Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into work-general-links

Author: Heidilohr

.gitignore

@@ -3,7 +3,6 @@
 Thumbs.db
 
 # Visual Studio and VS Code files
-.settings.json
 .vscode/*
 .vs/*
 log/
@@ -24,3 +23,4 @@ AzureMigration.ps1
 !/.vscode/extensions.json
 .gitignore
 **/.vscode/settings.json
+!/.vscode/settings.json

.vscode/settings.json

@@ -0,0 +1,58 @@
+{
+    "markdown.docsetLanguages": [
+        ".NET Core CLI",
+        "Apache",
+        "ASPX",
+        "AzCopy",
+        "Azure CLI",
+        "Azure CLI (Interactive)",
+        "Azure Powershell",
+        "Azure Powershell (Interactive)",
+        "Bash",
+        "C",
+        "C#",
+        "C# (Interactive)",
+        "C++",
+        "CSS",
+        "DAX Power BI",
+        "Diff",
+        "Dockerfile",
+        "DOS",
+        "F#",
+        "Go",
+        "Gradle",
+        "Groovy",
+        "HTML",
+        "HTTP",
+        "Ini",
+        "Java",
+        "JavaScript",
+        "JSON",
+        "Kotlin",
+        "Kusto",
+        "Markdown",
+        "MS Graph (Interactive)",
+        "Objective C",
+        "PHP",
+        "Plaintext no highlight",
+        "PostgreSQL & PL/pgSQL",
+        "PowerShell",
+        "PowerShell (Interactive)",
+        "Properties",
+        "Python",
+        "R",
+        "Razor CSHTML",
+        "Ruby",
+        "Scala",
+        "Shell",
+        "Solidity",
+        "SQL",
+        "Swift",
+        "Terraform (HCL)",
+        "TypeScript",
+        "VB.NET",
+        "XAML",
+        "XML",
+        "YAML"
+    ]
+}

articles/active-directory/azuread-dev/active-directory-authentication-libraries.md

@@ -36,7 +36,6 @@ The Azure Active Directory Authentication Library (ADAL) v1.0 enables applicatio
 | Platform | Library | Download | Source Code | Sample | Reference
 | --- | --- | --- | --- | --- | --- |
 | .NET Client, Windows Store, UWP, Xamarin iOS and Android |ADAL .NET v3 |[NuGet](https://www.nuget.org/packages/Microsoft.IdentityModel.Clients.ActiveDirectory) |[GitHub](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet) | [Desktop app](https://docs.microsoft.com/azure/active-directory/active-directory-devquickstarts-dotnet) |[Reference](https://docs.microsoft.com/dotnet/api/microsoft.identitymodel.clients.activedirectory?view=azure-dotnet) |
-| .NET Client, Windows Store, Windows Phone 8.1 |ADAL .NET v2 |[NuGet](https://www.nuget.org/packages/Microsoft.IdentityModel.Clients.ActiveDirectory/2.28.4) |[GitHub](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/releases/tag/v2.28.4) | [Desktop app](https://github.com/AzureADQuickStarts/NativeClient-DotNet/releases/tag/v2.X) | |
 | JavaScript |ADAL.js |[GitHub](https://github.com/AzureAD/azure-activedirectory-library-for-js) |[GitHub](https://github.com/AzureAD/azure-activedirectory-library-for-js) |[Single-page app](https://github.com/Azure-Samples/active-directory-javascript-singlepageapp-dotnet-webapi) | |
 | iOS, macOS |ADAL |[GitHub](https://github.com/AzureAD/azure-activedirectory-library-for-objc/releases) |[GitHub](https://github.com/AzureAD/azure-activedirectory-library-for-objc) |[iOS app](https://docs.microsoft.com/azure/active-directory/active-directory-devquickstarts-ios) | [Reference](http://cocoadocs.org/docsets/ADAL/2.5.1/)|
 | Android |ADAL |[Maven](https://search.maven.org/search?q=g:com.microsoft.aad+AND+a:adal&core=gav) |[GitHub](https://github.com/AzureAD/azure-activedirectory-library-for-android) |[Android app](https://docs.microsoft.com/azure/active-directory/active-directory-devquickstarts-android) | [JavaDocs](https://javadoc.io/doc/com.microsoft.aad/adal/)|

articles/active-directory/b2b/current-limitations.md

@@ -31,22 +31,6 @@ Azure AD B2B is subject to Azure AD service directory limits. For details about
 ## National clouds
 [National clouds](https://docs.microsoft.com/azure/active-directory/develop/authentication-national-cloud) are physically isolated instances of Azure. B2B collaboration is not supported across national cloud boundaries. For example, if your Azure tenant is in the public, global cloud, you can't invite a user whose account is in a national cloud. To collaborate with the user, ask them for another email address or create a member user account for them in your directory.
 
-## Azure US Government clouds
-Within the Azure US Government cloud, B2B collaboration is currently only supported between tenants that are both within Azure US Government cloud and that both support B2B collaboration. If you invite a user in a tenant that isn't part of the Azure US Government cloud or that doesn't yet support B2B collaboration, the invitation will fail or the user won't be able to redeem the invitation. For details about other limitations, see [Azure Active Directory Premium P1 and P2 Variations](https://docs.microsoft.com/azure/azure-government/documentation-government-services-securityandidentity#azure-active-directory-premium-p1-and-p2).
-
-### How can I tell if B2B collaboration is available in my Azure US Government tenant?
-To find out if your Azure US Government cloud tenant supports B2B collaboration, do the following:
-
-1. In a browser, go to the following URL, substituting your tenant name for *<tenantname>*:
-
-   `https://login.microsoftonline.com/<tenantname>/v2.0/.well-known/openid-configuration`
-
-2. Find `"tenant_region_scope"` in the JSON response:
-
-   - If `"tenant_region_scope":"USGOV”` appears, B2B is supported.
-   - If `"tenant_region_scope":"USG"` appears, B2B is not supported.
- 
-
 ## Next steps
 
 See the following articles on Azure AD B2B collaboration:

articles/active-directory/b2b/troubleshoot.md

@@ -94,11 +94,6 @@ If the identity tenant is a just-in-time (JIT) or viral tenant (meaning it's a s
 
 As of November 18, 2019, guest users in your directory (defined as user accounts where the **userType** property equals **Guest**) are blocked from using the AzureAD PowerShell V1 module. Going forward, a user will need to either be a member user (where **userType** equals **Member**) or use the AzureAD PowerShell V2 module.
 
-## In an Azure US Government tenant, I can't invite a B2B collaboration guest user
-
-Within the Azure US Government cloud, B2B collaboration is currently only supported between tenants that are both within Azure US Government cloud and that both support B2B collaboration. If you invite a user in a tenant that isn't part of the Azure US Government cloud or that doesn't yet support B2B collaboration, you'll get an error. For details and limitations, see [Azure Active Directory Premium P1 and P2 Variations](https://docs.microsoft.com/azure/azure-government/documentation-government-services-securityandidentity#azure-active-directory-premium-p1-and-p2).
-
-
 ## Next steps
 
 [Get support for B2B collaboration](get-support.md)

articles/active-directory/users-groups-roles/directory-assign-admin-roles.md

@@ -242,7 +242,7 @@ Users in this role can read settings and administrative information across Micro
 > These features are currently in development.
 >
 
-### [Group Administrator](#group-administrator-permissions)
+### [Groups Administrator](#groups-administrator-permissions)
 
 Users in this role can create/manage groups and its settings like naming and expiration policies. It is important to understand that assigning a user to this role gives them the ability to manage all groups in the tenant across various workloads like Teams, SharePoint, Yammer in addition to Outlook. Also the user will be able to manage the various groups settings across various admin portals like Microsoft Admin Center, Azure portal, as well as workload specific ones like Teams and SharePoint Admin Centers.
 
@@ -1077,7 +1077,7 @@ Can read everything that a Global Administrator can, but not edit anything.
 | microsoft.office365.usageReports/allEntities/read	| Read Office 365 usage reports. |
 | microsoft.office365.webPortal/allEntities/standard/read	| Read standard properties on all resources in microsoft.office365.webPortal. |
 
-### Group Administrator permissions
+### Groups Administrator permissions
 Can manage all aspects of groups and group settings like naming and expiration policies.
 
 | **Actions** | **Description** |
@@ -1714,7 +1714,7 @@ Directory Writers | Directory writers | 9360feb5-f418-4baa-8175-e2a00bac4301
 Exchange Service Administrator | Exchange administrator | 29232cdf-9323-42fd-ade2-1d097af3e4de
 External Identity Provider Administrator | External Identity Provider Administrator | be2f45a1-457d-42af-a067-6ec1fa63bc45
 Global Reader | Global reader | f2ef992c-3afb-46b9-b7cf-a126ee74c451
-Group Administrator | Group administrator | fdd7a751-b60b-444a-984c-02652fe8fa1c 
+Groups Administrator | Groups administrator | fdd7a751-b60b-444a-984c-02652fe8fa1c 
 Guest Inviter | Guest inviter | 95e79109-95c0-4d8e-aee3-d01accf2d47b
 Helpdesk Administrator | Helpdesk administrator | 729827e3-9c14-49f7-bb1b-9608f156bbb8
 Intune Service Administrator | Intune administrator | 3a2c62db-5318-420d-8d74-23affee5d9d5

articles/aks/servicemesh-istio-install.md

@@ -94,7 +94,9 @@ The [Helm][helm] installation approach for Istio will be deprecated in the futur
 > Istio currently must be scheduled to run on Linux nodes. If you have Windows Server nodes in your cluster, you must ensure that the Istio pods are only scheduled to run on Linux nodes. We'll use [node selectors][kubernetes-node-selectors] to make sure pods are scheduled to the correct nodes.
 
 > [!CAUTION]
-> The [SDS (secret discovery service)][istio-feature-sds] and [Istio CNI][istio-feature-cni] Istio features are currently in [Alpha][istio-feature-stages], so thought should be given before enabling these. In addition, the [Service Account Token Volume Projection][kubernetes-feature-sa-projected-volume] Kubernetes feature (a requirement for SDS) is not enabled in current AKS versions.
+> The [SDS (secret discovery service)][istio-feature-sds] and [Istio CNI][istio-feature-cni] Istio features are currently in [Alpha][istio-feature-stages], so thought should be given before enabling these. 
+>
+> Note that the [Service Account Token Volume Projection][kubernetes-feature-sa-projected-volume] Kubernetes feature (a requirement for SDS) is now **enabled** for all Kubernetes 1.13 and higher versions on AKS.
 
 Create a file called `istio.aks.yaml` with the following content. This file will hold the [Istio control plane spec][istio-control-plane] details for configuring Istio.
 

articles/aks/windows-container-cli.md

@@ -147,6 +147,10 @@ az aks create \
 > If you get a password validation error, try creating your resource group in another region.
 > Then try creating the cluster with the new resource group.
 
+> [!Note]
+> If you are unable to create the AKS cluster because the version is not supported in this region then you can use the [az aks get-versions --location eastus] command to find the supported version list for this region.
+
+
 After a few minutes, the command completes and returns JSON-formatted information about the cluster. Occasionally the cluster can take longer than a few minutes to provision. Allow up to 10 minutes in these cases. 
 
 ## Add a Windows Server node pool
@@ -287,6 +291,9 @@ To see the sample app in action, open a web browser to the external IP address o
 
 ![Image of browsing to ASP.NET sample application](media/windows-container/asp-net-sample-app.png)
 
+> [!Note]
+> If you receive a connection timeout when trying to load the page then you should verify the sample app is ready with the following command [kubectl get pods --watch]. Sometimes the windows container will not be started by the time your external IP address is available.
+
 ## Delete cluster
 
 When the cluster is no longer needed, use the [az group delete][az-group-delete] command to remove the resource group, container service, and all related resources.

articles/analysis-services/analysis-services-service-principal.md

@@ -4,7 +4,7 @@ description: Learn how to create a service principal for automating Azure Analys
 author: minewiskan
 ms.service: azure-analysis-services
 ms.topic: conceptual
-ms.date: 10/30/2019
+ms.date: 02/14/2020
 ms.author: owend
 ms.reviewer: minewiskan
 
@@ -16,8 +16,6 @@ Service principals are an Azure Active Directory application resource you create
 
 In Analysis Services, service principals are used with Azure Automation, PowerShell unattended mode, custom client applications, and web apps to automate common tasks. For example, provisioning servers, deploying models, data refresh, scale up/down, and pause/resume can all be automated by using service principals. Permissions are assigned to service principals through role membership, much like regular Azure AD UPN accounts.
 
-Analysis Services also supports operations performed by managed identities using service principals. To learn more, see [Managed identities for Azure resources](../active-directory/managed-identities-azure-resources/overview.md) and [Azure services that support Azure AD authentication](../active-directory/managed-identities-azure-resources/services-support-managed-identities.md#azure-analysis-services).
-
 ## Create service principals
 
 Service principals can be created in the Azure portal or by using PowerShell. To learn more, see:

articles/api-management/configure-custom-domain.md

@@ -24,7 +24,7 @@ When you create an Azure API Management service instance, Azure assigns it a sub
 > API Management accepts only requests with [host header](https://tools.ietf.org/html/rfc2616#section-14.23) values matching the default domain name or any of the configured custom domain names.
 
 > [!WARNING]
-> Customers who wish to use certificate pinning to improve the security of their applications must use a custom domain name > and certificate which they manage, not the default certificate. Customers that pin the default certificate instead will be taking a hard dependency on the properties of the certificate they don't control, which is not a recommended practice.
+> Customers who wish to use certificate pinning to improve the security of their applications must use a custom domain name and certificate which they manage, not the default certificate. Customers that pin the default certificate instead will be taking a hard dependency on the properties of the certificate they don't control, which is not a recommended practice.
 
 ## Prerequisites
 
@@ -52,7 +52,7 @@ To perform the steps described in this article, you must have:
     - **SCM** (default is: `<apim-service-name>.scm.azure-api.net`).
 
     > [!NOTE]
-    > Only the **Gateway** endpoint in available for configuration in the Consumption tier.
+    > Only the **Gateway** endpoint is available for configuration in the Consumption tier.
     > You can update all of the endpoints or some of them. Commonly, customers update **Gateway** (this URL is used to call the API exposed through API Management) and **Portal** (the developer portal URL).
     > **Management** and **SCM** endpoints are used internally by the API Management instance owners only and thus are less frequently assigned a custom domain name.
     > The **Premium** tier supports setting multiple host names for the **Gateway** endpoint.
@@ -70,7 +70,7 @@ To perform the steps described in this article, you must have:
     > We recommend using Azure Key Vault for managing certificates and setting them to autorotate.
     > If you use Azure Key Vault to manage the custom domain SSL certificate, make sure the certificate is inserted into Key Vault [as a _certificate_](https://docs.microsoft.com/rest/api/keyvault/CreateCertificate/CreateCertificate), not a _secret_.
     >
-    > To fetch an SSL certificate, API Management must have the list an get secrets permissions on the Azure Key Vault containing the certificate. When using Azure portal all the necessary configuration steps will be completed automatically. When using command line tools or management API, these permissions must be granted manually. This is done in two steps. First, use Managed identities page on your API Management instance to make sure that Managed Identity is enabled and make a note of the principal id shown on that page. Second, give permission list and get secrets permissions to this principal id on the Azure Key Vault containing the certificate.
+    > To fetch an SSL certificate, API Management must have the list and get secrets permissions on the Azure Key Vault containing the certificate. When using Azure portal all the necessary configuration steps will be completed automatically. When using command line tools or management API, these permissions must be granted manually. This is done in two steps. First, use Managed identities page on your API Management instance to make sure that Managed Identity is enabled and make a note of the principal id shown on that page. Second, give permission list and get secrets permissions to this principal id on the Azure Key Vault containing the certificate.
     >
     > If the certificate is set to autorotate, API Management will pick up the latest version automatically without any downtime to the service (if your API Management tier has SLA - i. e. in all tiers except the Developer tier).