Merge pull request #218717 from MicrosoftDocs/main

Merge main to live, 4AM

Author: v-ccolin

.openpublishing.redirection.json

@@ -1,5 +1,10 @@
 {
     "redirections": [
+        {
+            "source_path_from_root": "/articles/backup/backup-center-community.md",
+            "redirect_url": "/azure/backup/backup-center-overview",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/api-management/developer-portal-widget-contribution-guidelines.md",
             "redirect_url": "/azure/api-management/developer-portal-extend-custom-functionality",
@@ -7018,6 +7023,11 @@
             "redirect_url": "/azure/azure-functions/functions-event-grid-blob-trigger",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/azure-monitor/app/azure-functions-supported-features.md",
+            "redirect_url": "/azure/azure-functions/functions-monitoring",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/azure-government/documentation-government-k8.md",
             "redirect_url": "/azure/azure-government",

articles/active-directory-b2c/service-limits.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
 ms.author: kengaderdus
-ms.date: 10/27/2022
+ms.date: 11/14/2022
 ms.subservice: B2C
 zone_pivot_groups: b2c-policy-type
 ---
@@ -168,7 +168,7 @@ The following table lists the administrative configuration limits in the Azure A
 |Levels of [inheritance](custom-policy-overview.md#inheritance-model) in custom policies     |10         |
 |Number of policies per Azure AD B2C tenant (user flows + custom policies)     |200          |
 |Maximum policy file size      |1024 KB          |
-|Number of API connectors per tenant     |19         |
+|Number of API connectors per tenant     |20         |
 
 <sup>1</sup> See also [Azure AD service limits and restrictions](../active-directory/enterprise-users/directory-service-limits-restrictions.md).
 

articles/active-directory/fundamentals/how-to-manage-groups.md

@@ -157,7 +157,7 @@ We currently don't support:
 
 1.  Locate the group you want your group to be a member of and choose **Select**. 
 
-    For this exercise, we're adding "MDM policy - West" to the "MDM policy - All org" group, so "MDM - policy - West" inherits all the properties and configurations of the "MDM policy - All org" group.
+    For this exercise, we're adding "MDM policy - West" to the "MDM policy - All org" group. The "MDM - policy - West" group will have the same access as the "MDM policy - All org" group.
 
     ![Screenshot of making a group the member of another group with 'Group membership' from the side menu and 'Add membership' option highlighted.](media/how-to-manage-groups/nested-groups-selected.png)
 
@@ -166,7 +166,7 @@ Now you can review the "MDM policy - West - Group memberships" page to see the g
 For a more detailed view of the group and member relationship, select the parent group name (MDM policy - All org) and take a look at the "MDM policy - West" page details.
 
 ### Remove a group from another group
-You can remove an existing Security group from another Security group; however, removing the group also removes any inherited settings for its members.
+You can remove an existing Security group from another Security group; however, removing the group also removes any inherited access for its members.
 
 1. On the **Groups - All groups** page, search for and select the group you need to remove as a member of another group.
 

articles/active-directory/hybrid/how-to-connect-configure-ad-ds-connector-account.md

@@ -285,7 +285,7 @@ For Example:
 
 ``` powershell
 $credential = Get-Credential 
-Set-ADSyncRestrictedPermissions -ADConnectorAccountDN 'CN=ADConnectorAccount,CN=Users,DC=Contoso,DC=com' -Credential $credential  
+Set-ADSyncRestrictedPermissions -ADConnectorAccountDN 'CN=ADConnectorAccount,OU=Users,DC=Contoso,DC=com' -Credential $credential  
 ```
 
 This cmdlet will set the following permissions: 

articles/aks/cluster-container-registry-integration.md

@@ -2,78 +2,94 @@
 title: Integrate Azure Container Registry with Azure Kubernetes Service
 description: Learn how to integrate Azure Kubernetes Service (AKS) with Azure Container Registry (ACR)
 services: container-service
-manager: gwallace
 ms.topic: article
-ms.date: 06/10/2021
+ms.date: 11/16/2022
 ms.tool: azure-cli, azure-powershell
 ms.devlang: azurecli
 ---
 
 # Authenticate with Azure Container Registry from Azure Kubernetes Service
 
-When you're using Azure Container Registry (ACR) with Azure Kubernetes Service (AKS), an authentication mechanism needs to be established. This operation is implemented as part of the CLI, PowerShell, and Portal experience by granting the required permissions to your ACR. This article provides examples for configuring authentication between these two Azure services.
+You need to establish an authentication mechanism when using [Azure Container Registry (ACR)][acr-intro] with Azure Kubernetes Service (AKS). This operation is implemented as part of the Azure CLI, Azure PowerShell, and Azure portal experiences by granting the required permissions to your ACR. This article provides examples for configuring authentication between these Azure services.
 
-You can set up the AKS to ACR integration in a few simple commands with the Azure CLI or Azure PowerShell. This integration assigns the AcrPull role to the managed identity associated to the AKS Cluster.
+You can set up the AKS to ACR integration in a few steps using the Azure CLI, Azure PowerShell, or Azure portal. The AKS to ACR integration assigns the [**AcrPull** role][acr-pull] to the [Azure Active Directory (Azure AD) **managed identity**][aad-identity] associated with your AKS cluster.
 
 > [!NOTE]
-> This article covers automatic authentication between AKS and ACR. If you need to pull an image from a private external registry, use an [image pull secret][Image Pull Secret].
+> This article covers automatic authentication between AKS and ACR. If you need to pull an image from a private external registry, use an [image pull secret][image-pull-secret].
 
 ## Before you begin
 
-These examples require:
+* You need to have the [**Owner**][rbac-owner], [**Azure account administrator**][rbac-classic], or [**Azure co-administrator**][rbac-classic] role on your **Azure subscription**.
+  * To avoid needing one of these roles, you can instead use an existing managed identity to authenticate ACR from AKS. For more information, see [Use an Azure managed identity to authenticate to an ACR](../container-registry/container-registry-authentication-managed-identity.md).
+* If you're using Azure CLI, this article requires that you're running Azure CLI version 2.7.0 or later. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI][azure-cli-install].
+* If you're using Azure PowerShell, this article requires that you're running Azure PowerShell version 5.9.0 or later. Run `Get-InstalledModule -Name Az` to find the version. If you need to install or upgrade, see [Install Azure PowerShell][azure-powershell-install].
 
-### [Azure CLI](#tab/azure-cli)
+## Create a new AKS cluster with ACR integration
 
-* **Owner**, **Azure account administrator**, or **Azure co-administrator** role on the **Azure subscription**
-* Azure CLI version 2.7.0 or later
+You can set up AKS and ACR integration during the creation of your AKS cluster. To allow an AKS cluster to interact with ACR, an Azure AD managed identity is used.
 
-### [Azure PowerShell](#tab/azure-powershell)
+### Create an ACR
 
-* **Owner**, **Azure account administrator**, or **Azure co-administrator** role on the **Azure subscription**
-* Azure PowerShell version 5.9.0 or later
+If you don't already have an ACR, create one using the following command.
 
----
+#### [Azure CLI](#tab/azure-cli)
 
-To avoid needing an **Owner**, **Azure account administrator**, or **Azure co-administrator** role, you can use an existing managed identity to authenticate ACR from AKS. For more information, see [Use an Azure managed identity to authenticate to an Azure container registry](../container-registry/container-registry-authentication-managed-identity.md).
+```azurecli
+# Set this variable to the name of your ACR. The name must be globally unique.
 
-## Create a new AKS cluster with ACR integration
+MYACR=myContainerRegistry
 
-You can set up AKS and ACR integration during the initial creation of your AKS cluster.  To allow an AKS cluster to interact with ACR, an Azure Active Directory **managed identity** is used. The following command allows you to authorize an existing ACR in your subscription and configures the appropriate **ACRPull** role for the managed identity. Supply valid values for your parameters below.
+az acr create -n $MYACR -g myContainerRegistryResourceGroup --sku basic
+```
 
-### [Azure CLI](#tab/azure-cli)
+#### [Azure PowerShell](#tab/azure-powershell)
+
+```azurepowershell
+# Set this variable to the name of your ACR. The name must be globally unique.
+
+$MYACR = 'myContainerRegistry'
+
+New-AzContainerRegistry -Name $MYACR -ResourceGroupName myContainerRegistryResourceGroup -Sku Basic
+```
+
+---
+
+### Create a new AKS cluster and integrate with an existing ACR
+
+If you already have an ACR, use the following command to create a new AKS cluster with ACR integration. This command allows you to authorize an existing ACR in your subscription and configures the appropriate **AcrPull** role for the managed identity. Supply valid values for your parameters below.
+
+#### [Azure CLI](#tab/azure-cli)
 
 ```azurecli
-# set this to the name of your Azure Container Registry.  It must be globally unique
+# Set this variable to the name of your ACR. The name must be globally unique.
+
 MYACR=myContainerRegistry
 
-# Run the following line to create an Azure Container Registry if you do not already have one
-az acr create -n $MYACR -g myContainerRegistryResourceGroup --sku basic
+# Create an AKS cluster with ACR integration.
 
-# Create an AKS cluster with ACR integration
 az aks create -n myAKSCluster -g myResourceGroup --generate-ssh-keys --attach-acr $MYACR
 ```
 
-Alternatively, you can specify the ACR name using an ACR resource ID, which has the following format:
+Alternatively, you can specify the ACR name using an ACR resource ID using the following format:
 
 `/subscriptions/\<subscription-id\>/resourceGroups/\<resource-group-name\>/providers/Microsoft.ContainerRegistry/registries/\<name\>`
 
 > [!NOTE]
-> If you are using an ACR that is located in a different subscription from your AKS cluster, use the ACR resource ID when attaching or detaching from an AKS cluster.
-
-```azurecli
-az aks create -n myAKSCluster -g myResourceGroup --generate-ssh-keys --attach-acr /subscriptions/<subscription-id>/resourceGroups/myContainerRegistryResourceGroup/providers/Microsoft.ContainerRegistry/registries/myContainerRegistry
-```
+> If you're using an ACR located in a different subscription from your AKS cluster, use the ACR *resource ID* when attaching or detaching from the cluster.
+>
+> ```azurecli
+> az aks create -n myAKSCluster -g myResourceGroup --generate-ssh-keys --attach-acr /subscriptions/<subscription-id>/resourceGroups/myContainerRegistryResourceGroup/providers/Microsoft.ContainerRegistry/registries/myContainerRegistry
+> ```
 
-### [Azure PowerShell](#tab/azure-powershell)
+#### [Azure PowerShell](#tab/azure-powershell)
 
 ```azurepowershell
-# set this to the name of your Azure Container Registry.  It must be globally unique
+# Set this variable to the name of your ACR. The name must be globally unique.
+
 $MYACR = 'myContainerRegistry'
 
-# Run the following line to create an Azure Container Registry if you do not already have one
-New-AzContainerRegistry -Name $MYACR -ResourceGroupName myContainerRegistryResourceGroup -Sku Basic
+# Create an AKS cluster with ACR integration.
 
-# Create an AKS cluster with ACR integration
 New-AzAksCluster -Name myAKSCluster -ResourceGroupName myResourceGroup -GenerateSshKey -AcrNameToAttach $MYACR
 ```
 
@@ -83,47 +99,53 @@ This step may take several minutes to complete.
 
 ## Configure ACR integration for existing AKS clusters
 
-### [Azure CLI](#tab/azure-cli)
+### Attach an ACR to an AKS cluster
+
+#### [Azure CLI](#tab/azure-cli)
 
-Integrate an existing ACR with existing AKS clusters by supplying valid values for **acr-name** or **acr-resource-id** as below.
+Integrate an existing ACR with an existing AKS cluster using the [`--attach-acr` parameter][cli-param] and valid values for **acr-name** or **acr-resource-id**.
 
 ```azurecli
+# Attach using acr-name
 az aks update -n myAKSCluster -g myResourceGroup --attach-acr <acr-name>
-```
 
-or,
-
-```azurecli
+# Attach using acr-resource-id
 az aks update -n myAKSCluster -g myResourceGroup --attach-acr <acr-resource-id>
 ```
 
 > [!NOTE]
-> Running `az aks update --attach-acr` uses the permissions of the user running the command to create the role ACR assignment. This role is assigned to the kubelet managed identity. For more information on the AKS managed identities, see [Summary of managed identities][summary-msi].
+> The `az aks update --attach-acr` command uses the permissions of the user running the command to create the ACR role assignment. This role is assigned to the [kubelet][kubelet] managed identity. For more information on AKS managed identities, see [Summary of managed identities][summary-msi].
 
-You can also remove the integration between an ACR and an AKS cluster with the following
+#### [Azure PowerShell](#tab/azure-powershell)
 
-```azurecli
-az aks update -n myAKSCluster -g myResourceGroup --detach-acr <acr-name>
+Integrate an existing ACR with an existing AKS cluster using the [`-AcrNameToAttach` parameter][ps-attach] and valid values for **acr-name**.
+
+```azurepowershell
+Set-AzAksCluster -Name myAKSCluster -ResourceGroupName myResourceGroup -AcrNameToAttach <acr-name>
 ```
 
-or
+> [!NOTE]
+> Running the `Set-AzAksCluster -AcrNameToAttach` cmdlet uses the permissions of the user running the command to create the role ACR assignment. This role is assigned to the [kubelet][kubelet] managed identity. For more information on AKS managed identities, see [Summary of managed identities][summary-msi].
 
-```azurecli
-az aks update -n myAKSCluster -g myResourceGroup --detach-acr <acr-resource-id>
-```
+---
 
-### [Azure PowerShell](#tab/azure-powershell)
+### Detach an ACR from an AKS cluster
 
-Integrate an existing ACR with existing AKS clusters by supplying valid values for **acr-name** as below.
+#### [Azure CLI](#tab/azure-cli)
 
-```azurepowershell
-Set-AzAksCluster -Name myAKSCluster -ResourceGroupName myResourceGroup -AcrNameToAttach <acr-name>
+Remove the integration between an ACR and an AKS cluster using the [`--detach-acr` parameter][cli-param] and valid values for **acr-name** or **acr-resource-id**.
+
+```azurecli
+# Detach using acr-name
+az aks update -n myAKSCluster -g myResourceGroup --detach-acr <acr-name>
+
+# Detach using acr-resource-id
+az aks update -n myAKSCluster -g myResourceGroup --detach-acr <acr-resource-id>
 ```
 
-> [!NOTE]
-> Running `Set-AzAksCluster -AcrNameToAttach` uses the permissions of the user running the command to create the role ACR assignment. This role is assigned to the kubelet managed identity. For more information on the AKS managed identities, see [Summary of managed identities][summary-msi].
+#### [Azure PowerShell](#tab/azure-powershell)
 
-You can also remove the integration between an ACR and an AKS cluster with the following
+Remove the integration between an ACR and an AKS cluster using the [`-AcrNameToDetach` parameter][ps-detach] and valid values for **acr-name**.
 
 ```azurepowershell
 Set-AzAksCluster -Name myAKSCluster -ResourceGroupName myResourceGroup -AcrNameToDetach <acr-name>
@@ -135,15 +157,15 @@ Set-AzAksCluster -Name myAKSCluster -ResourceGroupName myResourceGroup -AcrNameT
 
 ### Import an image into your ACR
 
-Import an image from docker hub into your ACR by running the following:
+Run the following command to import an image from Docker Hub into your ACR.
 
-### [Azure CLI](#tab/azure-cli)
+#### [Azure CLI](#tab/azure-cli)
 
 ```azurecli
 az acr import  -n <acr-name> --source docker.io/library/nginx:latest --image nginx:v1
 ```
 
-### [Azure PowerShell](#tab/azure-powershell)
+#### [Azure PowerShell](#tab/azure-powershell)
 
 ```azurepowershell
 Import-AzContainerRegistryImage -RegistryName <acr-name> -ResourceGroupName myResourceGroup -SourceRegistryUri docker.io -SourceImage library/nginx:latest
@@ -153,23 +175,23 @@ Import-AzContainerRegistryImage -RegistryName <acr-name> -ResourceGroupName myRe
 
 ### Deploy the sample image from ACR to AKS
 
-Ensure you have the proper AKS credentials
+Ensure you have the proper AKS credentials.
 
-### [Azure CLI](#tab/azure-cli)
+#### [Azure CLI](#tab/azure-cli)
 
 ```azurecli
 az aks get-credentials -g myResourceGroup -n myAKSCluster
 ```
 
-### [Azure PowerShell](#tab/azure-powershell)
+#### [Azure PowerShell](#tab/azure-powershell)
 
 ```azurepowershell
 Import-AzAksCredential -ResourceGroupName myResourceGroup -Name myAKSCluster
 ```
 
 ---
 
-Create a file called **acr-nginx.yaml** that contains the following. Substitute the resource name of your registry for **acr-name**. Example: *myContainerRegistry*.
+Create a file called **acr-nginx.yaml** using the sample YAML below. Replace **acr-name** with the name of your ACR.
 
 ```yaml
 apiVersion: apps/v1
@@ -195,19 +217,19 @@ spec:
         - containerPort: 80
 ```
 
-Next, run this deployment in your AKS cluster:
+After creating the file, run the following deployment in your AKS cluster.
 
 ```console
 kubectl apply -f acr-nginx.yaml
 ```
 
-You can monitor the deployment by running:
+You can monitor the deployment by running `kubectl get pods`.
 
 ```console
 kubectl get pods
 ```
 
-You should have two running pods.
+The output should show two running pods.
 
 ```output
 NAME                                 READY   STATUS    RESTARTS   AGE
@@ -216,12 +238,23 @@ nginx0-deployment-669dfc4d4b-xdpd6   1/1     Running   0          20s
 ```
 
 ### Troubleshooting
-* Run the [az aks check-acr](/cli/azure/aks#az-aks-check-acr) command to validate that the registry is accessible from the AKS cluster.
-* Learn more about [ACR Monitoring](../container-registry/monitor-service.md)
-* Learn more about [ACR Health](../container-registry/container-registry-check-health.md)
+
+* Run the [`az aks check-acr`](/cli/azure/aks#az-aks-check-acr) command to validate that the registry is accessible from the AKS cluster.
+* Learn more about [ACR monitoring](../container-registry/monitor-service.md).
+* Learn more about [ACR health](../container-registry/container-registry-check-health.md).
 
 <!-- LINKS - external -->
-[AKS AKS CLI]: /cli/azure/aks#az_aks_create
-[Image Pull secret]: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
 
+[image-pull-secret]: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
 [summary-msi]: use-managed-identity.md#summary-of-managed-identities
+[acr-pull]: ../role-based-access-control/built-in-roles.md#acrpull
+[azure-cli-install]: /cli/azure/install-azure-cli
+[azure-powershell-install]: /powershell/azure/install-az-ps
+[acr-intro]: ../container-registry/container-registry-intro.md
+[aad-identity]: ../active-directory/managed-identities-azure-resources/overview.md
+[rbac-owner]: ../role-based-access-control/built-in-roles.md#owner
+[rbac-classic]: ../role-based-access-control/rbac-and-directory-admin-roles.md#classic-subscription-administrator-roles
+[kubelet]: https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/
+[ps-detach]: /powershell/module/az.aks/set-azakscluster#-acrnametodetach
+[cli-param]: /cli/azure/aks#az-aks-update-optional-parameters
+[ps-attach]: /powershell/module/az.aks/set-azakscluster#-acrnametoattach