Merge pull request #194840 from MicrosoftDocs/repo_sync_working_branch

huypub · web-flow · commit c12e569fd907 · 2022-04-12T14:49:31.000-07:00
Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)
diff --git a/articles/active-directory/authentication/howto-authentication-passwordless-deployment.md b/articles/active-directory/authentication/howto-authentication-passwordless-deployment.md
@@ -62,7 +62,7 @@ Here are the least privileged roles required for this deployment:
 
 | Azure AD Role| Description |
 | - | -|
-| Global Administrator| To implement combined registration experience. |
+| User Administrator or Global Administrator| To implement combined registration experience. |
 | Authentication Administrator| To implement and manage authentication methods. |
 | User| To configure Authenticator app on device, or to enroll security key device for web or Windows 10 sign-in. |
 
diff --git a/articles/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises.md b/articles/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises.md
@@ -48,6 +48,8 @@ You must also meet the following system requirements:
     - [Windows Server 2016](https://support.microsoft.com/help/4534307/windows-10-update-kb4534307)
     - [Windows Server 2019](https://support.microsoft.com/help/4534321/windows-10-update-kb4534321)
 
+- AES256_HMAC_SHA1 must be enabled when **Network security: Configure encryption types allowed for Kerberos** policy is [configured](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos) on domain controllers.
+
 - Have the credentials required to complete the steps in the scenario:
     - An Active Directory user who is a member of the Domain Admins group for a domain and a member of the Enterprise Admins group for a forest. Referred to as **$domainCred**.
     - An Azure Active Directory user who is a member of the Global Administrators role. Referred to as **$cloudCred**.
@@ -270,7 +272,7 @@ For information about compliant security keys, see [FIDO2 security keys](concept
 
 ### What can I do if I lose my security key?
 
-To retrieve a security key, sign in to the Azure portal, and then go to the **Security info** page.
+To delete an enrolled security key, sign in to the Azure portal, and then go to the **Security info** page.
 
 ### What can I do if I'm unable to use the FIDO security key immediately after I create a hybrid Azure AD-joined machine?
 
diff --git a/articles/active-directory/authentication/howto-authentication-passwordless-security-key-windows.md b/articles/active-directory/authentication/howto-authentication-passwordless-security-key-windows.md
@@ -73,8 +73,8 @@ Organizations may choose to use one or more of the following methods to enable t
 To enable the use of security keys using Intune, complete the following steps:
 
 1. Sign in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com).
-1. Browse to **Microsoft Intune** > **Device enrollment** > **Windows enrollment** > **Windows Hello for Business** > **Properties**.
-1. Under **Settings**, set **Use security keys for sign-in** to **Enabled**.
+1. Browse to **Devices** > **Enroll Devices** > **Windows enrollment** > **Windows Hello for Business**.
+1. Set **Use security keys for sign-in** to **Enabled**.
 
 Configuration of security keys for sign-in isn't dependent on configuring Windows Hello for Business.
 
@@ -83,18 +83,19 @@ Configuration of security keys for sign-in isn't dependent on configuring Window
 To target specific device groups to enable the credential provider, use the following custom settings via Intune:
 
 1. Sign in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com).
-1. Browse to **Device** > **Windows** > **Configuration Profiles** > **Create profile**.
+1. Browse to **Devices** > **Windows** > **Configuration Profiles** > **Create profile**.
 1. Configure the new profile with the following settings:
-   - Name: Security Keys for Windows Sign-In
-   - Description: Enables FIDO Security Keys to be used during Windows Sign In
    - Platform: Windows 10 and later
    - Profile type: Template > Custom
-   - Custom OMA-URI Settings:
+   - Name: Security Keys for Windows Sign-In
+   - Description: Enables FIDO Security Keys to be used during Windows Sign In
+1. Click **Add* and in **Add Row**, add the following Custom OMA-URI Settings:
       - Name: Turn on FIDO Security Keys for Windows Sign-In
+      - Description: (Optional)
       - OMA-URI: ./Device/Vendor/MSFT/PassportForWork/SecurityKey/UseSecurityKeyForSignin
       - Data Type: Integer
       - Value: 1
-1. This policy can be assigned to specific users, devices, or groups. For more information, see [Assign user and device profiles in Microsoft Intune](/intune/device-profile-assign).
+1. The remainder of the policy settings include assigning to specific users, devices, or groups. For more information, see [Assign user and device profiles in Microsoft Intune](/intune/device-profile-assign).
 
 ![Intune custom device configuration policy creation](./media/howto-authentication-passwordless-security-key/intune-custom-profile.png)
 
diff --git a/articles/active-directory/authentication/howto-mfa-app-passwords.md b/articles/active-directory/authentication/howto-mfa-app-passwords.md
@@ -81,10 +81,11 @@ In this scenario, you use the following credentials:
 By default, users can't create app passwords. The app passwords feature must be enabled before users can use them. To give users the ability to create app passwords, **admin needs** to complete the following steps:
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
-2. Search for and select **Azure Active Directory**, then choose **Users**.
-3. Select **Multi-Factor Authentication** from the navigation bar across the top of the *Users* window.
-4. Under Multi-Factor Authentication, select **service settings**.
-5. On the **Service Settings** page, select the **Allow users to create app passwords to sign in to non-browser apps** option.
+2. Search for and select **Azure Active Directory**, then choose **Security**.
+3. Select **Conditional Access** from the left navigation blade.
+4. Selet **Named location** from the left navigation blade.
+5. Click on **"Configure MFA trusted IPs"** in the bar across the top of the *Conditional Access | Named Locations* window.
+6. On the **multi-factor authentication** page, select the **Allow users to create app passwords to sign in to non-browser apps** option.
 
     ![Screenshot of the Azure portal that shows the service settings for multi-factor authentication to allow the user of app passwords](media/concept-authentication-methods/app-password-authentication-method.png)
     
@@ -104,4 +105,4 @@ Users can also create app passwords after registration. For more information and
 
 ## Next steps
 
-For more information on how to allow users to quickly register for Azure AD Multi-Factor Authentication, see [Combined security information registration overview](concept-registration-mfa-sspr-combined.md).
+For more information on how to allow users to quickly register for Azure AD Multi-Factor Authentication, see [Combined security information registration overview](concept-registration-mfa-sspr-combined.md).
diff --git a/articles/active-directory/authentication/howto-sspr-windows.md b/articles/active-directory/authentication/howto-sspr-windows.md
@@ -87,7 +87,7 @@ Deploying the configuration change to enable SSPR from the login screen using In
 1. Under *Configuration settings*, select **Add** and provide the following OMA-URI setting to enable the reset password link:
       - Provide a meaningful name to explain what the setting is doing, such as *Add SSPR link*.
       - Optionally provide a meaningful description of the setting.
-      - **OMA-URI** set to `./Vendor/MSFT/Policy/Config/Authentication/AllowAadPasswordReset`
+      - **OMA-URI** set to `./Device/Vendor/MSFT/Policy/Config/Authentication/AllowAadPasswordReset`
       - **Data type** set to **Integer**
       - **Value** set to **1**
 
diff --git a/articles/active-directory/devices/manage-stale-devices.md b/articles/active-directory/devices/manage-stale-devices.md
@@ -75,7 +75,7 @@ In your cleanup policy, select accounts that have the required roles assigned.
 
 ### Timeframe
 
-Define a timeframe that is your indicator for a stale device. When defining your timeframe, factor the window noted for updating the activity timestamp into your value. For example, you shouldn't consider a timestamp that is younger than 21 days (includes variance) as an indicator for a stale device. There are scenarios that can make a device look like stale while it isn't. For example, the owner of the affected device can be on vacation or on a sick leave.  that exceeds your timeframe for stale devices.
+Define a timeframe that is your indicator for a stale device. When defining your timeframe, factor the window noted for updating the activity timestamp into your value. For example, you shouldn't consider a timestamp that is younger than 21 days (includes variance) as an indicator for a stale device. There are scenarios that can make a device look like stale while it isn't. For example, the owner of the affected device can be on vacation or on a sick leave that exceeds your timeframe for stale devices.
 
 ### Disable devices
 
diff --git a/articles/app-service/configure-common.md b/articles/app-service/configure-common.md
@@ -44,7 +44,7 @@ App settings are always encrypted when stored (encrypted-at-rest).
 
     ![Application Settings](./media/configure-common/open-ui.png)
 
-    By default, values for app settings are hidden in the portal for security. To see a hidden value of an app setting, click its **Value** field. To see the hidden values of all app settings, click the **Show value** button.
+    By default, values for app settings are hidden in the portal for security. To see a hidden value of an app setting, click its **Value** field. To see the hidden values of all app settings, click the **Show values** button.
 
 1. To add a new app setting, click **New application setting**. To edit a setting, click the **Edit** button on the right side.
 
diff --git a/articles/app-service/deploy-zip.md b/articles/app-service/deploy-zip.md
@@ -70,15 +70,15 @@ Publish-AzWebApp -ResourceGroupName Default-Web-WestUS -Name MyApp -ArchivePath
 The following example uses the cURL tool to deploy a ZIP package. Replace the placeholders `<username>`, `<zip-package-path>`, and `<app-name>`. When prompted by cURL, type in the [deployment password](deploy-configure-credentials.md).
 
 ```bash
-curl -X POST -u <username> --data-binary @"<zip-package-path>" https://<app-name>.scm.azurewebsites.net/api/publish?type=zip
+curl -X POST -u <username:password> --data-binary "@<zip-package-path>" https://<app-name>.scm.azurewebsites.net/api/publish?type=zip
 ```
 
 [!INCLUDE [deploying to network secured sites](../../includes/app-service-deploy-network-secured-sites.md)]
 
 The following example uses the `packageUri` parameter to specify the URL of an Azure Storage account that the web app should pull the ZIP from.
 
 ```bash
-curl -X POST -u <username> https://<app-name>.scm.azurewebsites.net/api/publish -d '{"packageUri": "https://storagesample.blob.core.windows.net/sample-container/myapp.zip?sv=2021-10-01&sb&sig=slk22f3UrS823n4kSh8Skjpa7Naj4CG3"}'
+curl -X POST -u <username:password> https://<app-name>.scm.azurewebsites.net/api/publish -d '{"packageUri": "https://storagesample.blob.core.windows.net/sample-container/myapp.zip?sv=2021-10-01&sb&sig=slk22f3UrS823n4kSh8Skjpa7Naj4CG3"}'
 ```
 
 # [Kudu UI](#tab/kudu-ui)
diff --git a/articles/app-service/includes/tutorial-dotnetcore-sqldb-app/azure-portal-sql-db-create-07.md b/articles/app-service/includes/tutorial-dotnetcore-sqldb-app/azure-portal-sql-db-create-07.md
@@ -6,12 +6,12 @@ ms.date: 02/03/2022
 ---
 
 On the **Create Database** page, fill out the form as follows.
-1. **Resource Group** - choose the **ms-docs-core-sql-tutorial** group you created earlier.
+1. **Resource Group** - choose the **msdocs-core-sql** group you created earlier.
 
 1. **Database name** - enter a value of *coreDb*.
 
 1. **Server** - select the **coredbserverXYZ** you created earlier.  
 
 1. Leave the rest of the settings at their default, and then select **Review + create**.
 
-1. Select the **Create** button once Azure validates your settings. Provisioning the database may take a few minutes.
+1. Select the **Create** button once Azure validates your settings. Provisioning the database may take a few minutes.
diff --git a/articles/app-service/includes/tutorial-dotnetcore-sqldb-app/visual-studio-deploy-app-service-02.md b/articles/app-service/includes/tutorial-dotnetcore-sqldb-app/visual-studio-deploy-app-service-02.md
@@ -5,4 +5,4 @@ ms.topic: include
 ms.date: 02/03/2022
 ---
 
-Select **Azure App Service (Linux)** as the host of your app and then select **Next**.
+Select **Azure App Service (Windows)** as the host of your app and then select **Next**.
diff --git a/articles/app-service/quickstart-php.md b/articles/app-service/quickstart-php.md
@@ -89,7 +89,7 @@ To complete this quickstart:
     In the following example, replace `<app-name>` with a globally unique app name (valid characters are `a-z`, `0-9`, and `-`). The runtime is set to `PHP|7.4`. To see all supported runtimes, run [`az webapp list-runtimes`](/cli/azure/webapp#az-webapp-list-runtimes).
 
     ```azurecli-interactive
-    az webapp create --resource-group myResourceGroup --plan myAppServicePlan --name <app-name> --runtime 'PHP|7.4' --deployment-local-git
+    az webapp create --resource-group myResourceGroup --plan myAppServicePlan --name <app-name> --runtime 'PHP:8.0' --deployment-local-git
     ```
     
     When the web app has been created, the Azure CLI shows output similar to the following example:
diff --git a/articles/app-service/tutorial-dotnetcore-sqldb-app.md b/articles/app-service/tutorial-dotnetcore-sqldb-app.md
@@ -226,7 +226,7 @@ In the Azure portal:
 Run the [az sql server firewall-rule create](/cli/azure/sql/server/firewall-rule#az-sql-server-firewall-rule-create) command to add a firewall rule to your SQL Server instance.
 
 ```azurecli-interactive
-az sql server firewall-rule create -resource-group msdocs-core-sql --server <yoursqlserver> --name LocalAccess --start-ip-address <your-ip> --end-ip-address <your-ip>
+az sql server firewall-rule create --resource-group msdocs-core-sql --server <yoursqlserver> --name LocalAccess --start-ip-address <your-ip> --end-ip-address <your-ip>
 ```
 
 ---
diff --git a/articles/applied-ai-services/form-recognizer/quickstarts/try-sample-label-tool.md b/articles/applied-ai-services/form-recognizer/quickstarts/try-sample-label-tool.md
@@ -105,7 +105,7 @@ Azure the Form Recognizer Layout API extracts text, tables, selection marks, and
 
 1. In the **API key** field, paste  the subscription key you obtained from your Form Recognizer resource.
 
-1. In the **Source: URL** field, paste paste the following URL `https://raw.githubusercontent.com/Azure-Samples/cognitive-services-REST-api-samples/master/curl/form-recognizer/layout-page-001.jpg`  and select the **Fetch** button.
+1. In the **Source: URL** field, paste the following URL `https://raw.githubusercontent.com/Azure-Samples/cognitive-services-REST-api-samples/master/curl/form-recognizer/layout-page-001.jpg`  and select the **Fetch** button.
 
 1. Select **Run Layout**. The Form Recognizer Sample Labeling tool will call the Analyze Layout API and analyze the document.
 
diff --git a/articles/azure-functions/functions-how-to-github-actions.md b/articles/azure-functions/functions-how-to-github-actions.md
@@ -95,7 +95,7 @@ The following example shows the part of the workflow that sets up the environmen
 
 ```yaml
 
-    - name: Setup Node 12.x Environment
+    - name: Setup Node 14.x Environment
       uses: actions/setup-node@v2
       with:
         node-version: 14.x
@@ -373,7 +373,7 @@ on:
 env:
   AZURE_FUNCTIONAPP_NAME: your-app-name    # set this to your application's name
   AZURE_FUNCTIONAPP_PACKAGE_PATH: '.'      # set this to the path to your web app project, defaults to the repository root
-  NODE_VERSION: '12.x'                     # set this to the node version to use (supports 8.x, 10.x, 12.x)
+  NODE_VERSION: '14.x'                     # set this to the node version to use (supports 8.x, 10.x, 12.x, 14.x)
 
 jobs:
   build-and-deploy:
@@ -415,7 +415,7 @@ on:
 env:
   AZURE_FUNCTIONAPP_NAME: your-app-name    # set this to your application's name
   AZURE_FUNCTIONAPP_PACKAGE_PATH: '.'      # set this to the path to your web app project, defaults to the repository root
-  NODE_VERSION: '10.x'                     # set this to the node version to use (supports 8.x, 10.x, 12.x)
+  NODE_VERSION: '14.x'                     # set this to the node version to use (supports 8.x, 10.x, 12.x, 14.x)
 
 jobs:
   build-and-deploy:
diff --git a/articles/cognitive-services/language-service/question-answering/includes/sdk-python.md b/articles/cognitive-services/language-service/question-answering/includes/sdk-python.md
@@ -27,6 +27,7 @@ Use this quickstart for the question answering client library for Python to:
 * [Python 3.x](https://www.python.org/)
 * Question answering, requires a [Language resource](https://portal.azure.com/?quickstart=true#create/Microsoft.CognitiveServicesTextAnalytics) with the custom question answering feature enabled to generate an API key and endpoint.
 	* After your Language resource deploys, select **Go to resource**. You will need the key and endpoint from the resource you create to connect to the API. Paste your key and endpoint into the code below later in the quickstart.
+* To create a Language resource with [Azure CLI](/articles/cognitive-services/cognitive-services-apis-create-account-cli.md) provide the following additional properties during resource creation configure Custom Question Answering  with your Language resource `--api-properties qnaAzureSearchEndpointId=/subscriptions/<azure-subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.Search/searchServices/<azure-search-service-name> qnaAzureSearchEndpointKey=<azure-search-service-auth-key>`
 * An existing knowledge base to query. If you have not setup a knowledge base, you can follow the instructions in the [**Language Studio quickstart**](../quickstart/sdk.md). Or add a knowledge base that uses this [Surface User Guide URL](https://download.microsoft.com/download/7/B/1/7B10C82E-F520-4080-8516-5CF0D803EEE0/surface-book-user-guide-EN.pdf) as a data source.
 
 ## Setting up
@@ -174,4 +175,4 @@ A: Power and charging. It takes two to four hours to charge the Surface Pro 4 ba
 Confidence Score: 0.9254655838012695
 ```
 
-In this case, we iterate through all responses and only return the response with the highest confidence score that is greater than 0.9. To understand more about the options available with [get_answers_from_text](https://azuresdkdocs.blob.core.windows.net/$web/python/azure-ai-language-questionanswering/1.0.0/azure.ai.language.questionanswering.html#azure.ai.language.questionanswering.QuestionAnsweringClient.get-answers-from-text), review the [AnswersFromTextOptions parameters](https://azuresdkdocs.blob.core.windows.net/$web/python/azure-ai-language-questionanswering/1.0.0/azure.ai.language.questionanswering.models.html#azure.ai.language.questionanswering.models.AnswersFromTextOptions).
+In this case, we iterate through all responses and only return the response with the highest confidence score that is greater than 0.9. To understand more about the options available with [get_answers_from_text](https://azuresdkdocs.blob.core.windows.net/$web/python/azure-ai-language-questionanswering/1.0.0/azure.ai.language.questionanswering.html#azure.ai.language.questionanswering.QuestionAnsweringClient.get-answers-from-text), review the [AnswersFromTextOptions parameters](https://azuresdkdocs.blob.core.windows.net/$web/python/azure-ai-language-questionanswering/1.0.0/azure.ai.language.questionanswering.models.html#azure.ai.language.questionanswering.models.AnswersFromTextOptions).
diff --git a/articles/static-web-apps/deploy-blazor.md b/articles/static-web-apps/deploy-blazor.md
@@ -100,7 +100,7 @@ Now that the repository is created, create a static web app from the Azure porta
 
 1. Select the **Review + Create** button to verify the details are all correct.
 
-1. Select **Create** to start the creation of the App Service Static Web App and provision a GitHub Action for deployment.
+1. Select **Create** to start the creation of the App Service Static Web App and provision a GitHub Actions for deployment.
 
 1. Once the deployment completes click, **Go to resource**.
 
diff --git a/articles/static-web-apps/deploy-nextjs.md b/articles/static-web-apps/deploy-nextjs.md
@@ -105,7 +105,7 @@ The following steps show how to link your app to Azure Static Web Apps. Once in
 
 1. Select the **Review + Create** button to verify the details are all correct.
 
-1. Select **Create** to start the creation of the App Service Static Web App and provision a GitHub Action for deployment.
+1. Select **Create** to start the creation of the App Service Static Web App and provision a GitHub Actions for deployment.
 
 1. Once the deployment completes select, **Go to resource**.
 
diff --git a/articles/static-web-apps/deploy-nuxtjs.md b/articles/static-web-apps/deploy-nuxtjs.md
@@ -127,7 +127,7 @@ The following steps show how to link the app you just pushed to GitHub to Azure
 
 1. Select the **Review + Create** button to verify the details are all correct.
 
-1. Select **Create** to start the creation of the App Service Static Web App and provision a GitHub Action for deployment.
+1. Select **Create** to start the creation of the App Service Static Web App and provision a GitHub Actions for deployment.
 
 1. Once the deployment completes click, **Go to resource**.
 
diff --git a/articles/static-web-apps/get-started-portal.md b/articles/static-web-apps/get-started-portal.md
@@ -14,10 +14,9 @@ ms.custom: mode-ui
 
 Azure Static Web Apps publishes a website to a production environment by building apps from a GitHub repository. In this quickstart, you deploy a web application to Azure Static Web apps using the Azure portal.
 
-If you don't have an Azure subscription, [create a free trial account](https://azure.microsoft.com/free).
-
 ## Prerequisites
 
+- If you don't have an Azure subscription, [create a free trial account](https://azure.microsoft.com/free).
 - [GitHub](https://github.com) account
 - [Azure](https://portal.azure.com) account
 
diff --git a/articles/static-web-apps/publish-jekyll.md b/articles/static-web-apps/publish-jekyll.md
diff --git a/articles/virtual-machines/linux/endorsed-distros.md b/articles/virtual-machines/linux/endorsed-distros.md
