Merge pull request #179040 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to master to sync with https://github.com/MicrosoftDocs/azure-docs (branch master)

Author: huypub

articles/active-directory/roles/custom-available-permissions.md

@@ -41,7 +41,7 @@ Assigning this permission results in the creator being added as the first owner
 
 #### microsoft.directory/applications/create
 
-Assigning this permission results in the creator not being added as the first owner of the created app registration, and the created app registration will not count against the creator's 250 created objects quota. Use this permission carefully, because there is nothing preventing the assignee from creating app registrations until the directory-level quota is hit. If both permissions are assigned, this permission takes precedence.
+Assigning this permission results in the creator not being added as the first owner of the created app registration, and the created app registration will not count against the creator's 250 created objects quota. Use this permission carefully, because there is nothing preventing the assignee from creating app registrations until the directory-level quota is hit.
 
 If both permissions are assigned, the /create permission will take precedence. Though the /createAsOwner permission does not automatically add the creator as the first owner, owners can be specified during the creation of the app registration when using Graph APIs or PowerShell cmdlets.
 

articles/active-directory/saas-apps/cloudtamer-io-tutorial.md

@@ -61,6 +61,7 @@ To configure and test Azure AD SSO with cloudtamer.io, perform the following ste
 1. **[Configure cloudtamer.io SSO](#configure-cloudtamerio-sso)** - to configure the single sign-on settings on application side.
     1. **[Create cloudtamer.io test user](#create-cloudtamerio-test-user)** - to have a counterpart of B.Simon in cloudtamer.io that is linked to the Azure AD representation of user.
 1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
+1. **[Group assertions](#group-assertions)** - to set group assertions for Azure AD and cloudtamer.io.
 
 ### Begin cloudtamer.io SSO Configuration
 
@@ -175,7 +176,41 @@ In this section, you test your Azure AD single sign-on configuration with follow
 
 You can also use Microsoft My Apps to test the application in any mode. When you click the cloudtamer.io tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the cloudtamer.io for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
 
+## Group assertions
+
+To easily manage cloudtamer.io user permissions by using existing Azure Active Directory groups, complete these steps:
+
+### Azure AD configuration
+
+1. In the Azure portal, go to **Azure Active Directory** > **Enterprise Applications**.
+1. In the list, select the enterprise application for cloudtamer.io.
+1. On **Overview**, in the left menu, select **Single sign-on**.
+1. On **Single Sign-On**, under **User Attributes & Claims**, select **Edit**.
+1. Select **Add a group claim**. 
+   > [!NOTE]
+   > You can have only one group claim. If this option is disabled, you might already have a group claim defined.
+1. On **Group Claims**, select the groups that should be returned in the claim:
+   - If you will always have every group you intend to use in cloudtamer.io assigned to this enterprise application, select **Groups assigned to the application**.
+   - If you want all groups to appear (this selection can cause a large number of group assertions and might be subject to limits), select **Groups assigned to the application**.
+1. For **Source attribute**, leave the default **Group ID**.
+1. Select the **Customize the name of the group claim** checkbox.
+1. For **Name**, enter **memberOf**.
+1. Select **Save** to complete the configuration with Azure AD.
+
+### cloudtamer.io configuration
+
+1. In cloudtamer.io, go to **Users** > **Identity Management Systems**.
+1. Select the IDMS that you've created for Azure AD.
+1. On the overview page, select the **User Group Associations** tab.
+1. For each user group mapping that you want, complete these steps:
+   1. Select **Add** > **Add New**.
+   1. In the dialog that appears:
+      1. For **Name**, enter **memberOf**.
+      1. For **Regex**, enter the object ID (from Azure AD) of the group you want to match.
+      1. For **User Group**, select the cloudtamer.io internal group you want to map to the group in **Regex**.
+      1. Select the **Update on Login** checkbox.
+   1. Select **Add** to add the group association.
 
 ## Next steps
 
-Once you configure cloudtamer.io you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
+Once you configure cloudtamer.io you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).

articles/azure-app-configuration/pull-key-value-devops-pipeline.md

@@ -18,7 +18,8 @@ The [Azure App Configuration](https://marketplace.visualstudio.com/items?itemNam
 - Azure subscription - [create one for free](https://azure.microsoft.com/free/)
 - App Configuration store - create one for free in the [Azure portal](https://portal.azure.com).
 - Azure DevOps project - [create one for free](https://go.microsoft.com/fwlink/?LinkId=2014881)
-- Azure App Configuration task - download for free from the [Visual Studio Marketplace](https://marketplace.visualstudio.com/items?itemName=AzureAppConfiguration.azure-app-configuration-task#:~:text=Navigate%20to%20the%20Tasks%20tab,the%20Azure%20App%20Configuration%20instance.).  
+- Azure App Configuration task - download for free from the [Visual Studio Marketplace](https://marketplace.visualstudio.com/items?itemName=AzureAppConfiguration.azure-app-configuration-task#:~:text=Navigate%20to%20the%20Tasks%20tab,the%20Azure%20App%20Configuration%20instance.). 
+- [Node 10](https://nodejs.org/en/blog/release/v10.21.0/) - for users running the task on self-hosted agents. 
 
 ## Create a service connection
 

articles/azure-sql/migration-guides/database/sql-server-to-sql-database-overview.md

@@ -16,9 +16,11 @@ ms.date: 11/06/2020
 
 Learn about the options and considerations for migrating your SQL Server databases to Azure SQL Database. 
 
-You can migrate SQL Server databases running on-premises or on: 
+You can migrate SQL Server databases running on-premises on: 
 
 - SQL Server on Azure Virtual Machines.  
+- Azure SQL Database (PaaS).
+- Azure SQL Managed Instance (PaaS).
 - Amazon Web Services (AWS) Elastic Compute Cloud (EC2).
 - AWS Relational Database Service (RDS).
 - Compute Engine in Google Cloud Platform (GCP).  

articles/cosmos-db/local-emulator-on-docker-windows.md

@@ -12,7 +12,7 @@ ms.date: 04/20/2021
 # <a id="run-on-windows-docker"></a>Use the emulator on Docker for Windows
 [!INCLUDE[appliesto-all-apis](includes/appliesto-all-apis.md)]
 
-You can run the Azure Cosmos DB Emulator on a Windows Docker container. See the [Docker Hub](https://hub.docker.com/r/microsoft/azure-cosmosdb-emulator/) for the docker pull command and [GitHub](https://github.com/Azure/azure-cosmos-db-emulator-docker) for the `Dockerfile` and more information. Currently, the emulator does not work on Docker for Oracle Linux. Use the following instructions to run the emulator on Docker for Windows:
+You can run the Azure Cosmos DB Emulator on a Windows Docker container. See [GitHub](https://github.com/Azure/azure-cosmos-db-emulator-docker) for the `Dockerfile` and more information. Currently, the emulator does not work on Docker for Oracle Linux. Use the following instructions to run the emulator on Docker for Windows:
 
 1. After you have [Docker for Windows](https://www.docker.com/docker-windows) installed, switch to Windows containers by right-clicking the Docker icon on the toolbar and selecting **Switch to Windows containers**.
 
@@ -145,4 +145,4 @@ In this article, you've learned how to use the local emulator for free local dev
 
 * [Export the Azure Cosmos DB Emulator certificates for use with Java, Python, and Node.js apps](local-emulator-export-ssl-certificates.md)
 * [Use command line parameters and PowerShell commands to control the emulator](emulator-command-line-parameters.md)
-* [Debug issues with the emulator](troubleshoot-local-emulator.md)
+* [Debug issues with the emulator](troubleshoot-local-emulator.md)

articles/cosmos-db/managed-identity-based-authentication.md

@@ -182,7 +182,7 @@ namespace Monitor
             var result = await httpClient.PostAsync(endpoint, new StringContent(""));
 
             // Get the result back as a DatabaseAccountListKeysResult.
-            DatabaseAccountListKeysResult keys = await result.Content.ReadAsAsync<DatabaseAccountListKeysResult>();
+            DatabaseAccountListKeysResult keys = await result.Content.ReadFromJsonAsync<DatabaseAccountListKeysResult>();
 
             log.LogInformation("Starting to create the client");
 

articles/dms/tutorial-azure-postgresql-to-azure-postgresql-online-portal.md

@@ -100,60 +100,9 @@ To complete all the database objects like table schemas, indexes and stored proc
     ```
     psql -h mypgserver-source.postgres.database.azure.com  -U pguser@mypgserver-source -d dvdrental citus < dvdrentalSchema.sql
     ```
-
-4. To extract the drop foreign key script and add it at the destination (Azure Database for PostgreSQL), in PgAdmin or in psql, run the following script.
-
-   > [!IMPORTANT]
-   > Foreign keys in your schema will cause the initial load and continuous sync of the migration to fail.
-
-    ```
-    SELECT Q.table_name
-        ,CONCAT('ALTER TABLE ','"', table_schema,'"', '.','"', table_name ,'"', STRING_AGG(DISTINCT CONCAT(' DROP CONSTRAINT ','"', foreignkey,'"'), ','), ';') as DropQuery
-            ,CONCAT('ALTER TABLE ','"', table_schema,'"', '.','"', table_name,'"', STRING_AGG(DISTINCT CONCAT(' ADD CONSTRAINT ','"', foreignkey,'"', ' FOREIGN KEY (','"', column_name,'"', ')', ' REFERENCES ','"', foreign_table_schema,'"', '.','"', foreign_table_name,'"', '(','"', foreign_column_name,'"', ')',' ON UPDATE ',update_rule,' ON DELETE ',delete_rule), ','), ';') as AddQuery
-    FROM
-        (SELECT
-        S.table_schema,
-        S.foreignkey,
-        S.table_name,
-        STRING_AGG(DISTINCT S.column_name, ',') AS column_name,
-        S.foreign_table_schema,
-        S.foreign_table_name,
-        STRING_AGG(DISTINCT S.foreign_column_name, ',') AS foreign_column_name,
-        S.update_rule,
-        S.delete_rule
-    FROM
-        (SELECT DISTINCT
-        tc.table_schema,
-        tc.constraint_name AS foreignkey,
-        tc.table_name,
-        kcu.column_name,
-        ccu.table_schema AS foreign_table_schema,
-        ccu.table_name AS foreign_table_name,
-        ccu.column_name AS foreign_column_name,
-        rc.update_rule AS update_rule,
-        rc.delete_rule AS delete_rule
-        FROM information_schema.table_constraints AS tc
-        JOIN information_schema.key_column_usage AS kcu ON tc.constraint_name = kcu.constraint_name AND tc.table_schema = kcu.table_schema
-        JOIN information_schema.constraint_column_usage AS ccu ON ccu.constraint_name = tc.constraint_name AND ccu.table_schema = tc.table_schema
-        JOIN information_schema.referential_constraints as rc ON rc.constraint_name = tc.constraint_name AND rc.constraint_schema = tc.table_schema
-    WHERE constraint_type = 'FOREIGN KEY'
-        ) S
-        GROUP BY S.table_schema, S.foreignkey, S.table_name, S.foreign_table_schema, S.foreign_table_name,S.update_rule,S.delete_rule
-        ) Q
-        GROUP BY Q.table_schema, Q.table_name;
-    ```
-
-5. Run the drop foreign key (which is the second column) in the query result.
-
-6. To disable triggers in target database, run the script below.
-
-   > [!IMPORTANT]
-   > Triggers (insert or update) in the data enforce data integrity in the target ahead of the data being replicated  from the source. As a result, it's recommended that you disable triggers in all the tables **at the target** during migration, and then re-enable the triggers after migration is complete.
-
-    ```
-    SELECT DISTINCT CONCAT('ALTER TABLE ', event_object_schema, '.', event_object_table, ' DISABLE TRIGGER ', trigger_name, ';')
-    FROM information_schema.triggers
-    ```
+    
+   > [!NOTE]
+   > The migration service internally handles the enable/disable of foreign keys and triggers to ensure a reliable and robust data migration. As a result, you do not have to worry about making any modifications to the target database schema.
 
 [!INCLUDE [resource-provider-register](../../includes/database-migration-service-resource-provider-register.md)]
 

articles/storage/blobs/quickstart-blobs-javascript-browser.md

@@ -70,10 +70,10 @@ The following table describes each CORS setting and explains the values used to
 
 |Setting  |Value  | Description |
 |---------|---------|---------|
-| **ALLOWED ORIGINS** | **\*** | Accepts a comma-delimited list of domains set as acceptable origins. Setting the value to `*` allows all domains access to the storage account. |
+| **ALLOWED ORIGINS** | * | Accepts a comma-delimited list of domains set as acceptable origins. Setting the value to `*` allows all domains access to the storage account. |
 | **ALLOWED METHODS** | **DELETE**, **GET**, **HEAD**, **MERGE**, **POST**, **OPTIONS**, and **PUT** | Lists the HTTP verbs allowed to execute against the storage account. For the purposes of this quickstart, select all available options. |
-| **ALLOWED HEADERS** | **\*** | Defines a list of request headers (including prefixed headers) allowed by the storage account. Setting the value to `*` allows all headers access. |
-| **EXPOSED HEADERS** | **\*** | Lists the allowed response headers by the account. Setting the value to `*` allows the account to send any header. |
+| **ALLOWED HEADERS** | * | Defines a list of request headers (including prefixed headers) allowed by the storage account. Setting the value to `*` allows all headers access. |
+| **EXPOSED HEADERS** | * | Lists the allowed response headers by the account. Setting the value to `*` allows the account to send any header. |
 | **MAX AGE** | **86400** | The maximum amount of time the browser caches the preflight OPTIONS request in seconds. A value of *86400* allows the cache to remain for a full day. |
 
 After you fill in the fields with the values from this table, click the **Save** button.