Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into release-ignite-disk-bursting

Author: v-alje

.openpublishing.redirection.json

@@ -16125,6 +16125,11 @@
       "redirect_url": "/azure/stream-analytics/stream-analytics-troubleshoot-input",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/stream-analytics/powerbi-output-managed-identity.md",
+      "redirect_url": "/azure/stream-analytics/stream-analytics-define-outputs#power-bi",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/stream-analytics/vs-code-how-to.md",
       "redirect_url": "/azure/stream-analytics/vscode-explore-jobs",
@@ -42618,6 +42623,21 @@
       "redirect_url": "/azure/cognitive-services/content-moderator",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/cognitive-services/Content-Moderator/image-moderation-quickstart-dotnet.md",
+      "redirect_url": "/azure/cognitive-services/content-moderator/dotnet-sdk-quickstart",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cognitive-services/Content-Moderator/text-moderation-quickstart-dotnet.md",
+      "redirect_url": "/azure/cognitive-services/content-moderator/dotnet-sdk-quickstart",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cognitive-services/Content-Moderator/moderation-reviews-quickstart-dotnet.md",
+      "redirect_url": "/azure/cognitive-services/content-moderator/dotnet-sdk-quickstart",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/dev-spaces/quickstart-cli-dockerfile.md",
       "redirect_url": "/azure/dev-spaces/quickstart-cli",

articles/active-directory-domain-services/compare-identity-solutions.md

@@ -94,7 +94,7 @@ On an Azure AD-joined or registered device, user authentication happens using mo
 | Representation in the directory | Device objects in the Azure AD directory            | Computer objects in the Azure AD DS managed domain                        |
 | Authentication                  | OAuth / OpenID Connect based protocols              | Kerberos and NTLM protocols                                               |
 | Management                      | Mobile Device Management (MDM) software like Intune | Group Policy                                                              |
-| Networking                      | Works over the internet                             | Requires machines to be on the same virtual network as the managed domain |
+| Networking                      | Works over the internet                             | Must be connected to, or peered with, the virtual network where the managed domain is deployed |
 | Great for...                    | End-user mobile or desktop devices                  | Server VMs deployed in Azure                                              |
 
 ## Next steps
@@ -107,4 +107,4 @@ To get started with using Azure AD DS, [create an Azure AD DS managed domain usi
 [custom-ou]: create-ou.md
 [manage-gpos]: manage-group-policy.md
 [tutorial-ldaps]: tutorial-configure-ldaps.md
-[tutorial-create]: tutorial-create-instance.md
+[tutorial-create]: tutorial-create-instance.md

articles/active-directory/develop/v1-permissions-and-consent.md

@@ -34,7 +34,7 @@ Azure Active Directory (Azure AD) makes extensive use of permissions for both OA
 Azure AD defines two kinds of permissions:
 
 * **Delegated permissions** - Are used by apps that have a signed-in user present. For these apps, either the user or an administrator consents to the permissions that the app requests and the app is delegated permission to act as the signed-in user when making calls to an API. Depending on the API, the user may not be able to consent to the API directly and would instead [require an administrator to provide "admin consent"](/azure/active-directory/develop/active-directory-devhowto-multi-tenant-overview).
-* **Application permissions** - Are used by apps that run without a signed-in user present; for example, apps that run as background services or daemons. Application permissions can only be [consented by an administrator](/azure/active-directory/develop/active-directory-v2-scopes#requesting-consent-for-an-entire-tenant) because they are typically powerful and allow access to data across user-boundaries, or data that would otherwise be restricted to administrators.
+* **Application permissions** - Are used by apps that run without a signed-in user present; for example, apps that run as background services or daemons. Application permissions can only be [consented to by administrators](/azure/active-directory/develop/active-directory-v2-scopes#requesting-consent-for-an-entire-tenant) because they are typically powerful and allow access to data across user-boundaries, or data that would otherwise be restricted to administrators. Users who are defined as owners of the resource application (i.e. the API which publishes the permissions) are also allowed to grant application permissions for the APIs they own.
 
 Effective permissions are the permissions that your app will have when making requests to an API. 
 

articles/active-directory/users-groups-roles/groups-lifecycle.md

@@ -25,7 +25,7 @@ This article tells you how to manage the lifecycle of Office 365 groups by setti
 
 Once you set a group to expire:
 
-- Groups with user activities are automatically renewed as the expiration nears (preview)
+- Groups with user activities are automatically renewed as the expiration nears
 - Owners of the group are notified to renew the group, if the group is not auto-renewed
 - Any group that is not renewed is deleted
 - Any Office 365 group that is deleted can be restored within 30 days by the group owners or the administrator
@@ -37,7 +37,7 @@ Currently only one expiration policy can be configured for all Office 365 groups
 
 For information on how to download and install the Azure AD PowerShell cmdlets, see [Azure Active Directory PowerShell for Graph 2.0.0.137](https://www.powershellgallery.com/packages/AzureADPreview/2.0.0.137).
 
-## Activity-based automatic renewal (preview)
+## Activity-based automatic renewal
 
 With Azure AD intelligence, groups are now automatically renewed based on whether they have been in recent used. This feature eliminates the need for manual action by group owners, because it based on user activity in groups across Office 365 services like Outlook, SharePoint, Teams, or Yammer. For example, if an owner or a group member does something like upload a document in SharePoint, visit a Teams channel, or send an email to the group in Outlook, the group is automatically renewed and the owner does not get any renewal notifications.
 

articles/active-directory/users-groups-roles/groups-quickstart-expiration.md

@@ -23,13 +23,13 @@ In this quickstart, you set the expiration policy for your Office 365 groups. Wh
 
 Expiration policy is simple:
 
-- Groups with user activities are automatically renewed as the expiration nears (preview)
+- Groups with user activities are automatically renewed as the expiration nears
 - Group owners are notified to renew an expiring group
 - A group that is not renewed is deleted
 - A deleted Office 365 group can be restored within 30 days by a group owner or by an Azure AD administrator
 
 > [!NOTE]
-> Groups now use Azure AD intelligence to automatically renewed based on whether they have been in recent use (currently in public preview, so no sign-up is required). This feature is based on user activity in groups across Office 365 services like Outlook, SharePoint, Teams, Yammer, and others.
+> Groups now use Azure AD intelligence to automatically renewed based on whether they have been in recent use. This renewal decision is based on user activity in groups across Office 365 services like Outlook, SharePoint, Teams, Yammer, and others.
 
 If you don't have an Azure subscription, [create a free account](https://azure.microsoft.com/free/) before you begin.
 

articles/advisor/advisor-operational-excellence-recommendations.md

@@ -0,0 +1,51 @@
+---
+title: Improve operational excellency for your Azure subscriptions with Azure Advisor | Microsoft Docs
+description: Use Advisor to optimize and get mature in operational excellence for your Azure subscriptions.
+services: advisor
+documentationcenter: NA
+author: sagupt
+ms.service: advisor
+ms.topic: article
+ms.date: 10/24/2019
+ms.author: sagupt
+---
+
+# Achieve operational excellence with Azure Advisor
+
+Azure Advisor operational excellence recommendations help customer with process and workflow efficiency, resource manageability and deployment best practices. You can get these recommendations from Advisor on the **Operational Excellence** tab of the Advisor dashboard.
+
+## Create Azure Service Health alerts to be notified when Azure issues affect you
+
+We recommend setting up Azure Service Health alerts to be notified when Azure service issues affect you. [Azure Service Health](https://azure.microsoft.com/features/service-health/) is a free service that provides personalized guidance and support when you are impacted by an Azure service issue. Advisor identifies subscriptions that do not have alerts configured and recommends creating one.
+
+## Design your storage accounts to prevent hitting the maximum subscription limit
+
+An Azure region can support a maximum of 250 storage accounts per subscription. Once the limit is reached, you will be unable to create any more storage accounts in that region/subscription combination. Advisor will check your subscriptions and surface recommendations for you to design for fewer storage accounts for any that are close to reaching the maximum limit.
+
+## Ensure you have access to Azure cloud experts when you need it
+
+When running a business-critical workload, it's important to have access to technical support when needed. Advisor identifies potential business-critical subscriptions that do not have technical support included in their support plan and recommends upgrading to an option that includes technical support.
+
+## Repair invalid log alert rules
+
+Azure Advisor will detect alert rules that have invalid queries specified in their condition section. 
+Log alert rules are created in Azure Monitor and are used to run analytics queries at specified intervals. The results of the query determine if an alert needs to be triggered. Analytics queries may become invalid overtime due to changes in referenced resources, tables, or commands. Advisor will recommend that you correct the query in the alert rule to prevent it from getting auto-disabled and ensure monitoring coverage of your resources in Azure. [Learn more about troubleshooting alert rules](https://aka.ms/aa_logalerts_queryrepair)
+
+## Follow best practices using Azure Policy
+
+Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources. Below are the Azure policy recommendations to help you achieve operational excellency: 
+1. Manage Tags using Azure Policy: This policy adds or replaces the specified tag and value when any resource is created or updated. Existing resources can be remediated by triggering a remediation task. Also, this doesn't modify tags on resource groups.
+2. Enforce geo-compliance requirements using Azure Policy: The policy enables you to restrict the locations your organization can specify when deploying resources. 
+3. Specify allowed virtual machine SKUs for deployments: This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.
+4. Enforce 'Audit VMs that do not use managed disks' using Azure policy
+5. Use 'Inherit a tag from resource groups' using Azure policy: The policy adds or replaces the specified tag and value from the parent resource group when any resource is created or updated. Existing resources can be remediated by triggering a remediation task.
+
+## Next steps
+
+To learn more about Advisor recommendations, see:
+* [Introduction to Advisor](advisor-overview.md)
+* [Get Started](advisor-get-started.md)
+* [Advisor Cost recommendations](advisor-cost-recommendations.md)
+* [Advisor Performance recommendations](advisor-performance-recommendations.md)
+* [Advisor High Availability recommendations](advisor-high-availability-recommendations.md)
+* [Advisor Security recommendations](advisor-security-recommendations.md)

articles/advisor/toc.yml

@@ -18,6 +18,8 @@
     href: advisor-performance-recommendations.md
   - name: Reduce service costs
     href: advisor-cost-recommendations.md
+  - name: Achieve operational excellence
+    href: advisor-operational-excellence-recommendations.md
   - name: Configure recommendations
     href: view-recommendations.md
   - name: Permissions and blocked actions

articles/application-gateway/custom-waf-rules-overview.md

@@ -28,6 +28,9 @@ If you want to use *or* for two different conditions, the two conditions must be
 
 Regular expressions are also supported in custom rules, just as they are in the core rule sets. For examples of these rules, see "Example 3" and "Example 5" in [Create and use custom web application firewall rules](create-custom-waf-rules.md).
 
+> [!NOTE]
+> Custom rules are not available in the v1 SKU WAF.
+
 ## Allowing or blocking traffic
 
 Allowing or blocking traffic is simple with custom rules. For example, you can block all traffic that comes from a range of IP addresses. You can make another rule to allow traffic if the request comes from a certain browser.

articles/azure-cache-for-redis/cache-troubleshoot-data-loss.md

@@ -98,7 +98,7 @@ If you find that most of or all keys have disappeared from your cache, you can c
 |---|---|
 | [Key flushing](#key-flushing) | Keys have been manually purged |
 | [Incorrect database selection](#incorrect-database-selection) | Redis is set to use a non-default database |
-| [Redis instance failure](#redis-instance-failure) | Keys are removed by explicit delete commands |
+| [Redis instance failure](#redis-instance-failure) | Redis server is unavailable |
 
 ### Key flushing