Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into lboutboundrulesposh

Author: asudbring

articles/active-directory/manage-apps/access-panel-deployment-plan.md

@@ -49,6 +49,10 @@
               href: api-management-howto-policies.md
             - name: Policy reference index
               href: api-management-policies.md
+      - name: Security
+        items:
+            - name: Built-in security controls
+              href: api-management-security-controls.md
       - name: Subscriptions
         href: api-management-subscriptions.md
       - name: Manage using automation
@@ -57,8 +61,7 @@
         href: api-management-error-handling-policies.md
       - name: API import restrictions
         href: api-management-api-import-restrictions.md
-      - name: Built-in security controls
-        href: api-management-security-controls.md
+
 - name: How-to guides
   items:
       - name: Define APIs

articles/api-management/TOC.yml

@@ -2,13 +2,12 @@
 title: Security controls for Azure API Management
 description: A checklist of security controls for evaluating API Management
 services: api-management
-author: msmbaldwin
-manager: rkarlin
+author: vladvino
 ms.service: api-management
 
 ms.topic: conceptual
-ms.date: 09/04/2019
-ms.author: mbaldwin
+ms.date: 09/23/2019
+ms.author: vlvinogr
 
 ---
 # Security controls for API Management
@@ -19,44 +18,45 @@ This article documents the security controls built into API Management.
 
 ## Network
 
-| Security control | Yes/No | Notes |
-|---|---|--|
-| Service endpoint support| No | |
-| VNet injection support| Yes | |
-| Network isolation and firewalling support| Yes | Using networking security groups (NSG) and Azure Application Gateway (or other software appliance) respectively. |
-| Forced tunneling support| Yes | Azure networking provides forced tunneling. |
+| Security control | Yes/No | Notes | Documentation |
+|---|---|--|--|
+| Service endpoint support| No | |  |
+| VNet injection support| Yes | |  |
+| Network isolation and firewalling support| Yes | Using networking security groups (NSG) and Azure Application Gateway (or other software appliance) respectively. |  |
+| Forced tunneling support| Yes | Azure networking provides forced tunneling. |  |
 
 ## Monitoring & logging
 
-| Security control | Yes/No | Notes|
-|---|---|--|
-| Azure monitoring support (Log analytics, App insights, etc.)| Yes | |
-| Control and management plane logging and audit| Yes | [Azure Monitor activity logs](../azure-monitor/platform/activity-logs-overview.md) |
-| Data plane logging and audit| Yes | [Azure Monitor diagnostic logs](../azure-monitor/platform/resource-logs-overview.md) and (optionally) [Azure Application Insights](../azure-monitor/app/app-insights-overview.md).  |
+| Security control | Yes/No | Notes| Documentation |
+|---|---|--|--|
+| Azure monitoring support (Log analytics, App insights, etc.)| Yes | | |
+| Control and management plane logging and audit| Yes | [Azure Monitor activity logs](../azure-monitor/platform/activity-logs-overview.md) | |
+| Data plane logging and audit| Yes | [Azure Monitor diagnostic logs](../azure-monitor/platform/resource-logs-overview.md) and (optionally) [Azure Application Insights](../azure-monitor/app/app-insights-overview.md).  | |
+
 
 ## Identity
 
-| Security control | Yes/No | Notes|
-|---|---|--|
-| Authentication| Yes | |
-| Authorization| Yes | |
+| Security control | Yes/No | Notes| Documentation |
+|---|---|--|--|
+| Authentication| Yes | |  |
+| Authorization| Yes | |  |
 
 ## Data protection
 
-| Security control | Yes/No | Notes |
-|---|---|--|
-| Server-side encryption at rest: Microsoft-managed keys | Yes | Sensitive data such as certificates, keys, and secret-named values are encrypted with service-managed, per service instance keys. |
-| Server-side encryption at rest: customer-managed keys (BYOK) | No | All encryption keys are per service instance and are service managed. |
-| Column level encryption (Azure Data Services)| N/A | |
-| Encryption in transit (such as ExpressRoute encryption, in VNet encryption, and VNet-VNet encryption)| Yes | [Express Route](../expressroute/index.yml) and VNet encryption is provided by [Azure networking](../virtual-network/index.yml). |
-| API calls encrypted| Yes | Management plane calls are made through [Azure Resource Manager](../azure-resource-manager/index.yml) over TLS. A valid JSON web token (JWT) is required.  Data plane calls can be secured with TLS and one of supported authentication mechanisms (for example, client certificate or JWT).
+| Security control | Yes/No | Notes | Documentation |
+|---|---|--|--|
+| Server-side encryption at rest: Microsoft-managed keys | Yes | Sensitive data such as certificates, keys, and secret-named values are encrypted with service-managed, per service instance keys. |  |
+| Server-side encryption at rest: customer-managed keys (BYOK) | No | All encryption keys are per service instance and are service managed. |  |
+| Column level encryption (Azure Data Services)| N/A | |  |
+| Encryption in transit (such as ExpressRoute encryption, in VNet encryption, and VNet-VNet encryption)| Yes | [Express Route](../expressroute/index.yml) and VNet encryption is provided by [Azure networking](../virtual-network/index.yml). |  |
+| API calls encrypted| Yes | Management plane calls are made through [Azure Resource Manager](../azure-resource-manager/index.yml) over TLS. A valid JSON web token (JWT) is required.  Data plane calls can be secured with TLS and one of supported authentication mechanisms (for example, client certificate or JWT). |   |
  |
 
 ## Configuration management
 
-| Security control | Yes/No | Notes|
-|---|---|--|
-| Configuration management support (versioning of configuration, etc.)| Yes | Using the [Azure API Management DevOps Resource Kit](https://aka.ms/apimdevops) |
+| Security control | Yes/No | Notes| Documentation |
+|---|---|--|--|
+| Configuration management support (versioning of configuration, etc.)| Yes | Using the [Azure API Management DevOps Resource Kit](https://aka.ms/apimdevops) |  |
 
 ## Vulnerability scans false positives
 

articles/api-management/api-management-security-controls.md

@@ -4,13 +4,13 @@ description: Describes Azure HPC Cache, a file access accelerator solution for h
 author: ekpgh
 ms.service: hpc-cache
 ms.topic: overview
-ms.date: 09/19/2019
+ms.date: 09/24/2019
 ms.author: v-erkell
 ---
 
 # What is Azure HPC Cache? (Preview)
 
-Azure HPC Cache speeds access to your data for high-performance computing (HPC) tasks. By caching files in Azure, it makes the scalability of cloud computing available even for workflows where your data is stored across WAN links, such as in your local datacenter network-attached storage (NAS) environment.
+Azure HPC Cache speeds access to your data for high-performance computing (HPC) tasks. By caching files in Azure, Azure HPC Cache brings the scalability of cloud computing to your existing workflow. This service can be used even for workflows where your data is stored across WAN links, such as in your local datacenter network-attached storage (NAS) environment.
 
 Azure HPC Cache is easy to launch and monitor from the Azure portal. Existing NFS storage or new Blob containers can become part of its aggregated namespace, which makes client access simple even if you change the back-end storage target.
 
@@ -32,13 +32,13 @@ In media and entertainment, Azure HPC Cache can speed up data access for time-cr
 
 Many life sciences workflows can benefit from scale-out file caching.
 
-A research institute that wants to port its genomic analysis workflows into Azure can easily shift them by using Azure HPC Cache. Because the cache provides POSIX file access, they can run their existing client-side workflow in the cloud without any changes.
+A research institute that wants to port its genomic analysis workflows into Azure can easily shift them by using Azure HPC Cache. Because the cache provides POSIX file access, no client-side changes are needed to run their existing client workflow in the cloud.
 
 Azure HPC Cache also can be leveraged to improve efficiency in tasks like secondary analysis, pharmacological simulation, or AI-driven image analysis.
 
 ### Financial services analytics
 
-An Azure HPC Cache can help speed up quantitative analysis calculations, risk analysis workloads, and Monte Carlo simulations to give financial services companies better insight to make strategic decisions.
+An Azure HPC Cache deployment can help speed up quantitative analysis calculations, risk analysis workloads, and Monte Carlo simulations to give financial services companies better insight to make strategic decisions.
 
 ## Region availability
 
@@ -55,7 +55,7 @@ Check the [Azure HPC Cache product page](https://azure.microsoft.com/services/hp
 
 ## Preview availability
 
-The Azure HPC Cache public preview is restricted to ensure service quality. Request access by filling out [this form](https://aka.ms/onboard-hpc-cache). After your subscription is added to the access list you can create test caches.
+The Azure HPC Cache public preview is restricted to ensure service quality. Request access by filling out [this form](https://aka.ms/onboard-hpc-cache). After your subscription is added to the access list, you can create test caches.
 
 ## Next steps
 

articles/hpc-cache/hpc-cache-overview.md

@@ -11,7 +11,7 @@ metadata:
   ms.collection: collection
   author: ekpgh
   ms.author: v-erkell
-  ms.date: 08/30/2019
+  ms.date: 09/24/2019
 
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
 
@@ -36,13 +36,15 @@ landingContent:
           - text: Create the cache 
             url: hpc-cache-create.md
           - text: Add storage  # where to put the ingest articles? collapsible heading??
-            url: hpc-cache-add-storage.md    
+            url: hpc-cache-add-storage.md
           - text: Mount clients
             url: hpc-cache-mount.md
       - linkListType: concept
         links:
           - text: Plan the aggregated namespace
             url: hpc-cache-namespace.md
+          - text: Move data to storage targets (if needed)
+            url: hpc-cache-ingest.md
 
   # Card
   - title: Troubleshoot 

articles/hpc-cache/index.yml

@@ -21,7 +21,7 @@
     items: 
     - name: Add storage targets
       href: hpc-cache-add-storage.md
-    - name: Move data to cache storage
+    - name: Move data to storage targets (if needed)
       items:
       - name: Preload new Blob storage
         href: hpc-cache-ingest.md

articles/hpc-cache/toc.yml

@@ -21,9 +21,9 @@ The following sections explore three techniques for indexing large amounts of da
 
 ## Option 1: Pass multiple documents
 
-One of the simplest mechanisms for indexing a larger data set is to submit multiple documents or records in a single request. As long as the entire payload is under 16 MB, a request can handle up to 1000 documents in a bulk upload operation. These limits apply whether you are using the [Add Documents (REST)](https://docs.microsoft.com/rest/api/searchservice/addupdate-or-delete-documents) or [Index class](https://docs.microsoft.com/dotnet/api/microsoft.azure.search.models.index?view=azure-dotnet) in the .NET SDK. For either API, you would package 1000 documents in the body of each request.
+One of the simplest mechanisms for indexing a larger data set is to submit multiple documents or records in a single request. As long as the entire payload is under 16 MB, a request can handle up to 1000 documents in a bulk upload operation. These limits apply whether you are using the [Add Documents REST API](https://docs.microsoft.com/rest/api/searchservice/addupdate-or-delete-documents) or the [Index method](https://docs.microsoft.com/dotnet/api/microsoft.azure.search.documentsoperationsextensions.index?view=azure-dotnet) in the .NET SDK. For either API, you would package 1000 documents in the body of each request.
 
-Batch indexing is implemented for individual requests using REST or .NET, or through indexers. A few indexers operate under different limits. Specifically, Azure Blob indexing sets batch size at 10 documents in recognition of the larger average document size. For indexers based on the [Create Indexer (REST)](https://docs.microsoft.com/rest/api/searchservice/Create-Indexer ), you can set the `BatchSize` argument to customize this setting to better match the characteristics of your data. 
+Batch indexing is implemented for individual requests using REST or .NET, or through indexers. A few indexers operate under different limits. Specifically, Azure Blob indexing sets batch size at 10 documents in recognition of the larger average document size. For indexers based on the [Create Indexer REST API](https://docs.microsoft.com/rest/api/searchservice/Create-Indexer), you can set the `BatchSize` argument to customize this setting to better match the characteristics of your data. 
 
 > [!NOTE]
 > To keep document size down, avoid adding non-queryable data to an index. Images and other binary data are not directly searchable and shouldn't be stored in the index. To integrate non-queryable data into search results, you should define a non-searchable field that stores a URL reference to the resource.
@@ -40,7 +40,7 @@ Increasing replicas and partitions are billable events that increase your cost,
 
 + Schedulers allow you to parcel out indexing at regular intervals so that you can spread it out over time.
 + Scheduled indexing can resume at the last known stopping point. If a data source is not fully crawled within a 24-hour window, the indexer will resume indexing on day two at wherever it left off.
-+ Partitioning data into smaller individual data sources enables parallel processing. You can break a large data set into smaller data sets on your source data platform (such as Azure Blob storage or Azure SQL Database), and then create multiple [data source objects](https://docs.microsoft.com/rest/api/searchservice/create-data-source) on Azure Search that can be indexed in parallel.
++ Partitioning data into smaller individual data sources enables parallel processing. You can break up source data into smaller components, such as into multiple containers in Azure Blob storage, and then create corresponding, multiple [data source objects](https://docs.microsoft.com/rest/api/searchservice/create-data-source) in Azure Search that can be indexed in parallel.
 
 > [!NOTE]
 > Indexers are data-source-specific, so using an indexer approach is only viable for selected data sources on Azure: [SQL Database](search-howto-connecting-azure-sql-database-to-azure-search-using-indexers.md), [Blob storage](search-howto-indexing-azure-blob-storage.md), [Table storage](search-howto-indexing-azure-tables.md), [Cosmos DB](search-howto-index-cosmosdb.md).

articles/search/search-howto-large-index.md

@@ -14,7 +14,7 @@ ms.devlang: na
 ms.topic: article
 ms.tgt_pltfrm: na
 ms.workload: na
-ms.date: 09/10/2019
+ms.date: 09/24/2019
 ms.author: barclayn
 
 ---
@@ -258,7 +258,7 @@ Client-side encryption of Azure SQL Database data is supported through the [Alwa
 |----------------------------------|--------------------|-----------------------------------------|--------------------|
 |                                  | **Server-Side Using Service-Managed Key**     | **Server-Side Using Customer-Managed Key**             | **Client-Side Using Client-Managed**      |
 | **AI and Machine Learning**      |                    |                    |                    |
-| Azure Search                     | Yes                | -                  | -                  |
+| Azure Search                     | Yes                | Preview            | -                  |
 | Azure Machine Learning Service   | Yes                | -                  | -                  |
 | Azure Machine Learning Studio    | Yes                | Preview, RSA 2048-bit | -               |
 | Power BI                         | Yes                | Preview, RSA 2048-bit | -                  |

articles/security/fundamentals/encryption-atrest.md

@@ -3,8 +3,7 @@ title: Azure PowerShell Script Sample - Migrate blobs across storage accounts us
 description: Using AzCopy, copies the Blob contents of one Azure Storage Account to another.
 services: storage
 documentationcenter: na
-author: roygara
-manager: jeconnoc
+author: normesta
 
 ms.custom: mvc
 ms.service: storage
@@ -13,7 +12,7 @@ ms.tgt_pltfrm: na
 ms.devlang: azurecli
 ms.topic: sample
 ms.date: 02/01/2018
-ms.author: rogarana
+ms.author: normesta
 ---
 
 # Migrate blobs across storage accounts using AzCopy on Windows