Skip to content

Commit b757ec6

Browse files
authored
Merge pull request #206127 from MicrosoftDocs/main
7/27 AM Publish
2 parents 8925bfc + b78aea3 commit b757ec6

File tree

80 files changed

+609
-169
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

80 files changed

+609
-169
lines changed

articles/active-directory/develop/index-web-app.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@ landingContent:
3939
- text: ASP.NET
4040
url: tutorial-v2-asp-webapp.md
4141
- text: Blazor Server
42-
url: tutorial-blazor-webassembly.md
42+
url: tutorial-blazor-server.md
4343
- text: Node.js with Express
4444
url: tutorial-v2-nodejs-webapp-msal.md
4545
- title: "Web apps in depth"

articles/aks/limit-egress-traffic.md

Lines changed: 8 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -462,23 +462,20 @@ You'll define the outbound type to use the UDR that already exists on the subnet
462462

463463
> [!NOTE]
464464
> AKS will create a system-assigned kubelet identity in the Node resource group if you do not [specify your own kubelet managed identity][Use a pre-created kubelet managed identity].
465+
>
466+
> For user defined routing (UDR), system-assigned identity only supports CNI network plugin. Because for kubelet network plugin, AKS cluster needs permission on route table as kubernetes cloud-provider manages rules.
465467
466-
You can create an AKS cluster using a system-assigned managed identity by running the following CLI command.
468+
You can create an AKS cluster using a system-assigned managed identity with CNI network plugin by running the following CLI command.
467469

468470
```azurecli
469471
az aks create -g $RG -n $AKSNAME -l $LOC \
470472
--node-count 3 \
471-
--network-plugin $PLUGIN \
473+
--network-plugin azure \
472474
--outbound-type userDefinedRouting \
473475
--vnet-subnet-id $SUBNETID \
474476
--api-server-authorized-ip-ranges $FWPUBLIC_IP
475477
```
476478

477-
> [!NOTE]
478-
> For creating and using your own VNet and route table where the resources are outside of the worker node resource group, the CLI will add the role assignment automatically. If you are using an ARM template or other client, you need to use the Principal ID of the cluster managed identity to perform a [role assignment.][add role to identity]
479-
>
480-
> If you are not using the CLI but using your own VNet or route table which are outside of the worker node resource group, it's recommended to use [user-assigned control plane identity][Create an AKS cluster with user-assigned identities]. For system-assigned control plane identity, we cannot get the identity ID before creating cluster, which causes delay for role assignment to take effect.
481-
482479
#### Create an AKS cluster with user-assigned identities
483480

484481
##### Create user-assigned managed identities
@@ -529,14 +526,17 @@ The output should resemble the following:
529526
}
530527
```
531528

529+
> [!NOTE]
530+
> For creating and using your own VNet and route table where the resources are outside of the worker node resource group, the CLI will add the role assignment automatically. If you are using an ARM template or other client, you need to use the Principal ID of the cluster managed identity to perform a [role assignment.][add role to identity]
531+
532532
##### Create an AKS cluster with user-assigned identities
533533

534534
Now you can use the following command to create your AKS cluster with your existing identities in the subnet. Provide the control plane identity resource ID via `assign-identity` and the kubelet managed identity via `assign-kubelet-identity`:
535535

536536
```azurecli
537537
az aks create -g $RG -n $AKSNAME -l $LOC \
538538
--node-count 3 \
539-
--network-plugin $PLUGIN \
539+
--network-plugin kubenet \
540540
--outbound-type userDefinedRouting \
541541
--vnet-subnet-id $SUBNETID \
542542
--api-server-authorized-ip-ranges $FWPUBLIC_IP
@@ -545,8 +545,6 @@ az aks create -g $RG -n $AKSNAME -l $LOC \
545545
--assign-kubelet-identity <kubelet-identity-resource-id>
546546
```
547547

548-
> [!NOTE]
549-
> For creating and using your own VNet and route table where the resources are outside of the worker node resource group, the CLI will add the role assignment automatically. If you are using an ARM template or other client, you need to use the Principal ID of the cluster managed identity to perform a [role assignment.][add role to identity]
550548

551549
### Enable developer access to the API server
552550

articles/availability-zones/TOC.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,8 @@
2626
href: migrate-app-gateway-v2.md
2727
- name: Cache for Redis
2828
href: migrate-cache-redis.md
29+
- name: Log Analytics workspaces
30+
href: migrate-monitor-log-analytics.md
2931
- name: Container instances
3032
href: migrate-container-instances.md
3133
- name: Recovery Services vault

articles/availability-zones/az-region.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -119,7 +119,7 @@ In the Product Catalog, always-available services are listed as "non-regional" s
119119
| Azure Logic Apps | ![An icon that signifies this service is zone redundant.](media/icon-zone-redundant.svg) |
120120
| [Azure Monitor](../azure-monitor/logs/availability-zones.md) | ![An icon that signifies this service is zone redundant.](media/icon-zone-redundant.svg) |
121121
| [Azure Monitor: Application Insights](../azure-monitor/logs/availability-zones.md) | ![An icon that signifies this service is zone redundant.](media/icon-zone-redundant.svg) |
122-
| [Azure Monitor: Log Analytics](../azure-monitor/logs/availability-zones.md) | ![An icon that signifies this service is zone redundant.](media/icon-zone-redundant.svg) |
122+
| [Azure Monitor: Log Analytics](migrate-monitor-log-analytics.md) | ![An icon that signifies this service is zone redundant.](media/icon-zone-redundant.svg) |
123123
| [Azure Network Watcher](../network-watcher/frequently-asked-questions.yml) | ![An icon that signifies this service is zone redundant.](media/icon-zone-redundant.svg) |
124124
| Azure Network Watcher: [Traffic Analytics](../network-watcher/frequently-asked-questions.yml) | ![An icon that signifies this service is zone redundant.](media/icon-zone-redundant.svg) |
125125
| Azure Notification Hubs | ![An icon that signifies this service is zone redundant.](media/icon-zone-redundant.svg) |
Lines changed: 71 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,71 @@
1+
---
2+
title: Migrate Log Analytics workspaces to availability zone support
3+
description: Learn how to migrate Log Analytics workspaces to availability zone support.
4+
author: anaharris-ms
5+
ms.service: azure
6+
ms.topic: conceptual
7+
ms.date: 07/21/2022
8+
ms.author: anaharris
9+
ms.reviewer: noakuper
10+
ms.custom: references_regions
11+
---
12+
13+
# Migrate Log Analytics workspaces to availability zone support
14+
15+
This guide describes how to migrate Log Analytics workspaces from non-availability zone support to availability support. We'll take you through the different options for migration.
16+
17+
> [!NOTE]
18+
> Application Insights resources can also use availability zones, but only if they are workspace-based and the workspace uses a dedicated cluster as explained below. Classic (non-workspace-based) Application Insights resources cannot use availability zones.
19+
20+
21+
## Prerequisites
22+
23+
For availability zone support, your workspace must be located in one of the following supported regions:
24+
25+
- East US 2
26+
- West US 2
27+
28+
## Dedicated clusters
29+
30+
Azure Monitor support for availability zones requires a Log Analytics workspace linked to an [Azure Monitor dedicated cluster](../azure-monitor/logs/logs-dedicated-clusters.md). Dedicated clusters are a deployment option that enables advanced capabilities for Azure Monitor Logs including availability zones.
31+
32+
Not all dedicated clusters can use availability zones. Dedicated clusters created after mid-October 2020 can be set to support availability zones when they are created. New clusters created after that date default to be enabled for availability zones in regions where Azure Monitor supports them.
33+
34+
## Downtime requirements
35+
36+
There are no downtime requirements.
37+
38+
## Migration process: Moving to a dedicated cluster
39+
40+
### Step 1: Determine the current cluster for your workspace
41+
42+
To determine the current workspace link status for your workspace, use [CLI, PowerShell or REST](../azure-monitor/logs/logs-dedicated-clusters.md#check-workspace-link-status) to retrieve the [cluster details](../azure-monitor/logs/logs-dedicated-clusters.md#check-cluster-provisioning-status). If the cluster uses an availability zone, then it will have a property called `isAvailabilityZonesEnabled` with a value of `true`. Once a cluster is created, this property cannot be altered.
43+
44+
### Step 2: Create a dedicated cluster with availability zone support
45+
46+
Move your workspace to an availability zone by [creating a new dedicated cluster](../azure-monitor/logs/logs-dedicated-clusters.md#create-a-dedicated-cluster) in a region that supports availability zones. The cluster will automatically be enabled for availability zones. Then [link your workspace to the new cluster](../azure-monitor/logs/logs-dedicated-clusters.md#link-a-workspace-to-a-cluster).
47+
48+
> [!IMPORTANT]
49+
> Availability zone is defined on the cluster at creation time and can’t be modified.
50+
51+
Transitioning to a new cluster can be a gradual process. Don't remove the previous cluster until it has been purged of any data. For example, if your workspace retention is set 60 days, you may want to keep your old cluster running for that period before removing it.
52+
53+
Any queries against your workspace will query both clusters as required to provide you with a single, unified result set. That means that all Azure Monitor features relying on the workspace such as workbooks and dashboards will keep getting the full, unified result set based on data from both clusters.
54+
55+
## Billing
56+
There is a [cost for using a dedicated cluster](../azure-monitor/logs/logs-dedicated-clusters.md#create-a-dedicated-cluster). It requires a daily capacity reservation of 500 GB.
57+
58+
If you already have a dedicated cluster and choose to retain it to access its data, you’ll be charged for both dedicated clusters. Starting August 4, 2021, the minimum required capacity reservation for dedicated clusters is reduced from 1000GB/Daily to 500GB/Daily, so we’d recommend applying that minimum to your old cluster to reduce charges.
59+
60+
The new cluster isn’t billed during its first day to avoid double billing during configuration. Only the data ingested before the migration completes would still be billed on the date of migration.
61+
62+
63+
## Next steps
64+
65+
Learn more about:
66+
67+
> [!div class="nextstepaction"]
68+
> [Azure Monitor Logs Dedicated Clusters](../azure-monitor/logs/logs-dedicated-clusters.md)
69+
70+
> [!div class="nextstepaction"]
71+
> [Azure Services that support Availability Zones](az-region.md)

articles/azure-arc/kubernetes/cluster-connect.md

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -179,8 +179,13 @@ A conceptual overview of this feature is available in [Cluster connect - Azure A
179179
```
180180

181181
```console
182-
$TOKEN=(kubectl get secret demo-user-secret -o jsonpath='{$.data.token}' | base64 -d | sed $'s/$/\\\n/g')
182+
TOKEN=$(kubectl get secret demo-user-secret -o jsonpath='{$.data.token}' | base64 -d | sed $'s/$/\\\n/g')
183183
```
184+
1. Get the token to output to console
185+
186+
```console
187+
echo $TOKEN
188+
```
184189

185190
### [Azure PowerShell](#tab/azure-powershell)
186191

articles/azure-monitor/logs/customer-managed-keys.md

Lines changed: 17 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ After the Customer-managed key configuration, new ingested data to workspaces li
3636
> [!IMPORTANT]
3737
> Customer-managed key capability is regional. Your Azure Key Vault, cluster and linked workspaces must be in the same region, but they can be in different subscriptions.
3838
39-
![Customer-managed key overview](media/customer-managed-keys/cmk-overview.png)
39+
[![Customer-managed key overview](media/customer-managed-keys/cmk-overview.png "Screenshot of Customer-managed key diagram.")](media/customer-managed-keys/cmk-overview.png#lightbox)
4040

4141
1. Key Vault
4242
2. Log Analytics cluster resource having managed identity with permissions to Key Vault—The identity is propagated to the underlay dedicated cluster storage
@@ -73,7 +73,7 @@ Customer-managed key configuration isn't supported in Azure portal currently and
7373

7474
Create or use an existing Azure Key Vault in the region that the cluster is planed, and generate or import a key to be used for logs encryption. The Azure Key Vault must be configured as recoverable, to protect your key and the access to your data in Azure Monitor. You can verify this configuration under properties in your Key Vault, both *Soft delete* and *Purge protection* should be enabled.
7575

76-
![Soft delete and purge protection settings](media/customer-managed-keys/soft-purge-protection.png)
76+
[![Soft delete and purge protection settings](media/customer-managed-keys/soft-purge-protection.png "Screenshot of Key Vault soft delete and purge protection properties")](media/customer-managed-keys/soft-purge-protection.png#lightbox)
7777

7878
These settings can be updated in Key Vault via CLI and PowerShell:
7979

@@ -97,16 +97,23 @@ Follow the procedure illustrated in [Dedicated Clusters article](./logs-dedicate
9797

9898
## Grant Key Vault permissions
9999

100-
Create Access Policy in Key Vault to grants permissions to your cluster. These permissions are used by the underlay cluster storage. Open your Key Vault in Azure portal and click *Access Policies* then *+ Add Access Policy* to create a policy with these settings:
100+
There are two permission models in Key Vault to grants permissions to your cluster and underlay storage, Vault access policy and Azure role-based access control.
101101

102-
- Key permissions—select *Get*, *Wrap Key* and *Unwrap Key*.
103-
- Select principal—depending on the identity type used in the cluster (system or user assigned managed identity)
104-
- System assigned managed identity - enter the cluster name or cluster principal ID
105-
- User assigned managed identity - enter the identity name
102+
1. Vault access policy
106103

107-
![grant Key Vault permissions](media/customer-managed-keys/grant-key-vault-permissions-8bit.png)
104+
Open your Key Vault in Azure portal and click *Access Policies*, select *Vault access policy*, then click *+ Add Access Policy* to create a policy with these settings:
108105

109-
The *Get* permission is required to verify that your Key Vault is configured as recoverable to protect your key and the access to your Azure Monitor data.
106+
- Key permissions—select *Get*, *Wrap Key* and *Unwrap Key*.
107+
- Select principal—depending on the identity type used in the cluster (system or user assigned managed identity)
108+
- System assigned managed identity - enter the cluster name or cluster principal ID
109+
- User assigned managed identity - enter the identity name
110+
111+
[![grant Key Vault permissions](media/customer-managed-keys/grant-key-vault-permissions-8bit.png "Screenshot of Key Vault access policy permissions")](media/customer-managed-keys/grant-key-vault-permissions-8bit.png#lightbox)
112+
113+
The *Get* permission is required to verify that your Key Vault is configured as recoverable to protect your key and the access to your Azure Monitor data.
114+
115+
2. Azure role-based access control
116+
Open your Key Vault in Azure portal and click *Access Policies*, select *Azure role-based access control*, then enter *Access control (IAM)* and add *Key Vault Crypto Service Encryption User* role assignment.
110117

111118
## Update cluster with key identifier details
112119

@@ -118,7 +125,7 @@ This step updates dedicated cluster storage with the key and version to use for
118125
>- Key rotation can be automatic or require explicit key update, see [Key rotation](#key-rotation) to determine approach that is suitable for you before updating the key identifier details in cluster.
119126
>- Cluster update should not include both identity and key identifier details in the same operation. If you need to update both, the update should be in two consecutive operations.
120127
121-
![Grant Key Vault permissions](media/customer-managed-keys/key-identifier-8bit.png)
128+
[![Grant Key Vault permissions](media/customer-managed-keys/key-identifier-8bit.png "Screenshot of Key Vault key identifier details")](media/customer-managed-keys/key-identifier-8bit.png#lightbox)
122129

123130
Update KeyVaultProperties in cluster with key identifier details.
124131

articles/azure-resource-manager/management/azure-subscription-service-limits.md

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
title: Azure subscription limits and quotas
33
description: Provides a list of common Azure subscription and service limits, quotas, and constraints. This article includes information on how to increase limits along with maximum values.
44
ms.topic: conceptual
5-
ms.date: 04/27/2022
5+
ms.date: 07/27/2022
66
---
77

88
# Azure subscription and service limits, quotas, and constraints
@@ -342,6 +342,10 @@ The following table applies to v1, v2, Standard, and WAF SKUs unless otherwise s
342342

343343
[!INCLUDE [azure-front-door-service-limits](../../../includes/front-door-limits.md)]
344344

345+
### Azure Route Server limits
346+
347+
[!INCLUDE [Azure Route Server Limits](../../../includes/route-server-limits.md)]
348+
345349
### ExpressRoute limits
346350

347351
[!INCLUDE [expressroute-limits](../../../includes/expressroute-limits.md)]

articles/cognitive-services/Speech-Service/includes/quickstarts/captioning/cpp.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,10 @@ Follow these steps to create a new console application and install the Speech SD
4545
--key YourSubscriptionKey --region YourServiceRegion --input c:\caption\caption.this.mp4 --format any --output c:\caption\caption.output.txt - --srt --recognizing --threshold 5 --profanity mask --phrases "Contoso;Jessie;Rehaan"
4646
```
4747
Replace `YourSubscriptionKey` with your Speech resource key, and replace `YourServiceRegion` with your Speech resource [region](~/articles/cognitive-services/speech-service/regions.md), such as `westus` or `northeurope`. Make sure that the paths specified by `--input` and `--output` are valid. Otherwise you must change the paths.
48+
49+
> [!IMPORTANT]
50+
> Remember to remove the key from your code when you're done, and never post it publicly. For production, use a secure way of storing and accessing your credentials like [Azure Key Vault](../../../../../key-vault/general/overview.md). See the Cognitive Services [security](../../../../cognitive-services-security.md) article for more information.
51+
4852
1. [Build and run](/cpp/build/vscpp-step-2-build) the console application. The output file with complete captions is written to `c:\caption\caption.output.txt`. Intermediate results are shown in the console:
4953
```console
5054
00:00:00,180 --> 00:00:01,600

articles/cognitive-services/Speech-Service/includes/quickstarts/captioning/csharp.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,9 @@ Follow these steps to create a new console application and install the Speech SD
4848
```
4949
Replace `YourSubscriptionKey` with your Speech resource key, and replace `YourServiceRegion` with your Speech resource [region](~/articles/cognitive-services/speech-service/regions.md), such as `westus` or `northeurope`. Make sure that the paths specified by `--input` and `--output` are valid. Otherwise you must change the paths.
5050
51+
> [!IMPORTANT]
52+
> Remember to remove the key from your code when you're done, and never post it publicly. For production, use a secure way of storing and accessing your credentials like [Azure Key Vault](../../../../../key-vault/general/overview.md). See the Cognitive Services [security](../../../../cognitive-services-security.md) article for more information.
53+
5154
The output file with complete captions is written to `c:\caption\caption.output.txt`. Intermediate results are shown in the console:
5255
```console
5356
00:00:00,180 --> 00:00:01,600

0 commit comments

Comments
 (0)