Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into us366769-vnet-toc

Author: asudbring

.openpublishing.redirection.json

@@ -5223,6 +5223,11 @@
       "source_path_from_root": "/articles/reliability/cross-region-replication-azure-no-pair.md",
       "redirect_url": "/azure/reliability/regions-multi-region-nonpaired",
       "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/reliability/reliability-hdinsight-on-aks.md",
+      "redirect_url": "/azure/reliability/overview-reliability-guidance",
+      "redirect_document_id": false
     }
   ]
 }

articles/active-directory-b2c/identity-provider-generic-saml-options.md

@@ -422,7 +422,7 @@ Upon an application sign-out request, Azure AD B2C attempts to sign out from you
 
 ## Debug SAML protocol
 
-To help configure and debug federation with a SAML identity provider, you can use a browser extension for the SAML protocol, such as [SAML DevTools extension](https://chrome.google.com/webstore/detail/saml-devtools-extension/jndllhgbinhiiddokbeoeepbppdnhhio) for Chrome, [SAML-tracer](https://addons.mozilla.org/es/firefox/addon/saml-tracer/) for FireFox, or [Microsoft Edge or Internet Explorer developer tools](https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/gathering-a-saml-token-using-edge-or-ie-developer-tools/ba-p/320957).
+To help configure and debug federation with a SAML identity provider, you can use a browser extension for the SAML protocol, such as [SAML DevTools extension](https://chrome.google.com/webstore/detail/saml-devtools-extension/jndllhgbinhiiddokbeoeepbppdnhhio) for Chrome, [SAML-tracer](https://addons.mozilla.org/es/firefox/addon/saml-tracer/) for Firefox, or [Microsoft Edge or Internet Explorer developer tools](https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/gathering-a-saml-token-using-edge-or-ie-developer-tools/ba-p/320957).
 
 Using these tools, you can check the integration between Azure AD B2C and your SAML identity provider. For example:
 

articles/active-directory-b2c/troubleshoot.md

@@ -165,7 +165,7 @@ Use **Run now** and `https://jwt.ms` to test your policies independently of your
 
 ## Troubleshoot SAML protocol
 
-To help configure and debug the integration with your service provider, you can use a browser extension for the SAML protocol, for example, [SAML DevTools extension](https://chrome.google.com/webstore/detail/saml-devtools-extension/jndllhgbinhiiddokbeoeepbppdnhhio) for Chrome, [SAML-tracer](https://addons.mozilla.org/es/firefox/addon/saml-tracer/) for FireFox, or [Edge or Internet Explorer developer tools](https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/gathering-a-saml-token-using-edge-or-ie-developer-tools/ba-p/320957).
+To help configure and debug the integration with your service provider, you can use a browser extension for the SAML protocol, for example, [SAML DevTools extension](https://chrome.google.com/webstore/detail/saml-devtools-extension/jndllhgbinhiiddokbeoeepbppdnhhio) for Chrome, [SAML-tracer](https://addons.mozilla.org/es/firefox/addon/saml-tracer/) for Firefox, or [Edge or Internet Explorer developer tools](https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/gathering-a-saml-token-using-edge-or-ie-developer-tools/ba-p/320957).
 
 The following screenshot demonstrates how the SAML DevTools extension presents the SAML request Azure AD B2C sends to the identity provider, and the SAML response.
 

articles/app-service/environment/networking.md

@@ -141,7 +141,7 @@ For more information about Private Endpoint and Web App, see [Azure Web App Priv
 
 ## DNS
 
-The following sections describe the DNS considerations and configuration that apply inbound to and outbound from your App Service Environment. The examples use the domain suffix `appserviceenvironment.net` from Azure Public Cloud. If you're using other clouds like Azure Government, you need to use their respective domain suffix. For App Service Environment domains, the site name is truncated at 40 characters because of DNS limits. If you have a slot, the slot name is truncated at 19 characters.
+The following sections describe the DNS considerations and configuration that apply inbound to and outbound from your App Service Environment. The examples use the domain suffix `appserviceenvironment.net` from Azure Public Cloud. If you're using other clouds like Azure Government, you need to use their respective domain suffix. For App Service Environment domains, the site name is truncated at 59 characters because of DNS limits. For App Service Environment domains with slots, the site name is truncated at 40 characters and the slot name is truncated at 19 characters because of DNS limits.
 
 ### DNS configuration to your App Service Environment
 

articles/app-service/environment/overview.md

@@ -152,6 +152,7 @@ App Service Environment v3 is available in the following regions:
 | Korea Central        | ✅                           | ✅                          |
 | Korea South          | ✅                           |                             |
 | Mexico Central       | ✅                           | ✅**                        |
+| New Zealand North    | ✅                           | ✅                          |
 | North Central US     | ✅                           |                             |
 | North Europe         | ✅                           | ✅                          |
 | Norway East          | ✅                           | ✅                          |
@@ -243,6 +244,7 @@ The following sections list the regional pricing tiers (SKUs) availability for A
 | Korea Central        | ✅          | ✅          |                   | 
 | Korea South          | ✅          | ✅          | ✅               |
 | Mexico Central       | ✅          | ✅          |                   | 
+| New Zealand North    | ✅          | ✅          |                   | 
 | North Central US     | ✅          | ✅          | ✅               | 
 | North Europe         | ✅          | ✅          | ✅               |
 | Norway East          | ✅          | ✅          | ✅               | 

articles/app-service/wordpress-faq.md

@@ -90,7 +90,7 @@ Key tools for debugging and monitoring WordPress sites include:
 - **[SSH Access](configure-linux-open-ssh-session.md?pivots=container-linux)**
 
 ### PhpMyAdmin
-WordPress on App Service utilizes an Azure Database for MySQL flexible server, which is integrated into a VNET. This setup restricts database access to within the VNET. WordPress on App Service includes phpMyAdmin by default. You can access it at: https://`<your-site-link>`/phpmyadmin. 
+WordPress on App Service utilizes an Azure Database for MySQL Flexible Server, which is integrated into a VNET. This setup restricts database access to within the VNET. WordPress on App Service includes phpMyAdmin by default. You can access it at: https://`<your-site-link>`/phpmyadmin. 
 
 If you are using Managed Identities, you can log in to phpMyAdmin by using the value from DATABASE_USERNAME environment variable as the username and the token as the password. To find the token use your Kudu SSH to run the following command: 
 

articles/azure-resource-manager/managed-applications/publish-managed-identity.md

@@ -359,6 +359,70 @@ The response contains an array of tokens under the `value` property:
 | `resourceId` | The Azure resource ID for the issued token. This value is either the managed application ID or the user-assigned managed identity ID. |
 | `token_type` | The type of the token. |
 
+## Create a managed identity and role assignment for managed applications
+
+This section describes how to create a managed identity and assign a role as part of a managed application using publisher access mode. 
+
+1. Create a managed identity using an Azure Resource Manager template.
+
+    ```json
+    {
+      "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+      "contentVersion": "1.0.0.0",
+      "resources": [
+        {
+          "type": "Microsoft.ManagedIdentity/userAssignedIdentities",
+          "apiVersion": "2018-11-30",
+          "name": "myManagedIdentity",
+          "location": "[resourceGroup().location]"
+        }
+      ]
+    }
+    ```
+
+1. To allow for managed identity propagation, create a sleep time of 30 seconds.
+
+    Since the managed identity is not in the home tenant of the target scope, you must apply a delay between creating the managed identity and assigning the role to allow the managed identity to propagate between tenants. Without this delay, Azure Resource Manager might not recognize this identity when used in the template and fail within a future deployment script.
+
+    ```json
+        {
+          "type": "Microsoft.Resources/deploymentScripts",
+          "apiVersion": "2020-10-01",
+          "name": "sleepScript",
+          "location": "[resourceGroup().location]",
+          "properties": {
+            "azPowerShellVersion": "2.0",
+            "scriptContent": "Start-Sleep -Seconds 30",
+            "timeout": "PT1H",
+            "cleanupPreference": "OnSuccess",
+            "retentionInterval": "P1D"
+          },
+    "dependsOn": [
+            "myManagedIdentity"
+          ]
+    }
+    ```
+
+1. Assign the Contributor role to the managed identity at the scope of the managed resource group.
+
+    ```json
+        {
+          "type": "Microsoft.Authorization/roleAssignments",
+          "apiVersion": "2020-04-01-preview",
+          "name": "[guid(resourceGroup().id, 'Contributor')]",
+          "properties": {
+            "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
+            "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', 'myManagedIdentity'), '2018-11-30').principalId]",
+            "scope": "[resourceGroup().id]",
+    "delegatedManagedIdentityResourceId": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities','myManagedIdentity')]"
+          },
+    "dependsOn": [
+            "myManagedIdentity",
+    "sleepScript"
+          ]
+        }
+    ```
+
 ## Next steps
 
 > [!div class="nextstepaction"]

articles/azure-resource-manager/management/create-private-link-access-commands.md

@@ -77,7 +77,7 @@ To create the private link association, use:
 
 # [Azure CLI](#tab/azure-cli)
 
-### Example
+  ### Example
 
   ```azurecli
   # Login first with az login if not using Cloud Shell