Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into ts_hbase12

Author: dagiro

articles/active-directory/develop/scenario-spa-sign-in.md

@@ -49,7 +49,7 @@ You cannot use a combination of both the pop-up and redirect methods in your app
 
 ```javascript
 const loginRequest = {
-    scopes: ["user.read", "user.write"]
+    scopes: ["https://graph.microsoft.com/User.ReadWrite"]
 }
 
 userAgentApplication.loginPopup(loginRequest).then(function (loginResponse) {
@@ -83,7 +83,7 @@ For a pop-up window experience, enable the `popUp` config option. You can also p
   imports: [ MsalModule.forRoot({
                 clientID: 'your_app_id',
                 popUp: true,
-                consentScopes: ["user.read", "user.write"]
+                consentScopes: ["https://graph.microsoft.com/User.ReadWrite"]
             })]
          })
 ```
@@ -102,7 +102,7 @@ function authCallback(error, response) {
 userAgentApplication.handleRedirectCallback(authCallback);
 
 const loginRequest = {
-    scopes: ["user.read", "user.write"]
+    scopes: ["https://graph.microsoft.com/User.ReadWrite"]
 }
 
 userAgentApplication.loginRedirect(loginRequest);

articles/active-directory/saas-apps/braze-tutorial.md

@@ -113,7 +113,7 @@ To configure Azure AD single sign-on with Braze, perform the following steps:
     `https://<SUBDOMAIN>.braze.com/sign_in`
 
 	> [!NOTE]
-	> These values are not real. Update these values with the actual Reply URL and Sign-On URL. Contact [Braze Client support team](mailto:support@braze.com) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+	> For the subdomain, use the coordinating subdomain listed in your Braze instance URL. For example, if your instance is US-01, your URL is https://dashboard-01.braze.com. This means that your subdomain will be dashboard-01.
 
 6. Braze application expects the SAML assertions in a specific format. Configure the following claims for this application. You can manage the values of these attributes from the **User Attributes** section on application integration page. On the **Set up Single Sign-On with SAML** page, click **Edit** button to open **User Attributes** dialog.
 
@@ -162,7 +162,7 @@ To configure Azure AD single sign-on with Braze, perform the following steps:
 
 ### Configure Braze Single Sign-On
 
-To configure single sign-on on **Braze** side, you need to send the downloaded **Certificate (Base64)** and appropriate copied URLs from Azure portal to [Braze support team](mailto:[email protected]). They set this setting to have the SAML SSO connection set properly on both sides.
+To configure single sign-on on **Braze** side, you will need to ensure that a Braze Account Manager has enabled SAML SSO for your account. Once enabled, you can then go to Company Settings > Security Settings and toggle the SAML SSO section to ON. Within this section, you will need to copy and paste the downloaded **Certificate (Base64)**, along with adding a SAML Name . 
 
 ### Create an Azure AD test user
 
@@ -216,7 +216,7 @@ In this section, you enable Britta Simon to use Azure single sign-on by granting
 
 ### Create Braze test user
 
-In this section, you create a user called Britta Simon in Braze. Work with [Braze support team](mailto:[email protected]) to add the users in the Braze platform. Users must be created and activated before you use single sign-on.
+In this section, you create a user called Britta Simon in Braze. You can add the users in the Braze platform. Users must be created and activated before you use single sign-on.
 
 ### Test single sign-on
 

articles/azure-monitor/insights/container-insights-live-logs.md

@@ -67,7 +67,7 @@ If you have enabled Kubernetes RBAC authorization, you will need to apply cluste
 
 AKS can be configured to use Azure Active Directory (AD) for user authentication. If you are configuring it for the first time, see [Integrate Azure Active Directory with Azure Kubernetes Service](../../aks/azure-ad-integration.md). During the steps to create the [client application](../../aks/azure-ad-integration.md#create-the-client-application), specify the following:
 
-- **Redirect URI (optional)**: This is a **Web** application type and the base URL value should be `https://afd.hosting.portal.azure.net/monitoring/Content/iframe/infrainsights.app/web/base-libs/auth/auth.html`.
+-  **Redirect URI**: Two **Web** application types need to be created. The first base URL value should be `https://afd.hosting.portal.azure.net/monitoring/Content/iframe/infrainsights.app/web/base-libs/auth/auth.html` and the second base URL value should be `https://monitoring.hosting.portal.azure.net/monitoring/Content/iframe/infrainsights.app/web/base-libs/auth/auth.html`.
 - After registering the application, from the **Overview** page select **Authentication** from the left-hand pane. On the **Authentication** page, under **Advanced settings** implicitly grant **Access tokens** and **ID tokens** and then save your changes.
 
 >[!NOTE]

articles/cosmos-db/sql-query-linq-to-sql.md

@@ -194,8 +194,8 @@ The syntax is `input(.|.SelectMany())(.Select()|.Where())*`. A concatenated quer
 - **LINQ lambda expression**
 
   ```csharp
-      input.Select(family=>family.parents[0])
-          .Where(familyName == "Wakefield");
+      input.Select(family => family.parents[0])
+          .Where(parent => parent.familyName == "Wakefield");
   ```
 
 - **SQL**

articles/dms/known-issues-troubleshooting-dms.md

@@ -93,9 +93,9 @@ When you try to connect to source in the Azure Database Migration service projec
 | ------------- | ------------- |
 | When using [ExpressRoute](https://azure.microsoft.com/services/expressroute/), Azure Database Migration Service [requires](https://docs.microsoft.com/azure/dms/tutorial-sql-server-azure-sql-online) provisioning three service endpoints on the Virtual Network subnet associated with the service:<br> -- Service Bus endpoint<br> -- Storage endpoint<br> -- Target database endpoint (e.g. SQL endpoint, Cosmos DB endpoint)<br><br><br><br><br> | [Enable](https://docs.microsoft.com/azure/dms/tutorial-sql-server-azure-sql-online) the required service endpoints for ExpressRoute connectivity between source and Azure Database Migration Service. <br><br><br><br><br><br><br><br> |
 
-## Timeout error when migrating a MySQL database to Azure DB for MySQL
+## Lock wait timeout error when migrating a MySQL database to Azure DB for MySQL
 
-When you migrate a MySQL database to an Azure Database for MySQL instance via Azure Database Migration Service, the migration fails with following timeout error:
+When you migrate a MySQL database to an Azure Database for MySQL instance via Azure Database Migration Service, the migration fails with following lock wait timeout error:
 
 * **Error**: Database migration error - Failed to load file - Failed to start load process for file 'n' RetCode: SQL_ERROR SqlState: HY000 NativeError: 1205 Message: [MySQL][ODBC Driver][mysqld] Lock wait timeout exceeded; try restarting transaction
 

articles/logic-apps/logic-apps-handle-large-messages.md

@@ -210,7 +210,13 @@ includes this information about the content that your logic app wants to upload
      |||||
 
 4. After each PATCH request, the endpoint confirms the receipt 
-for each chunk by responding with the "200" status code.
+for each chunk by responding with the "200" status code and the following response headers:
+
+   | Endpoint response header field | Type | Required | Description |
+   |--------------------------------|------|----------|-------------|
+   | **Range** | String | Yes | The byte range for content that has been received by the endpoint, for example: "bytes=0-1023" |   
+   | **x-ms-chunk-size** | Integer | No | The suggested chunk size in bytes |
+   ||||
 
 For example, this action definition shows an HTTP POST 
 request for uploading chunked content to an endpoint. 
@@ -234,4 +240,4 @@ the `contentTransfer` property sets `transferMode` to `chunked`:
     },
     "type": "Http"
 }
-```
+```

articles/security/fundamentals/encryption-atrest.md

@@ -294,7 +294,7 @@ Client-side encryption of Azure SQL Database data is supported through the [Alwa
 | Event Grid                       | Yes                | -                  | -                  |
 | API Management                   | Yes                | -                  | -                  |
 | **IoT Services**                 |                    |                    |                    |
-| IoT Hub                          | -                  | -                  | Yes                |
+| IoT Hub                          | Yes                | -                  | Yes                |
 | **Management and Governance**    |                    |                    |                    |
 | Azure Site Recovery              | Yes                | Yes, RSA 2048-bit  | Yes                |
 | **Media**                        |                    |                    |                    |

articles/storage/common/storage-encryption-keys-cli.md

@@ -18,6 +18,10 @@ ms.subservice: common
 
 This article shows how to configure a key vault with customer-managed keys using Azure CLI.
 
+> [!IMPORTANT]
+> Using customer-managed keys with Azure Storage encryption requires that the key vault have two required properties configured, **Soft Delete** and **Do Not Purge**. These properties are enabled by default when you create a new key vault in the Azure portal. However, if you need to enable these properties on an existing key vault, you must use either PowerShell or Azure CLI.
+> Only RSA keys and key size 2048 are supported.
+
 ## Assign an identity to the storage account
 
 To enable customer-managed keys for your storage account, first assign a system-assigned managed identity to the storage account. You'll use this managed identity to grant the storage account permissions to access the key vault.

articles/storage/common/storage-encryption-keys-portal.md

@@ -21,6 +21,7 @@ This article shows how to configure a key vault with customer-managed keys using
 
 > [!IMPORTANT]
 > Using customer-managed keys with Azure Storage encryption requires that the key vault have two required properties configured, **Soft Delete** and **Do Not Purge**. These properties are enabled by default when you create a new key vault in the Azure portal. However, if you need to enable these properties on an existing key vault, you must use either PowerShell or Azure CLI.
+> Only RSA keys and key size 2048 are supported.
 
 ## Enable customer-managed keys
 

articles/storage/common/storage-encryption-keys-powershell.md

@@ -18,6 +18,10 @@ ms.subservice: common
 
 This article shows how to configure a key vault with customer-managed keys using PowerShell.
 
+> [!IMPORTANT]
+> Using customer-managed keys with Azure Storage encryption requires that the key vault have two required properties configured, **Soft Delete** and **Do Not Purge**. These properties are enabled by default when you create a new key vault in the Azure portal. However, if you need to enable these properties on an existing key vault, you must use either PowerShell or Azure CLI.
+> Only RSA keys and key size 2048 are supported.
+
 ## Assign an identity to the storage account
 
 To enable customer-managed keys for your storage account, first assign a system-assigned managed identity to the storage account. You'll use this managed identity to grant the storage account permissions to access the key vault.