Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Banani-Rath

.openpublishing.redirection.json

@@ -13391,6 +13391,11 @@
       "redirect_url": "/azure/event-hubs/event-hubs-faq",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/event-hubs/event-hubs-authentication-and-security-model-overview.md",
+      "redirect_url": "/azure/event-hubs/authenticate-shared-access-signature",
+      "redirect_document_id": false
+    },    
     {
       "source_path": "articles/event-hubs/event-hubs-c-ephcs-getstarted.md",
       "redirect_url": "/azure/event-hubs/event-hubs-c-getstarted-send",

articles/active-directory-domain-services/scenarios.md

@@ -93,7 +93,7 @@ The following deployment considerations apply to this example use case:
 
 You can use Azure AD DS to provide managed domain services to remote desktop servers deployed in Azure. For more information about this deployment scenario, see [how to integrate Azure AD Domain Services with your RDS deployment][windows-rds].
 
-## Domain-joined HDInsight clusters (preview)
+## Domain-joined HDInsight clusters
 
 You can set up an Azure HDInsight cluster that is joined to an Azure AD DS managed domain with Apache Ranger enabled. You can create and apply Hive policies through Apache Ranger, and allow users, such as data scientists, to connect to Hive using ODBC-based tools like Excel or Tableau. We continue to work to add other workloads, such as HBase, Spark, and Storm to domain-joined HDInsight.
 

articles/active-directory/cloud-provisioning/reference-cloud-provisioning-faq.md

@@ -7,7 +7,7 @@ manager: daveba
 ms.service: active-directory
 ms.workload: identity
 ms.topic: overview
-ms.date: 12/02/2019
+ms.date: 02/26/2020
 ms.subservice: hybrid
 ms.author: billmath
 ms.collection: M365-identity-device-management
@@ -66,6 +66,14 @@ No, cloud provisioning does not support writeback of ms-ds-consistencyGUID for a
 
 When you delete the configuration, cloud provisioning does not cleanup the synced objects in Azure AD. To ensure you do not have the old objects, change the scope of the configuration to an empty group or Organizational Units. Once the provisioning runs and cleans up the objects, disable and delete the  configuration. 
 
+**Q:  What does it mean that Exchange hybrid is not supported?**
+
+The Exchange Hybrid Deployment feature allows for the co-existence of Exchange mailboxes both on-premises and in Office 365. Azure AD Connect is synchronizing a specific set of attributes from Azure AD back into your on-premises directory.  The cloud provisioning agent currently does not synchronize these attributes back into your on-premises directory and thus it is not supported as a replacement for Azure AD Connect.
+
+**Q:  Can I install the cloud provisioning agent on Windows Server Core?**
+
+No, installing the agent on server core is not supported.
+
 ## Next steps 
 
 - [What is provisioning?](what-is-provisioning.md)

articles/aks/TOC.yml

@@ -375,6 +375,8 @@
       href: kube-advisor-tool.md
     - name: SSH node access
       href: ssh.md
+    - name: Linux performance tools
+      href: troubleshoot-linux.md
 - name: Reference
   items:
   - name: Azure CLI

articles/aks/troubleshoot-linux.md

@@ -405,6 +405,9 @@ But if you'd like to use Application Gateway V2 with only private IP, you can fo
 Sample NSG configuration for private IP only access:
 ![Application Gateway V2 NSG Configuration for private IP access only](./media/application-gateway-faq/appgw-privip-nsg.png)
 
+### Does Application Gateway affinity cookie support SameSite attribute?
+Yes, the [Chromium browser](https://www.chromium.org/Home) [v80 update](https://chromiumdash.appspot.com/schedule) introduced a mandate on HTTP cookies without SameSite attribute to be treated as SameSite=Lax. This means that the Application Gateway affinity cookie won't be sent by the browser in a third-pary context. 
+To support this scenario, Application Gateway injects another cookie called *ApplicationGatewayAffinityCORS* in addition to the existing *ApplicationGatewayAffinity* cookie.  These cookies are similar, but the *ApplicationGatewayAffinityCORS* cookie has two more attributes added to it: *SameSite=None; Secure*. These attributes maintain sticky sessions even for cross-origin requests. See the [cookie based affinity section](configuration-overview.md#cookie-based-affinity) for more information.
 
 ## Next steps
 

articles/application-gateway/application-gateway-faq.md

@@ -252,14 +252,14 @@ Azure Application Gateway uses gateway managed cookies for maintaining user sess
 
 This feature is useful when you want to keep a user session on the same server and when session state is saved locally on the server for a user session. If the application can't handle cookie-based affinity, you can't use this feature. To use it, make sure that the clients support cookies.
 
-Starting from **17th February 2020**, the [Chromium](https://www.chromium.org/Home) [v80 update](https://chromiumdash.appspot.com/schedule) brings a mandate where HTTP cookies without SameSite attribute to be treated as SameSite=Lax. In case of CORS (Cross-Origin Resource Sharing) requests, if the cookie has to be sent in a third-party context, it has to use “SameSite=None; Secure” attributes and it should be sent over HTTPS only. Otherwise, in a HTTP only scenario, the browser won’t send the cookies in the third-party context. The goal of this update from Chrome is to enhance security and to avoid Cross-Site Request Forgery (CSRF) attacks. 
+The [Chromium browser](https://www.chromium.org/Home) [v80 update](https://chromiumdash.appspot.com/schedule) brought a mandate where HTTP cookies without [SameSite](https://tools.ietf.org/id/draft-ietf-httpbis-rfc6265bis-03.html#rfc.section.5.3.7) attribute has to be treated as SameSite=Lax. In the case of CORS (Cross-Origin Resource Sharing) requests, if the cookie has to be sent in a third-party context, it has to use *SameSite=None; Secure* attributes and it should be sent over HTTPS only. Otherwise, in a HTTP only scenario, the browser doesn't send the cookies in the third-party context. The goal of this update from Chrome is to enhance security and to avoid Cross-Site Request Forgery (CSRF) attacks. 
 
-To support this change, Application Gateway (all the SKU types) will be injecting another identical cookie called **ApplicationGatewayAffinityCORS** in addition to the existing **ApplicationGatewayAffinity** cookie, which is similar, but this cookie will now have two more attributes **"SameSite=None; Secure"** added to it so that sticky session can be maintained even for cross-origin requests.
+To support this change, starting February 17th 2020, Application Gateway (all the SKU types) will inject another cookie called *ApplicationGatewayAffinityCORS* in addition to the existing *ApplicationGatewayAffinity* cookie. The *ApplicationGatewayAffinityCORS* cookie has two more attributes added to it (*"SameSite=None; Secure"*) so that sticky session are maintained even for cross-origin requests.
 
-Please note that the default affinity cookie name is **ApplicationGatewayAffinity** and this can be changed by the users. In case you are using a custom affinity cookie name, an additional cookie will be added with CORS as suffix, for example, **CustomCookieNameCORS**.
+Note that the default affinity cookie name is *ApplicationGatewayAffinity* and you can change it. In case you are using a custom affinity cookie name, an additional cookie is added with CORS as suffix. For example, *CustomCookieNameCORS*.
 
 > [!NOTE]
-> It is mandatory that if the attribute **SameSite=None** is set, the cookie also should contain the **Secure** flag and should be sent over **HTTPS**. So if session affinity is required over CORS, you must migrate your workload to HTTPS. 
+> If the attribute *SameSite=None* is set, it is mandatory that the cookie also contains the *Secure* flag, and must be sent over HTTPS.  If session affinity is required over CORS, you must migrate your workload to HTTPS. 
 Please refer to SSL offload and End-to-End SSL documentation for Application Gateway here – [Overview](ssl-overview.md), [How-to configure SSL offload](create-ssl-portal.md), [How-to configure End-to-End SSL](end-to-end-ssl-portal.md).
 
 ### Connection draining

articles/application-gateway/configuration-overview.md

@@ -6,13 +6,13 @@ services: application-gateway
 author: vhorne
 ms.service: application-gateway
 ms.topic: article
-ms.date: 11/14/2019
+ms.date: 02/27/2020
 ms.author: victorh
 ---
 
 # Configure SSL termination with Key Vault certificates by using Azure PowerShell
 
-[Azure Key Vault](../key-vault/key-vault-overview.md) is a platform-managed secret store that you can use to safeguard secrets, keys, and SSL certificates. Azure Application Gateway supports integration with Key Vault (in public preview) for server certificates that are attached to HTTPS-enabled listeners. This support is limited to the v2 SKU of Application Gateway.
+[Azure Key Vault](../key-vault/key-vault-overview.md) is a platform-managed secret store that you can use to safeguard secrets, keys, and SSL certificates. Azure Application Gateway supports integration with Key Vault for server certificates that are attached to HTTPS-enabled listeners. This support is limited to the Application Gateway v2 SKU.
 
 For more information, see [SSL termination with Key Vault certificates](key-vault-certs.md).
 

articles/application-gateway/configure-keyvault-ps.md

@@ -22,6 +22,7 @@ Azure Application Gateway is updated on an ongoing basis. To stay up-to-date wit
 
 |Feature  |Description  |Date added  |
 |---------|---------|---------|
+|Affinity cookie changes |When cookie based affinity is enabled, Application Gateway injects another identical cookie called *ApplicationGatewayAffinityCORS* in addition to the existing ApplicationGatewayAffinity cookie. *ApplicationGatewayAffinityCORS* has two more attributes added to it (*SameSite=None; Secure*) so that sticky session are maintained even for cross-origin requests. See [Application Gateway Cookie based affinity](configuration-overview.md#cookie-based-affinity) for more information. |February 2020 |
 |Probe enhancements |With the custom probe enhancements in Application Gateway v2 SKU, we have simplified [probe configuration](https://docs.microsoft.com/azure/application-gateway/application-gateway-create-probe-portal#create-probe-for-application-gateway-v2-sku), facilitated [on-demand backend health tests](https://docs.microsoft.com/azure/application-gateway/application-gateway-create-probe-portal#test-backend-health-with-the-probe) and added [more diagnostic information](https://docs.microsoft.com/azure/application-gateway/application-gateway-backend-health-troubleshooting#error-messages) to help you troubleshoot backend health issues.  |October 2019 |
 |More metrics |We've added the following new metrics to help you monitor your Applicaiton Gateway v2 SKU: [Timing-related metrics](https://docs.microsoft.com/azure/application-gateway/application-gateway-metrics#timing-metrics), Backend response status, Bytes received, Bytes sent, Client TLS protocol and Current compute units. See [Metrics supported by Application Gateway V2 SKU](https://docs.microsoft.com/azure/application-gateway/application-gateway-metrics#metrics-supported-by-application-gateway-v2-sku). |August 2019 |
 |WAF custom rules |Application Gateway WAF_v2 now supports creating custom rules. See [Application Gateway custom rules](custom-waf-rules-overview.md). |June 2019 |

articles/application-gateway/whats-new.md

@@ -4,6 +4,8 @@
   items:
   - name: What is Automation?
     href: automation-intro.md
+  - name: FAQ
+    href: automation-faq.md
 - name: Automation Account
   items:
     - name: Create an Automation account
@@ -136,6 +138,8 @@
     displayName: dynamic groups, pre scripts, post scripts, reboot control, first party, pre download, inclusion
   - name: Onboarding
     items:
+    - name: Using a Resource Manager template
+      href: automation-update-management-deploy-template.md   
     - name: Onboard multiple VMs from the portal
       href: automation-onboard-solutions-from-browse.md
     - name: Onboard from an Azure VM