Merge pull request #227069 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: huypub

articles/active-directory/external-identities/b2b-quickstart-invite-powershell.md

@@ -23,7 +23,11 @@ If you don’t have an Azure subscription, create a [free account](https://azure
 ## Prerequisites
 
 ### PowerShell Module
-Install the [Microsoft Graph Identity Sign-ins module](/powershell/module/microsoft.graph.identity.signins/?view=graph-powershell-beta&preserve-view=true) (Microsoft.Graph.Identity.SignIns) and the [Microsoft Graph Users module](/powershell/module/microsoft.graph.users/?view=graph-powershell-beta&preserve-view=true) (Microsoft.Graph.Users).
+Install the [Microsoft Graph Identity Sign-ins module](/powershell/module/microsoft.graph.identity.signins/?view=graph-powershell-beta&preserve-view=true) (Microsoft.Graph.Identity.SignIns) and the [Microsoft Graph Users module](/powershell/module/microsoft.graph.users/?view=graph-powershell-beta&preserve-view=true) (Microsoft.Graph.Users). You can use the `#Requires` statement to prevent running a script unless the required PowerShell modules are met.
+
+```powershell
+#Requires -Modules Microsoft.Graph.Identity.SignIns, Microsoft.Graph.Users
+```
 
 ### Get a test email account
 
@@ -34,7 +38,7 @@ You need a test email account that you can send the invitation to. The account m
 Run the following command to connect to the tenant domain:
 
 ```powershell
-Connect-MgGraph -Scopes user.readwrite.all
+Connect-MgGraph -Scopes 'User.ReadWrite.All'
 ```
 
 When prompted, enter your credentials.
@@ -66,9 +70,16 @@ When prompted, enter your credentials.
 When no longer needed, you can delete the test user account in the directory. Run the following command to delete a user account:
 
 ```powershell
- Remove-AzureADUser -ObjectId "<UPN>"
+ Remove-MgUser -UserId '<String>'
+```
+For example: 
+```powershell 
+Remove-MgUser -UserId 'john_contoso.com#EXT#@fabrikam.onmicrosoft.com'
+``` 
+or 
+```powershell 
+Remove-MgUser -UserId '3f80a75e-750b-49aa-a6b0-d9bf6df7b4c6'
 ```
-For example: `Remove-AzureADUser -UserId john_contoso.com#EXT#@fabrikam.onmicrosoft.com`
 
 
 ## Next steps

articles/aks/use-wasi-node-pools.md

@@ -168,9 +168,16 @@ spec:
     spec:
       runtimeClassName: wasmtime-slight-v1
       containers:
-        - name: testwasm
+        - name: hello-slight
           image: ghcr.io/deislabs/containerd-wasm-shims/examples/slight-rust-hello:latest
           command: ["/"]
+          resources:
+            requests:
+              cpu: 10m
+              memory: 10Mi
+            limits:
+              cpu: 500m
+              memory: 128Mi
 ---
 apiVersion: v1
 kind: Service

articles/api-management/api-management-kubernetes.md

@@ -37,7 +37,7 @@ To solve this problem, Kubernetes introduced the concept of [Services](https://k
 
 When we are ready to publish our microservices as APIs through API Management, we need to think about how to map our Services in Kubernetes to APIs in API Management. There are no set rules. It depends on how you designed and partitioned your business capabilities or domains into microservices at the beginning. For instance, if the pods behind a Service are responsible for all operations on a given resource (e.g., Customer), the Service may be mapped to one API. If operations on a resource are partitioned into multiple microservices (e.g., GetOrder, PlaceOrder), then multiple Services may be logically aggregated into one single API in API management (See Fig. 1). 
 
-The mappings can also evolve. Since API Management creates a façade in front of the microservices, it allows us to refactor and right-size our microservices over time. 
+The mappings can also evolve. Since API Management creates a facade in front of the microservices, it allows us to refactor and right-size our microservices over time. 
 
 ![Map services to APIs](./media/api-management-aks/service-api-mapping.png)
 

articles/azure-arc/servers/ssh-arc-troubleshoot.md

@@ -47,9 +47,20 @@ Possible errors:
  - {"level":"fatal","msg":"sshproxy: error copying information from the connection: read tcp 192.168.1.180:60887-\u003e40.122.115.96:443: wsarecv: An existing connection was forcibly closed by the remote host.","time":"2022-02-24T13:50:40-05:00"}
 
 Resolution:
- - Ensure that the SSHD service is running on the Arc-enabled server
- - Ensure that port 22 (or other non-default port) is listed in allowed incoming connections. Run ```azcmagent config list``` on the Arc-enabled server in an elevated session
-
+ - Ensure that the SSHD service is running on the Arc-enabled server.
+ - Ensure that port 22 (or other non-default port) is listed in allowed incoming connections. Run `azcmagent config list` on the Arc-enabled server in an elevated session. The ssh port (22) isn't set by default, so you must add it. This setting is used by other services, like admin center, so just add port 22 without deleting previously added ports.
+
+   ```powershell
+   # Set 22 port:
+   azcmagent config list
+   azcmagent config get incomingconnections.port
+   azcmagent config set incomingconnections.port 22
+   azcmagent config
+   
+   # Add multiple ports:
+   azcmagent config set incomingconnections.port 22,3516
+   ```
+   
 ## Azure permissions issues
 
 ### Incorrect role assignments

articles/azure-monitor/logs/analyze-usage.md

@@ -220,7 +220,7 @@ let freeTables = dynamic([
 Usage 
 | where DataType !in (freeTables) 
 | where TimeGenerated > ago(30d) 
-| where IsBillable = false 
+| where IsBillable == false 
 | summarize MonthlyPotentialUnderbilledGB=sum(Quantity)/1000 by DataType
 ```
 

articles/defender-for-cloud/devops-faq.md

@@ -82,6 +82,8 @@ Data is stored within the region your connector is created in. You should consid
 
 Defender for DevOps currently doesn't process or store your code, build, and audit logs.
 
+Learn more about [Microsoft Privacy Statement](https://go.microsoft.com/fwLink/?LinkID=521839&clcid=0x9).
+
 ### Is Exemptions capability available and tracked for app sec vulnerability management?
 
 Exemptions are not available for Defender for DevOps within Microsoft Defender for Cloud.

articles/migrate/migrate-support-matrix-vmware-migration.md

@@ -122,7 +122,7 @@ This table summarizes assessment support and limitations for VMware vSphere virt
 --- | ---
 **VMware vCenter Server** | Version 5.5, 6.0, 6.5, or 6.7.
 **VMware vSphere ESXi host** | Version 5.5, 6.0, 6.5, 6.7 or 7.0.
-**vCenter Server permissions** | A read-only account for vCenter Server.
+**vCenter Server permissions** | **VM discovery**: At least a read-only user<br/><br/> Data Center object –> Propagate to Child Object, role=Read-only.<br/><br/> **Replication**: Create a role (Azure Site Recovery) with the required permissions, and then assign the role to a VMware vSphere user or group<br/><br/> Data Center object –> Propagate to Child Object, role=Azure Site Recovery<br/><br/> Datastore -> Allocate space, browse datastore, low-level file operations, remove file, update virtual machine files<br/><br/> Network -> Network assign<br/><br/> Resource -> Assign VM to resource pool, migrate powered off VM, migrate powered on VM<br/><br/> Tasks -> Create task, update task<br/><br/> Virtual machine -> Configuration<br/><br/> Virtual machine -> Interact -> answer question, device connection, configure CD media, configure floppy media, power off, power on, VMware tools install<br/><br/> Virtual machine -> Inventory -> Create, register, unregister<br/><br/> Virtual machine -> Provisioning -> Allow virtual machine download, allow virtual machine files upload<br/><br/> Virtual machine -> Snapshots -> Remove snapshots.<br/><br/><br/>**Note**:<br/>User assigned at datacenter level, and has access to all the objects in the datacenter.<br/><br/> To restrict access, assign the **No access** role with the **Propagate to child** object, to the child objects (vSphere hosts, datastores, VMs, and networks).
 
 ### VM requirements (agent-based)
 

articles/mysql/flexible-server/tutorial-deploy-wordpress-on-aks.md

@@ -114,86 +114,11 @@ The server created has the below attributes:
 - Using public-access argument allow you to create a server with public access protected by firewall rules. By providing your IP address to add the firewall rule to allow access from your client machine.
 - Since the command is using Local context it will create the server in the resource group ```wordpress-project``` and in the region ```eastus```.
 
-### Build your WordPress docker image
-
-Download the [latest WordPress](https://wordpress.org/download/) version. Create new directory ```my-wordpress-app``` for your project and use this simple folder structure
-
-```wordpress
-└───my-wordpress-app
-    └───public
-        ├───wp-admin
-        │   ├───css
-      	. . . . . . .
-        ├───wp-content
-        │   ├───plugins
-        . . . . . . .
-        └───wp-includes
-        . . . . . . .
-        ├───wp-config-sample.php
-        ├───index.php
-        . . . . . . .
-    └─── Dockerfile
+## Container definitions
 
-```
-
-Rename ```wp-config-sample.php```  to ```wp-config.php``` and replace lines from beginingin of ```// ** MySQL settings - You can get this info from your web host ** //``` until the line ```define( 'DB_COLLATE', '' );``` with the code snippet below. The code below is reading the database host, username and password from the Kubernetes manifest file.
-
-```php
-//Using environment variables for DB connection information
-
-// ** MySQL settings - You can get this info from your web host ** //
-/** The name of the database for WordPress */
-
-$connectstr_dbhost = getenv('DATABASE_HOST');
-$connectstr_dbusername = getenv('DATABASE_USERNAME');
-$connectstr_dbpassword = getenv('DATABASE_PASSWORD');
-$connectst_dbname = getenv('DATABASE_NAME');
-
-/** MySQL database name */
-define('DB_NAME', $connectst_dbname);
-
-/** MySQL database username */
-define('DB_USER', $connectstr_dbusername);
-
-/** MySQL database password */
-define('DB_PASSWORD',$connectstr_dbpassword);
-
-/** MySQL hostname */
-define('DB_HOST', $connectstr_dbhost);
+In the following example, we're creating two containers, a Nginx web server and a PHP FastCGI processor, based on official Docker images `nginx` and `wordpress` ( `fpm` version with FastCGI support), published on Docker Hub.
 
-/** Database Charset to use in creating database tables. */
-define('DB_CHARSET', 'utf8');
-
-/** The Database Collate type. Don't change this if in doubt. */
-define('DB_COLLATE', '');
-
-
-/** SSL*/
-define('MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL);
-```
-
-### Create a Dockerfile
-
-Create a new Dockerfile and copy this code snippet. This Dockerfile in setting up Apache web server with PHP and enabling mysqli extension.
-
-```docker
-FROM php:7.2-apache
-COPY public/ /var/www/html/
-RUN docker-php-ext-install mysqli
-RUN docker-php-ext-enable mysqli
-```
-
-### Build your docker image
-
-Make sure you're in the directory ```my-wordpress-app``` in a terminal using the ```cd``` command. Run the following command to build the image:
-
-``` bash
-
-docker build --tag myblog:latest .
-
-```
-
-Deploy your image to [Docker hub](https://docs.docker.com/get-started/part3/#create-a-docker-hub-repository-and-push-your-image) or [Azure Container registry](../../container-registry/container-registry-get-started-azure-cli.md).
+Alternatively you can build custom docker image(s) and deploy image(s) into [Docker hub](https://docs.docker.com/get-started/part3/#create-a-docker-hub-repository-and-push-your-image) or [Azure Container registry](../../container-registry/container-registry-get-started-azure-cli.md).
 
 > [!IMPORTANT]
 > If you are using Azure container regdistry (ACR), then run the ```az aks update``` command to attach ACR account with the AKS cluster.
@@ -202,44 +127,71 @@ Deploy your image to [Docker hub](https://docs.docker.com/get-started/part3/#cre
 > az aks update -n myAKSCluster -g wordpress-project --attach-acr <your-acr-name>
 > ```
 
+
 ## Create Kubernetes manifest file
 
 A Kubernetes manifest file defines a desired state for the cluster, such as what container images to run. Let's create a manifest file named `mywordpress.yaml` and copy in the following YAML definition.
 
 > [!IMPORTANT]
 >
-> - Replace ```[DOCKER-HUB-USER/ACR ACCOUNT]/[YOUR-IMAGE-NAME]:[TAG]``` with your actual WordPress docker image name and tag, for example ```docker-hub-user/myblog:latest```.
 > - Update ```env``` section below with your ```SERVERNAME```, ```YOUR-DATABASE-USERNAME```, ```YOUR-DATABASE-PASSWORD``` of your MySQL flexible server.
 
 ```yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: wordpress-blog
+  name: wp-blog
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app: wordpress-blog
+      app: wp-blog
   template:
     metadata:
       labels:
-        app: wordpress-blog
+        app: wp-blog
     spec:
       containers:
-      - name: wordpress-blog
-        image: [DOCKER-HUB-USER-OR-ACR-ACCOUNT]/[YOUR-IMAGE-NAME]:[TAG]
+      - name: wp-blog-nginx
+        image: nginx
         ports:
         - containerPort: 80
+        volumeMounts:
+        - name: config
+          mountPath: /etc/nginx/conf.d
+        - name: wp-persistent-storage
+          mountPath: /var/www/html
+
+      - name: wp-blog-php
+        image: wordpress:fpm
+        ports:
+        - containerPort: 9000
+        volumeMounts:
+        - name: wp-persistent-storage
+          mountPath: /var/www/html
         env:
-        - name: DATABASE_HOST
-          value: "SERVERNAME.mysql.database.azure.com" #Update here
-        - name: DATABASE_USERNAME
-          value: "YOUR-DATABASE-USERNAME"  #Update here
-        - name: DATABASE_PASSWORD
-          value: "YOUR-DATABASE-PASSWORD"  #Update here
-        - name: DATABASE_NAME
-          value: "flexibleserverdb"
+        - name: WORDPRESS_DB_HOST
+          value: "<<SERVERNAME.mysql.database.azure.com>>" #Update here
+        - name: WORDPRESS_DB_USER
+          value: "<<YOUR-DATABASE-USERNAME>>"  #Update here
+        - name: WORDPRESS_DB_PASSWORD
+          value: "<<YOUR-DATABASE-PASSWORD>>"  #Update here
+        - name: WORDPRESS_DB_NAME
+          value: "<<flexibleserverdb>>"
+        - name: WORDPRESS_CONFIG_EXTRA # enable SSL connection for MySQL
+          value: | 
+            define('MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL);
+      volumes:
+      - name: config
+        configMap:
+          name: wp-nginx-config
+          items:
+          - key: config
+            path: site.conf
+
+      - name: wp-persistent-storage
+        persistentVolumeClaim:
+          claimName: wp-pv-claim
       affinity:
         podAntiAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
@@ -248,19 +200,78 @@ spec:
                   - key: "app"
                     operator: In
                     values:
-                    - wordpress-blog
+                    - wp-blog
               topologyKey: "kubernetes.io/hostname"
 ---
 apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: wp-pv-claim
+  labels:
+    app: wp-blog
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
+---
+apiVersion: v1
 kind: Service
 metadata:
-  name: php-svc
+  name: blog-nginx-service
 spec:
   type: LoadBalancer
   ports:
     - port: 80
   selector:
-    app: wordpress-blog
+    app: wp-blog
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: wp-nginx-config
+data:
+  config : |
+    server {
+         listen       80;
+         server_name  localhost;
+         root         /var/www/html/;
+
+         access_log /var/log/nginx/wp-blog-access.log;
+         error_log  /var/log/nginx/wp-blog-error.log error;
+         index index.html index.htm index.php;
+
+         
+        location ~* .(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
+           expires max;
+           index index.php index.html index.htm;
+           try_files $uri =404;
+        }
+
+        location / {
+          index index.php index.html index.htm;
+          
+          if (-f $request_filename) {
+            expires max;
+            break;
+          }
+          
+          if (!-e $request_filename) {
+            rewrite ^(.+)$ /index.php?q=$1 last;
+          }
+        }
+
+        location ~ \.php$ {
+           fastcgi_split_path_info ^(.+\.php)(/.+)$;
+           fastcgi_pass localhost:9000;
+           fastcgi_index index.php;
+           include fastcgi_params;
+           fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+           fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+           fastcgi_param PATH_INFO $fastcgi_path_info;
+        }
+      }
 ```
 
 ## Deploy WordPress to AKS cluster

articles/purview/how-to-create-manage-glossary.md

@@ -15,7 +15,7 @@ In Microsoft Purview, you can create multiple business glossaries to support sep
 
 ## Create a new glossary
 
-To create a glossary term, follow these steps:
+To create a business glossary, follow these steps:
 
 1. On the home page, select **Data catalog** on the left pane, and then select the **Manage glossary** button in the center of the page.
 
@@ -25,7 +25,7 @@ To create a glossary term, follow these steps:
 
    :::image type="content" source="media/how-to-create-manage-glossary/select-new-glossary.png" alt-text="Screenshot of the button and pane for creating a new glossary." border="true":::
 
-1. Give your term a **Name** and a **Description**.
+1. Give your glossary a **Name** and a **Description**.
 
 1. You'll need to select at least one **Steward**, an Azure Active Directory user or group who will manage the glossary.