Merge pull request #99217 from MicrosoftDocs/master

12/17 AM Publish

Author: huypub

.openpublishing.redirection.json

@@ -555,6 +555,11 @@
       "redirect_url": "/azure/machine-learning",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/cognitive-services/QnAMaker/Quickstarts/create-knowledge-rest-api-nodejs.md",
+      "redirect_url": "/azure/cognitive-services//QnAMaker/Quickstarts/publish-kb-nodejs",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/cognitive-services/QnAMaker/Quickstarts/get-answer-from-kb-using-postman.md",
       "redirect_url": "/azure/cognitive-services//QnAMaker/Quickstarts/get-answer-from-knowledge-base-using-url-tool",
@@ -24668,7 +24673,7 @@
       "source_path": "articles/storage/common/storage-security-guide.md",
       "redirect_url": "/azure/storage/blobs/security-recommendations",
       "redirect_document_id": true
-    },    
+    },
     {
       "source_path": "articles/storage/storage-service-encryption-customer-managed-keys.md",
       "redirect_url": "/azure/storage/common/storage-service-encryption-customer-managed-keys",
@@ -31769,11 +31774,6 @@
       "redirect_url": "/azure/cognitive-services/QnAMaker/concepts/knowledge-base",
       "redirect_document_id": false
     },
-    {
-      "source_path": "articles/cognitive-services/QnAMaker/Quickstarts/publish-kb-nodejs.md",
-      "redirect_url": "/azure/cognitive-services/QnAMaker/Quickstarts/create-knowledge-rest-api-nodejs#publish-a-knowledge-base",
-      "redirect_document_id": false
-    },
     {
       "source_path": "articles/cognitive-services/QnAMaker/Quickstarts/create-new-kb-nodejs.md",
       "redirect_url": "/azure/cognitive-services/QnAMaker/Quickstarts/create-knowledge-rest-api-nodejs",

articles/active-directory-b2c/active-directory-b2c-custom-guide-eventlogger-appins.md

@@ -1,7 +1,7 @@
 ---
 title: Track user behavior with Application Insights
 titleSuffix: Azure AD B2C
-description: Learn how to enable event logs in Application Insights from Azure AD B2C user journeys by using custom policies (preview).
+description: Learn how to enable event logs in Application Insights from Azure AD B2C user journeys by using custom policies.
 services: active-directory-b2c
 author: mmacy
 manager: celestedg
@@ -29,7 +29,7 @@ When you use Azure Active Directory B2C (Azure AD B2C) together with Azure Appli
 
 The Identity Experience Framework in Azure AD B2C includes the provider `Handler="Web.TPEngine.Providers.AzureApplicationInsightsProvider, Web.TPEngine, Version=1.0.0.0`. It sends event data directly to Application Insights by using the instrumentation key provided to Azure AD B2C.
 
-A technical profile uses this provider to define an event from Azure AD B2C. The profile specifies the name of the event, the claims that are recorded, and the instrumentation key. To post an event, the technical profile is then added as an `orchestration step`, or as a `validation technical profile` in a custom user journey.
+A technical profile uses this provider to define an event from Azure AD B2C. The profile specifies the name of the event, the claims that are recorded, and the instrumentation key. To post an event, the technical profile is then added as an `orchestration step` in a custom user journey.
 
 Application Insights can unify the events by using a correlation ID to record a user session. Application Insights makes the event and session available within seconds and presents many visualization, export, and analytical tools.
 

articles/active-directory-b2c/custom-email.md

@@ -1,15 +1,15 @@
 ---
 title: Custom email verifications
 titleSuffix: Azure AD B2C
-description: Learn how to customize email verification when customers sign up to use your Azure AD B2C-enabled applications.
+description: Learn how to customize the verification email sent to your customers when they sign up to use your Azure AD B2C-enabled applications.
 services: active-directory-b2c
 author: mmacy
 manager: celestedg
 
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 12/10/2019
+ms.date: 12/18/2019
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -148,6 +148,8 @@ With a SendGrid account created and SendGrid API key stored in a Azure AD B2C po
     ```
 
 1. Select **Save Template**.
+1. Return to the **Transactional Templates** page by selecting the back arrow.
+1. Record the **ID** of template you created for use in a later step. For example, `d-989077fbba9746e89f3f6411f596fb96`. You specify this ID when you [add the claims transformation](#add-the-claims-transformation).
 
 ## Add Azure AD B2C claim types
 
@@ -257,7 +259,7 @@ The `GenerateOtp` technical profile generates a code for the email address. The
       </InputClaims>
     </TechnicalProfile>
    </TechnicalProfiles>
-</ClaimsProviders>
+</ClaimsProvider>
 ```
 
 ## Add a REST API technical profile
@@ -278,7 +280,7 @@ This REST API technical profile generates the email content (using the SendGrid
         <Item Key="ClaimUsedForRequestPayload">sendGridReqBody</Item>
       </Metadata>
       <CryptographicKeys>
-        <Key Id="BearerAuthenticationToken" StorageReferenceId="B2C_1A_SendGridApiKey" />
+        <Key Id="BearerAuthenticationToken" StorageReferenceId="B2C_1A_SendGridSecret" />
       </CryptographicKeys>
       <InputClaimsTransformations>
         <InputClaimsTransformation ReferenceId="GenerateSendGridRequestBody" />
@@ -293,7 +295,10 @@ This REST API technical profile generates the email content (using the SendGrid
 
 ## Add the claims transformation
 
-Add the following claims transformation to output a JSON string claim that will be the body of the request sent to SendGrid.
+Add the following claims transformation to output a JSON string claim that will be the body of the request sent to SendGrid. Make the following updates to the claims transformation XML:
+
+* Update the `template_id` InputParameter value with the ID of the SendGrid transactional template you created earlier in [Create SendGrid template](#create-sendgrid-template).
+* Update the value of the `personalizations.0.dynamic_template_data.subject` subject line input parameter with a subject line appropriate for your organization.
 
 The JSON object's structure is defined by the IDs in dot notation of the InputParameters and the TransformationClaimTypes of the InputClaims. Numbers in the dot notation imply arrays. The values come from the InputClaims' values and the InputParameters' "Value" properties. For more information about JSON claims transformations, see [JSON claims transformations](json-transformations.md).
 
@@ -305,16 +310,30 @@ The JSON object's structure is defined by the IDs in dot notation of the InputPa
     <InputClaim ClaimTypeReferenceId="email" TransformationClaimType="personalizations.0.dynamic_template_data.email" />
   </InputClaims>
   <InputParameters>
+    <!-- Update the template_id value with the ID of your SendGrid template. -->
     <InputParameter Id="template_id" DataType="string" Value="d-989077fbba9746e89f3f6411f596fb96"/>
     <InputParameter Id="from.email" DataType="string" Value="[email protected]"/>
-    <InputParameter Id="personalizations.0.subject" DataType="string" Value="Contoso account email verification code"/>
+    <!-- Update with a subject line appropriate for your organization. -->
+    <InputParameter Id="personalizations.0.dynamic_template_data.subject" DataType="string" Value="Contoso account email verification code"/>
   </InputParameters>
   <OutputClaims>
     <OutputClaim ClaimTypeReferenceId="sendGridReqBody" TransformationClaimType="outputClaim"/>
   </OutputClaims>
 </ClaimsTransformation>
 ```
 
+## Add DataUri content definition
+
+Add the following ContentDefinition within BuildingBlocks to reference the version 2.0.0 data URI:
+
+```XML
+<ContentDefinitions>
+ <ContentDefinition Id="api.localaccountsignup">
+    <DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.0.0</DataUri>
+  </ContentDefinition>
+</ContentDefinitions>
+```
+
 ## Make a reference to the DisplayControl
 
 In the final step, add a reference to the DisplayControl you created. Replace your existing `LocalAccountSignUpWithLogonEmail` self-asserted technical profile with the following if you used an earlier version of Azure AD B2C policy. This technical profile uses `DisplayClaims` with a reference to the DisplayControl.
@@ -335,7 +354,6 @@ For more information, see [Self-asserted technical profile](restful-technical-pr
   </InputClaims>
   <DisplayClaims>
     <DisplayClaim DisplayControlReferenceId="emailVerificationControl" />
-    <DisplayClaim DisplayControlReferenceId="SecondaryEmailVerificationControl" />
     <DisplayClaim ClaimTypeReferenceId="displayName" Required="true" />
     <DisplayClaim ClaimTypeReferenceId="givenName" Required="true" />
     <DisplayClaim ClaimTypeReferenceId="surName" Required="true" />
@@ -358,4 +376,8 @@ For more information, see [Self-asserted technical profile](restful-technical-pr
 
 ## Next steps
 
+You can find an example of a custom email verification policy on GitHub:
+
+[Custom email verification - DisplayControls](https://github.com/azure-ad-b2c/samples/tree/master/policies/custom-email-verifcation-displaycontrol)
+
 For information about using a custom REST API or any HTTP-based SMTP email provider, see [Define a RESTful technical profile in an Azure AD B2C custom policy](restful-technical-profile.md).

articles/active-directory/cloud-provisioning/tutorial-pilot-aadc-aadccp.md

@@ -127,21 +127,6 @@ Same steps need to be followed for all object types (user, group and contact).
 6. On the **Configuration complete** screen, click **Confirm**.  This operation will register and restart the agent.</br>
 ![Welcome screen](media/how-to-install/install4.png)</br>
 
-7. Once this operation completes you should see a notice **Your was successfully verified.**  You can click **Exit**.</br>
-![Welcome screen](media/how-to-install/install5.png)</br>
-8. If you still see the initial splash screen, click **Close**.1. Sign in to the server you will use with enterprise admin permissions.
-2. Download the Azure AD Connect cloud provisioning agent [here](https://go.microsoft.com/fwlink/?linkid=2109037).
-3. Run the Azure AD Connect cloud provisioning (AADConnectProvisioningAgent.Installer)
-3. On the splash screen, **Accept** the licensing terms and click **Install**.</br>
-![Welcome screen](media/how-to-install/install1.png)</br>
-
-4. Once this operation completes, the configuration wizard will launch.  Sign in with your Azure AD global administrator account.
-5. On the **Connect Active Directory** screen, click **Add directory** and then sign in with your Active Directory administrator account.  This operation will add your on-premises directory.  Click **Next**.</br>
-![Welcome screen](media/how-to-install/install3.png)</br>
-
-6. On the **Configuration complete** screen, click **Confirm**.  This operation will register and restart the agent.</br>
-![Welcome screen](media/how-to-install/install4.png)</br>
-
 7. Once this operation completes you should see a notice **Your was successfully verified.**  You can click **Exit**.</br>
 ![Welcome screen](media/how-to-install/install5.png)</br>
 8. If you still see the initial splash screen, click **Close**.

articles/aks/private-clusters.md

@@ -14,7 +14,7 @@ ms.author: mlearned
 
 In a private cluster, the Control Plane/API server will have internal IP addresses defined in [RFC1918](https://tools.ietf.org/html/rfc1918).  By using a private cluster, you can ensure network traffic between your API server and your node pools remains on the private network only.
 
-The communication between the control plane/API server, which is in an AKS-managed Azure subscription, and the customers cluster/node pool, which is in a customer subscription, can communicate with each other through the private link service in the API server VNET and a private endpoint exposed in the subnet of the customer AKS cluster.
+The communication between the control plane/API server, which is in an AKS-managed Azure subscription, and the customers cluster/node pool, which is in a customer subscription, can communicate with each other through the [private link service][private-link-service] in the API server VNET and a private endpoint exposed in the subnet of the customer AKS cluster.
 
 > [!IMPORTANT]
 > AKS preview features are self-service opt-in. Previews are provided "as-is" and "as available" and are excluded from the service level agreements and limited warranty. AKS Previews are partially covered by customer support on best effort basis. As such, these features are not meant for production use. For additional infromation, please see the following support articles:
@@ -111,6 +111,7 @@ The API server end point has no public IP address. Consequently, users will need
 * Standard LB Only - no support for basic load balancer  
 
 ## Limitations 
+* The same [Azure Private Link service limitations][private-link-service] apply to private clusters, Azure Private Endpoints and Virtual Network service endpoints are not currently supported in the same VNET
 * No support for virtual nodes in a private cluster to spin private ACI instances in a private Azure VNET
 * No support for Azure DevOps integration out of the box with private clusters
 * If customers need to enable ACR to work with private AKS, then the ACR's VNET will need to be peered with the agent cluster VNET
@@ -120,8 +121,10 @@ The API server end point has no public IP address. Consequently, users will need
 * Azure Monitor for containers Live Data isn't currently supported
 * Bring your own DNS isn't currently supported
 
+
 <!-- LINKS - internal -->
 [az-provider-register]: /cli/azure/provider?view=azure-cli-latest#az-provider-register
 [az-feature-list]: /cli/azure/feature?view=azure-cli-latest#az-feature-list
 [az-extension-add]: /cli/azure/extension#az-extension-add
 [az-extension-update]: /cli/azure/extension#az-extension-update
+[private-link-service]: https://docs.microsoft.com/azure/private-link/private-link-service-overview

articles/aks/troubleshooting.md

@@ -6,7 +6,7 @@ author: sauryadas
 
 ms.service: container-service
 ms.topic: troubleshooting
-ms.date: 08/13/2018
+ms.date: 12/13/2019
 ms.author: saudas
 ---
 
@@ -478,3 +478,17 @@ kubectl edit secret azure-storage-account-{storage-account-name}-secret
 ```
 
 After a few minutes, the agent node will retry the azure file mount with the updated storage key.
+
+### Cluster autoscaler fails to scale with error failed to fix node group sizes
+
+If your cluster autoscaler is not scaling up/down and you see an error like the below on the [cluster autoscaler logs][view-master-logs].
+
+```console
+E1114 09:58:55.367731 1 static_autoscaler.go:239] Failed to fix node group sizes: failed to decrease aks-default-35246781-vmss: attempt to delete existing nodes
+```
+
+This error is due to an upstream cluster autoscaler race condition where the cluster autoscaler ends with a different value than the one that is actually in the cluster. To get out of this state, simply disable and re-enable the [cluster autoscaler][cluster-autoscaler].
+
+<!-- LINKS - internal -->
+[view-master-logs]: view-master-logs.md
+[cluster-autoscaler]: cluster-autoscaler.md

articles/azure-monitor/platform/design-logs-deployment.md

@@ -124,7 +124,9 @@ To learn how to change the access control mode in the portal, with PowerShell, o
 
 ## Ingestion volume rate limit
 
-Azure Monitor is a high scale data service that serves thousands of customers sending terabytes of data each month at a growing pace. The default ingestion rate threshold is set to **500 MB/min** per workspace. If you send data at a higher rate to a single workspace, some data is dropped, and an event is sent to the *Operation* table in your workspace every 6 hours while the threshold continues to be exceeded. If your ingestion volume continues to exceed the rate limit or you are expecting to reach it sometime soon, you can request an increase to your workspace by opening a support request.
+Azure Monitor is a high scale data service that serves thousands of customers sending terabytes of data each month at a growing pace. The default ingestion rate threshold is set to **6 GB/min** per workspace. This is an approximate value since the actual size can vary between data types depending on the log length and its compression ratio. This limit does not apply to data that is sent from agents or [Data Collector API](data-collector-api.md).
+
+If you send data at a higher rate to a single workspace, some data is dropped, and an event is sent to the *Operation* table in your workspace every 6 hours while the threshold continues to be exceeded. If your ingestion volume continues to exceed the rate limit or you are expecting to reach it sometime soon, you can request an increase to your workspace by opening a support request.
 
 To be notified on such an event in your workspace, create a [log alert rule](alerts-log.md) using the following query with alert logic base on number of results grater than zero.
 

articles/azure-resource-manager/vs-resource-groups-project-devops-pipelines.md

@@ -196,7 +196,7 @@ There are several parts of this task to revise for your environment.
     ConnectedServiceName: '<your-connection-name>'
     ```
 
-- `subscriptionName`: Provide the target subscription ID. This property only applies to the Resource Group deployment scope and the subscription deployment scoop.
+- `subscriptionName`: Provide the target subscription ID. This property only applies to the Resource Group deployment scope and the subscription deployment scope.
 
 - `resourceGroupName` and `location`: provide the name and location of the resource group you want to deploy to. The task creates the resource group if it doesn't exist.
 

articles/backup/backup-configure-vault.md

@@ -58,6 +58,8 @@ If your machine has limited internet access, ensure that firewall settings on th
 * 20.190.128.0/18
 * 40.126.0.0/18
 
+Access to all of the URLs and IP addresses listed above uses the HTTPS protocol on port 443.
+
 ## Create a Recovery Services vault
 
 A Recovery Services vault stores all the backups and recovery points you create over time, and contains the backup policy applied to backed up machines. Create a vault as follows:

articles/backup/backup-sql-server-database-azure-vms.md

@@ -226,9 +226,7 @@ To create a backup policy:
 
     ![Edit the log backup policy](./media/backup-azure-sql-database/log-backup-policy-editor.png)
 
-13. On the **Backup policy** menu, choose whether to enable **SQL Backup Compression**.
-    * Compression is disabled by default.
-    * On the back end, Azure Backup uses SQL native backup compression.
+13. On the **Backup policy** menu, choose whether to enable **SQL Backup Compression** or not. This option is disabled by default. If enabled, SQL Server will send a compressed backup stream to the VDI.  Please note that Azure Backup overrides instance level defaults with COMPRESSION / NO_COMPRESSION clause depending on the value of this control.
 
 14. After you complete the edits to the backup policy, select **OK**.