Merge pull request #190909 from MicrosoftDocs/main

Merge main to live, 4 AM

Author: ttorble

articles/active-directory-domain-services/TOC.yml

@@ -162,6 +162,8 @@
   items:
     - name: FAQs
       href: faqs.yml
+    - name: Feature availability
+      href: feature-availability.md
     - name: Service updates
       href: https://azure.microsoft.com/updates/?product=active-directory-ds
     - name: Pricing

articles/active-directory-domain-services/feature-availability.md

@@ -0,0 +1,47 @@
+---
+title: Azure Active Directory Domain Services (Azure AD DS) feature availability in Azure Government
+description: Learn which Azure AD DS features are available in Azure Government. 
+
+ms.service: active-directory
+ms.subservice: domain-services
+ms.workload: identity
+ms.topic: conceptual
+ms.date: 03/07/2022
+
+ms.author: justinha
+author: justinha
+manager: daveba
+ms.reviewer: michmcla
+ms.collection: M365-identity-device-management
+---
+
+# Azure Active Directory Domain Services feature availability
+
+<!---Jeremy said there are additional features that don't fit nicely in this list that we need to add later--->
+
+This following table lists Azure Active Directory Domain Services (Azure AD DS) feature availability in Azure Government.
+
+
+| Feature | Availability |
+|---------|:------------:|
+| Configure LDAPS | &#x2705; |
+| Create trusts | &#x2705; |
+| Create replica sets | &#x2705; | 
+| Configure and scope user and group sync | &#x2705; | 
+| Configure password hash sync | &#x2705; | 
+| Configure password and account lockout policies | &#x2705; | 
+| Manage Group Policy | &#x2705; | 
+| Manage DNS | &#x2705; | 
+| Email notifications | &#x2705; | 
+| Configure Kerberos constrained delegation | &#x2705; | 
+| Auditing and Azure Monitor Workbooks templates | &#x2705; | 
+| Domain join Windows VMs | &#x2705; | 
+| Domain join Linux VMs | &#x2705; | 
+| Deploy Azure AD Application Proxy | &#x2705; | 
+| Enable profile sync for SharePoint  | &#x2705; | 
+
+## Next steps
+
+- [FAQs](faqs.yml)
+- [Service updates](https://azure.microsoft.com/updates/?product=active-directory-ds)
+- [Pricing](https://azure.microsoft.com/pricing/details/active-directory-ds/)

articles/active-directory/authentication/feature-availability.md

@@ -1,5 +1,5 @@
 ---
-title: Azure AD feature availability in Azure Government
+title: Azure Active Directory (Azure AD) feature availability in Azure Government
 description: Learn which Azure AD features are available in Azure Government. 
 
 services: multi-factor-authentication
@@ -15,12 +15,13 @@ ms.reviewer: michmcla
 ms.collection: M365-identity-device-management
 ---
 
-# Cloud feature availability
+# Azure Active Directory feature availability
 
 <!---Jeremy said there are additional features that don't fit nicely in this list that we need to add later--->
 
-This following table lists Azure AD feature availability in Azure Government.
+This following tables list Azure AD feature availability in Azure Government.
 
+## Azure Active Directory
 
 |Service     | Feature | Availability |
 |:------|---------|:------------:|
@@ -106,7 +107,7 @@ This following table lists Azure AD feature availability in Azure Government.
 |Additional risk detected | &#x2705; |
 
 
-## HR-provisioning apps
+## HR provisioning apps
 
 | HR-provisioning app | Availability |
 |----------------|:--------------------:|

articles/active-directory/authentication/howto-authentication-passwordless-deployment.md

@@ -119,7 +119,7 @@ Microsoft provides communication templates for end users. Download the [authenti
 
 Users register their passwordless method as a part of the **combined security information workflow** at [https://aka.ms/mysecurityinfo](https://aka.ms/mysecurityinfo). Azure AD logs registration of security keys and Microsoft Authenticator app, and any other changes to the authentication methods. 
 
-For the first-time user who doesn't have a password, admins can provide a [Temporary Access Passcode](howto-authentication-temporary-access-pass.md) to register their security information in [https://aka.ms/mysecurityinfo](https://aka.ms/mysecurityinfo.md) . This is a time-limited passcode and satisfies strong authentication requirements. **Temporary Access Pass is a per-user process**.
+For the first-time user who doesn't have a password, admins can provide a [Temporary Access Passcode](howto-authentication-temporary-access-pass.md) to register their security information in [https://aka.ms/mysecurityinfo](https://aka.ms/mysecurityinfo) . This is a time-limited passcode and satisfies strong authentication requirements. **Temporary Access Pass is a per-user process**.
 
 This method can also be used for easy recovery when the user has lost or forgotten their authentication factor such as security key or Microsoft Authenticator app but needs to sign in to **register a new strong authentication method**. 
 

articles/active-directory/develop/scenario-web-app-call-api-app-configuration.md

@@ -49,7 +49,7 @@ In the following example, the `GraphBeta` section specifies these settings.
   "AzureAd": {
     "Instance": "https://login.microsoftonline.com/",
     "ClientId": "[Client_id-of-web-app-eg-2ec40e65-ba09-4853-bcde-bcb60029e596]",
-    "TenantId": "common"
+    "TenantId": "common",
 
    // To call an API
    "ClientSecret": "[Copy the client secret added to the app from the Azure portal]",
@@ -70,7 +70,7 @@ Instead of a client secret, you can provide a client certificate. The following
   "AzureAd": {
     "Instance": "https://login.microsoftonline.com/",
     "ClientId": "[Client_id-of-web-app-eg-2ec40e65-ba09-4853-bcde-bcb60029e596]",
-    "TenantId": "common"
+    "TenantId": "common",
 
    // To call an API
    "ClientCertificates": [

articles/active-directory/governance/TOC.yml

@@ -16,18 +16,28 @@
 - name: Tutorials
   expanded: true
   items:
-    - name: Manage access to resources - Azure portal
-      href: entitlement-management-access-package-first.md
-    - name: Manage access to resources - Microsoft Graph
-      href: /graph/tutorial-access-package-api?toc=/azure/active-directory/governance/toc.json&bc=/azure/active-directory/governance/breadcrumb/toc.json
-    - name: Manage access to resources - PowerShell
-      href: /powershell/microsoftgraph/tutorial-entitlement-management?view=graph-powershell-beta
-    - name: Onboard external users to Azure AD through an approval process
-      href: entitlement-management-onboard-external-user.md
-    - name: Manage the lifecycle of your group-based licenses in Azure AD
-      href: entitlement-management-group-licenses.md
-    - name: Automate identity governance tasks
-      href: identity-governance-automation.md
+    - name: Azure portal tutorials
+      items:
+      - name: Manage access to resources - Azure portal
+        href: entitlement-management-access-package-first.md
+      - name: Manage the lifecycle of your group-based licenses in Azure AD
+        href: entitlement-management-group-licenses.md
+      - name: Onboard external users to Azure AD through an approval process
+        href: entitlement-management-onboard-external-user.md
+      - name: Automate identity governance tasks
+        href: identity-governance-automation.md
+    - name: API tutorials
+      items:
+      - name: Manage access to resources - Microsoft Graph
+        href: /graph/tutorial-access-package-api?toc=/azure/active-directory/governance/toc.json&bc=/azure/active-directory/governance/breadcrumb/toc.json
+      - name: Manage access to resources - PowerShell
+        href: /powershell/microsoftgraph/tutorial-entitlement-management?view=graph-powershell-beta
+      - name: Review access to Microsoft 365 groups - Microsoft Graph
+        href: https://docs.microsoft.com/graph/tutorial-accessreviews-m365group
+      - name: Review access to security groups - Microsoft Graph
+        href: https://docs.microsoft.com/graph/tutorial-accessreviews-securitygroup
+      - name: Review access to privileged roles - Microsoft Graph
+        href: https://docs.microsoft.com/graph/tutorial-accessreviews-roleassignments
 - name: Concepts
   expanded: true
   items:

articles/active-directory/governance/create-access-review.md

@@ -158,7 +158,8 @@ For more information, see [License requirements](access-reviews-overview.md#lice
 
 A multi-stage review allows the administrator to define two or three sets of reviewers to complete a review one after another. In a single-stage review, all reviewers make a decision within the same period and the last reviewer to make a decision "wins". In a multi-stage review, two or three independent sets of reviewers make a decision within their own stage, and the next stage doesn't happen until a decision is made in the previous stage. Multi-stage reviews can be used to reduce the burden on later-stage reviewers, allow for escalation of reviewers, or have independent groups of reviewers agree on decisions.
 > [!WARNING]
-> Data of users included in multi-stage access reviews are a part of the audit record at the start of the review. Administrators may delete the data at any time by deleting the multi-stage access review series.
+> Data of users included in multi-stage access reviews are a part of the audit record at the start of the review. Administrators may delete the data at any time by deleting the multi-stage access review series. 
+[!INCLUDE [GDPR-related guidance](../../../includes/gdpr-intro-sentence.md)]
 
 1. After you have selected the resource and scope of your review, move on to the **Reviews** tab. 
 

articles/active-directory/saas-apps/joyn-fsm-provisioning-tutorial.md

@@ -42,7 +42,7 @@ The scenario outlined in this tutorial assumes that you already have the followi
 
 ## Step 2. Configure Joyn FSM to support provisioning with Azure AD
 
-Contact your [SevenLakes Customer Success Representative](mailto:mailto:[email protected]) in order to obtain the Tenant URL and Secret Token which are required for configuring provisioning.
+Contact your [SevenLakes Customer Success Representative](mailto:[email protected]) in order to obtain the Tenant URL and Secret Token which are required for configuring provisioning.
 
 ## Step 3. Add Joyn FSM from the Azure AD application gallery
 

articles/aks/availability-zones.md

@@ -114,21 +114,21 @@ First, get the AKS cluster credentials using the [az aks get-credentials][az-aks
 az aks get-credentials --resource-group myResourceGroup --name myAKSCluster
 ```
 
-Next, use the [kubectl describe][kubectl-describe] command to list the nodes in the cluster and filter on the *failure-domain.beta.kubernetes.io/zone* value. The following example is for a Bash shell.
+Next, use the [kubectl describe][kubectl-describe] command to list the nodes in the cluster and filter on the `topology.kubernetes.io/zone` value. The following example is for a Bash shell.
 
 ```console
-kubectl describe nodes | grep -e "Name:" -e "failure-domain.beta.kubernetes.io/zone"
+kubectl describe nodes | grep -e "Name:" -e "topology.kubernetes.io/zone"
 ```
 
 The following example output shows the three nodes distributed across the specified region and availability zones, such as *eastus2-1* for the first availability zone and *eastus2-2* for the second availability zone:
 
 ```console
 Name:       aks-nodepool1-28993262-vmss000000
-            failure-domain.beta.kubernetes.io/zone=eastus2-1
+            topology.kubernetes.io/zone=eastus2-1
 Name:       aks-nodepool1-28993262-vmss000001
-            failure-domain.beta.kubernetes.io/zone=eastus2-2
+            topology.kubernetes.io/zone=eastus2-2
 Name:       aks-nodepool1-28993262-vmss000002
-            failure-domain.beta.kubernetes.io/zone=eastus2-3
+            topology.kubernetes.io/zone=eastus2-3
 ```
 
 As you add additional nodes to an agent pool, the Azure platform automatically distributes the underlying VMs across the specified availability zones.
@@ -150,7 +150,7 @@ aks-nodepool1-34917322-vmss000002   eastus   eastus-3
 
 ## Verify pod distribution across zones
 
-As documented in [Well-Known Labels, Annotations and Taints][kubectl-well_known_labels], Kubernetes uses the `failure-domain.beta.kubernetes.io/zone` label to automatically distribute pods in a replication controller or service across the different zones available. In order to test this, you can scale up your cluster from 3 to 5 nodes, to verify correct pod spreading:
+As documented in [Well-Known Labels, Annotations and Taints][kubectl-well_known_labels], Kubernetes uses the `topology.kubernetes.io/zone` label to automatically distribute pods in a replication controller or service across the different zones available. In order to test this, you can scale up your cluster from 3 to 5 nodes, to verify correct pod spreading:
 
 ```azurecli-interactive
 az aks scale \
@@ -159,19 +159,19 @@ az aks scale \
     --node-count 5
 ```
 
-When the scale operation completes after a few minutes, the command `kubectl describe nodes | grep -e "Name:" -e "failure-domain.beta.kubernetes.io/zone"` in a Bash shell should give an output similar to this sample:
+When the scale operation completes after a few minutes, the command `kubectl describe nodes | grep -e "Name:" -e "topology.kubernetes.io/zone"` in a Bash shell should give an output similar to this sample:
 
 ```console
 Name:       aks-nodepool1-28993262-vmss000000
-            failure-domain.beta.kubernetes.io/zone=eastus2-1
+            topology.kubernetes.io/zone=eastus2-1
 Name:       aks-nodepool1-28993262-vmss000001
-            failure-domain.beta.kubernetes.io/zone=eastus2-2
+            topology.kubernetes.io/zone=eastus2-2
 Name:       aks-nodepool1-28993262-vmss000002
-            failure-domain.beta.kubernetes.io/zone=eastus2-3
+            topology.kubernetes.io/zone=eastus2-3
 Name:       aks-nodepool1-28993262-vmss000003
-            failure-domain.beta.kubernetes.io/zone=eastus2-1
+            topology.kubernetes.io/zone=eastus2-1
 Name:       aks-nodepool1-28993262-vmss000004
-            failure-domain.beta.kubernetes.io/zone=eastus2-2
+            topology.kubernetes.io/zone=eastus2-2
 ```
 
 We now have two additional nodes in zones 1 and 2. You can deploy an application consisting of three replicas. We will use NGINX as an example:

articles/application-gateway/classic-to-resource-manager.md

@@ -28,6 +28,24 @@ For more information on how to set up an Application Gateway resource after VNet
 * [Deployment via Azure CLI](quick-create-cli.md)
 * [Deployment via ARM template](quick-create-template.md)
 
+## Common questions
+
+### What is Azure Service Manager and what does it mean by classic?
+
+The word "classic" in classic networking service refers to networking resources managed by Azure Service Manager (ASM). Azure Service Manager (ASM) is the old control plane of Azure responsible for creating, managing, deleting VMs and performing other control plane operations.
+
+### What is Azure Resource Manager?
+
+Azure Resource Manager is the latest control plane of Azure responsible for creating, managing, deleting VMs and performing other control plane operations.
+
+### Where can I find more information regarding classic to Azure Resource Manager migration?
+
+Please refer to [Frequently asked questions about classic to Azure Resource Manager migration](../virtual-machines/migration-classic-resource-manager-faq.yml)
+
+### How do I report an issue?
+
+Post your issues and questions about migration to our [Microsoft Q&A page](https://aka.ms/AAflal1). We recommend posting all your questions on this forum. If you have a support contract, you're welcome to log a support ticket as well.
+
 ## Next steps
 To get started see: [platform-supported migration of IaaS resources from classic to Resource Manager](../virtual-machines/migration-classic-resource-manager-ps.md)