execution was remaining but maintenance window interval reached.<br> `Succeeded` - job succeeded.<br> `InstallFailed` - update failed to install successfully.<br> `NotIncluded`<br> `Excluded` |
+| InstallationStatus | The possible installation states of an update on the client computer,<br> `NotStarted` - job not triggered yet.<br> `Failed` - job started but failed with an exception.<br> `InProgress` - job in progress.<br> `MaintenanceWindowExceeded` - if execution was remaining but maintenance window interval reached.<br> `Succeeded` - job succeeded.<br> `InstallFailed` - update failed to install successfully.<br> `NotIncluded` - the corresponding update's classification doesn't match with customer's entries in input classification list.<br> `Excluded` - user enters a KBID in excluded list. While patching, if KBID in excluded list matches with the system detected update KB ID, it is marked as excluded.  |
 | KBID | Knowledge base article ID for the Windows update. |
 | ManagementGroupName | Name of the Operations Manager management group or Log Analytics workspace. |
 | OSType | Type of operating system. Values are Windows or Linux. |

articles/active-directory/authentication/media/howto-authentication-use-email-signin/email-alternate-login-id-screen.png

@@ -56,6 +56,8 @@ Add support for specifying labels and annotations on the secondary service endpo
 - If three replicas, then `REQUIRED_SECONDARIES_TO_COMMIT = 1`.  
 - If one or two replicas, then `REQUIRED_SECONDARIES_TO_COMMIT = 0`.
 
+In this release, the default value of the readable secondary service is `Cluster IP`.  The secondary service type can be set in the Kubernetes yaml/json at `spec.services.readableSecondaries.type`. In the next release, the default value will be the same as the primary service type.
+
 ### User experience improvements
 
 Notifications added in Azure Portal if billing data has not been uploaded to Azure recently.

articles/app-service/app-service-key-vault-references.md

@@ -255,24 +255,6 @@ eastus   AzureArcTest1 microsoft.kubernetes/connectedclusters
 
 ---
 
-## Connect a cluster with custom certificate
-
-If you need the outbound communication from Arc agents to authenticate via a certificate, pass the certificate during onboarding. In case you need to pass multiple certificates, combine them into a single certificate chain and pass it through.
-
-### [Azure CLI](#tab/azure-cli)
-
-Run the connect command with parameters specified:
-
-```azurecli
-az connectedk8s connect --name <cluster-name> --resource-group <resource-group> --proxy-cert <path-to-cert-file>
-```
-
-### [Azure PowerShell](#tab/azure-powershell)
-
-This scenario is not supported via the powershell cmdlet. 
-
----
-
 ## Connect using an outbound proxy server
 
 If your cluster is behind an outbound proxy server, requests must be routed via the outbound proxy server.
@@ -317,6 +299,22 @@ If your cluster is behind an outbound proxy server, requests must be routed via
 
 ---
 
+For outbound proxy servers where only a trusted certificate needs to be provided without the proxy server endpoint inputs, `az connectedk8s connect` can be run with just the `--proxy-cert` input specified. In case multiple trusted certificates are expected, the combined certificate chain can be provided in a single file using the `--proxy-cert` parameter.
+
+### [Azure CLI](#tab/azure-cli)
+
+Run the connect command with the `--proxy-cert` parameter specified:
+
+```azurecli
+az connectedk8s connect --name <cluster-name> --resource-group <resource-group> --proxy-cert <path-to-cert-file>
+```
+
+### [Azure PowerShell](#tab/azure-powershell)
+
+The ability to pass in the proxy certificate only without the proxy server endpoint details is not yet supported via PowerShell. 
+
+---
+
 ## Verify cluster connection
 
 Run the following command:

articles/app-service/configure-connect-to-azure-storage.md

@@ -211,12 +211,26 @@ When you run a Premium plan, you can connect non-HTTP trigger functions to servi
 
 :::image type="content" source="media/functions-networking-options/virtual-network-trigger-toggle.png" alt-text="VNETToggle":::
 
+### [Azure CLI](#tab/azure-cli)
+
 You can also enable virtual network triggers by using the following Azure CLI command:
 
 ```azurecli-interactive
 az resource update -g <resource_group> -n <function_app_name>/config/web --set properties.functionsRuntimeScaleMonitoringEnabled=1 --resource-type Microsoft.Web/sites
 ```
 
+### [Azure PowerShell](#tab/azure-powershell)
+
+You can also enable virtual network triggers by using the following Azure PowerShell command:
+
+```azurepowershell-interactive
+$Resource = Get-AzResource -ResourceGroupName <resource_group> -ResourceName <function_app_name>/config/web -ResourceType Microsoft.Web/sites
+$Resource.Properties.functionsRuntimeScaleMonitoringEnabled = $true
+$Resource | Set-AzResource -Force
+```
+
+---
+
 > [!TIP]
 > Enabling virtual network triggers may have an impact on the performance of your application since your App Service plan instances will need to monitor your triggers to determine when to scale. This impact is likely to be very small.