MicrosoftDocs
diff --git a/‎articles/active-directory/fundamentals/whats-new.md
Lines changed: 4 additions & 4 deletions b/‎articles/active-directory/fundamentals/whats-new.md
Lines changed: 4 additions & 4 deletions
diff --git a/‎articles/aks/tutorial-kubernetes-deploy-cluster.md
Lines changed: 42 additions & 33 deletions b/‎articles/aks/tutorial-kubernetes-deploy-cluster.md
Lines changed: 42 additions & 33 deletions
diff --git a/‎articles/aks/use-azure-dedicated-hosts.md
Lines changed: 21 additions & 11 deletions b/‎articles/aks/use-azure-dedicated-hosts.md
Lines changed: 21 additions & 11 deletions
diff --git a/‎articles/api-management/TOC.yml
Lines changed: 2 additions & 0 deletions b/‎articles/api-management/TOC.yml
Lines changed: 2 additions & 0 deletions
@@ -163,12 +163,12 @@ Update the company branding functionality on the Azure AD/Microsoft 365 sign in
 
 
 **Type:** New feature   
-**Service category:** B2B        
-**Product capability:** B2B/B2C   
+**Service category:** Directory Management           
+**Product capability:** Directory      
 
-Administrative Units now support soft deletion. Admins can now list, view properties of, perform ad hoc hard delete, or restore deleted Administrative Units using Microsoft Graph. This functionality restores all configuration for the Administrative Unit when restored from soft delete including: memberships, admin roles, processing rules, and processing rules state.
+Administrative Units now support soft deletion. Admins can now list, view properties of, or restore deleted Administrative Units using the Microsoft Graph. This functionality restores all configuration for the Administrative Unit when restored from soft delete, including memberships, admin roles, processing rules, and processing rules state.
 
-This functionality greatly enhances recoverability and resilience when using Administrative Units. Now, when an Administrative Unit is accidentally deleted, it can be restored quickly to the same state it was at time of deletion. This removes uncertainty around how things were configured, and makes restoration quick and easy. For more information, see: [Soft deletions](../fundamentals/recover-from-deletions.md#soft-deletions).
+This functionality greatly enhances recoverability and resilience when using Administrative Units. Now, when an Administrative Unit is accidentally deleted it can be restored quickly to the same state it was at time of deletion-removing uncertainty around how things were configured and making restoration quick and easy. For more information, see: [List deletedItems (directory objects)](/graph/api/directory-deleteditems-list?view=graph-rest-1.0&tabs=http).
 
 
 ---
 
@@ -3,7 +3,7 @@ title: Kubernetes on Azure tutorial - Deploy a cluster
 description: In this Azure Kubernetes Service (AKS) tutorial, you create an AKS cluster and use kubectl to connect to the Kubernetes master node.
 services: container-service
 ms.topic: tutorial
-ms.date: 05/24/2021
+ms.date: 12/01/2022
 
 ms.custom: mvc, devx-track-azurecli, devx-track-azurepowershell
 
@@ -12,38 +12,38 @@ ms.custom: mvc, devx-track-azurecli, devx-track-azurepowershell
 
 # Tutorial: Deploy an Azure Kubernetes Service (AKS) cluster
 
-Kubernetes provides a distributed platform for containerized applications. With AKS, you can quickly create a production ready Kubernetes cluster. In this tutorial, part three of seven, a Kubernetes cluster is deployed in AKS. You learn how to:
+Kubernetes provides a distributed platform for containerized applications. With AKS, you can quickly create a production ready Kubernetes cluster. In this tutorial, part three of seven, you deploy a Kubernetes cluster in AKS. You learn how to:
 
 > [!div class="checklist"]
-> * Deploy a Kubernetes AKS cluster that can authenticate to an Azure container registry
-> * Install the Kubernetes CLI (kubectl)
-> * Configure kubectl to connect to your AKS cluster
 
-In later tutorials, the Azure Vote application is deployed to the cluster, scaled, and updated.
+> * Deploy a Kubernetes AKS cluster that can authenticate to an Azure Container Registry (ACR).
+> * Install the Kubernetes CLI, `kubectl`.
+> * Configure `kubectl` to connect to your AKS cluster.
 
-## Before you begin
-
-In previous tutorials, a container image was created and uploaded to an Azure Container Registry instance. If you haven't done these steps, and would like to follow along, start at [Tutorial 1 – Create container images][aks-tutorial-prepare-app].
+In later tutorials, you'll deploy the Azure Vote application to your AKS cluster and scale and update your application.
 
-### [Azure CLI](#tab/azure-cli)
-
-This tutorial requires that you're running the Azure CLI version 2.0.53 or later. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI][azure-cli-install].
+## Before you begin
 
-### [Azure PowerShell](#tab/azure-powershell)
+In previous tutorials, you created a container image and uploaded it to an ACR instance. If you haven't done these steps and would like to follow along, start with [Tutorial 1: Prepare an application for AKS][aks-tutorial-prepare-app].
 
-This tutorial requires that you're running Azure PowerShell version 5.9.0 or later. Run `Get-InstalledModule -Name Az` to find the version. If you need to install or upgrade, see [Install Azure PowerShell][azure-powershell-install].
+* If you're using Azure CLI, this tutorial requires that you're running the Azure CLI version 2.0.53 or later. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI][azure-cli-install].
+* If you're using Azure PowerShell, this tutorial requires that you're running Azure PowerShell version 5.9.0 or later. Run `Get-InstalledModule -Name Az` to find the version. If you need to install or upgrade, see [Install Azure PowerShell][azure-powershell-install].
 
 ---
 
 ## Create a Kubernetes cluster
 
-AKS clusters can use Kubernetes role-based access control (Kubernetes RBAC). These controls let you define access to resources based on roles assigned to users. Permissions are combined if a user is assigned multiple roles, and permissions can be scoped to either a single namespace or across the whole cluster. By default, the Azure CLI automatically enables Kubernetes RBAC when you create an AKS cluster.
+AKS clusters can use [Kubernetes role-based access control (Kubernetes RBAC)][k8s-rbac], which allows you to define access to resources based on roles assigned to users. If a user is assigned multiple roles, permissions are combined. Permissions can be scoped to either a single namespace or across the whole cluster.
+
+To learn more about AKS and Kubernetes RBAC, see [Control access to cluster resources using Kubernetes RBAC and Azure Active Directory identities in AKS][aks-k8s-rbac].
 
 ### [Azure CLI](#tab/azure-cli)
 
-Create an AKS cluster using [az aks create][]. The following example creates a cluster named *myAKSCluster* in the resource group named *myResourceGroup*. This resource group was created in the [previous tutorial][aks-tutorial-prepare-acr] in the *eastus* region. The following example does not specify a region so the AKS cluster is also created in the *eastus* region. For more information, see [Quotas, virtual machine size restrictions, and region availability in Azure Kubernetes Service (AKS)][quotas-skus-regions] for more information about resource limits and region availability for AKS.
+Create an AKS cluster using [`az aks create`][az aks create]. The following example creates a cluster named *myAKSCluster* in the resource group named *myResourceGroup*. This resource group was created in the [previous tutorial][aks-tutorial-prepare-acr] in the *eastus* region. The AKS cluster will also be created in the *eastus* region.
+
+For more information about AKS resource limits and region availability, see [Quotas, virtual machine size restrictions, and region availability in AKS][quotas-skus-regions].
 
-To allow an AKS cluster to interact with other Azure resources, a cluster identity is automatically created, since you did not specify one. Here, this cluster identity is [granted the right to pull images][container-registry-integration] from the Azure Container Registry (ACR) instance you created in the previous tutorial. To execute the command successfully, you're required to have an **Owner** or **Azure account administrator** role on the Azure subscription.
+To allow an AKS cluster to interact with other Azure resources, a cluster identity is automatically created. In this example, the cluster identity is [granted the right to pull images][container-registry-integration] from the ACR instance you created in the previous tutorial. To execute the command successfully, you're required to have an **Owner** or **Azure account administrator** role in your Azure subscription.
 
 ```azurecli
 az aks create \
@@ -56,9 +56,11 @@ az aks create \
 
 ### [Azure PowerShell](#tab/azure-powershell)
 
-Create an AKS cluster using [New-AzAksCluster][new-azakscluster]. The following example creates a cluster named *myAKSCluster* in the resource group named *myResourceGroup*. This resource group was created in the [previous tutorial][aks-tutorial-prepare-acr] in the *eastus* region. The following example does not specify a region so the AKS cluster is also created in the *eastus* region. For more information, see [Quotas, virtual machine size restrictions, and region availability in Azure Kubernetes Service (AKS)][quotas-skus-regions] for more information about resource limits and region availability for AKS.
+Create an AKS cluster using [`New-AzAksCluster`][new-azakscluster]. The following example creates a cluster named *myAKSCluster* in the resource group named *myResourceGroup*. This resource group was created in the [previous tutorial][aks-tutorial-prepare-acr] in the *eastus* region. The AKS cluster will also be created in the *eastus* region.
 
-To allow an AKS cluster to interact with other Azure resources, a cluster identity is automatically created, since you did not specify one. Here, this cluster identity is [granted the right to pull images][container-registry-integration] from the Azure Container Registry (ACR) instance you created in the previous tutorial. To execute the command successfully, you're required to have an **Owner** or **Azure account administrator** role on the Azure subscription.
+For more information about AKS resource limits and region availability, see [Quotas, virtual machine size restrictions, and region availability in AKS][quotas-skus-regions].
+
+To allow an AKS cluster to interact with other Azure resources, a cluster identity is automatically created. In this example, the cluster identity is [granted the right to pull images][container-registry-integration] from the ACR instance you created in the previous tutorial. To execute the command successfully, you're required to have an **Owner** or **Azure account administrator** role in your Azure subscription.
 
 ```azurepowershell
 New-AzAksCluster -ResourceGroupName myResourceGroup -Name myAKSCluster -NodeCount 2 -GenerateSshKey -AcrNameToAttach <acrName>
@@ -68,25 +70,26 @@ New-AzAksCluster -ResourceGroupName myResourceGroup -Name myAKSCluster -NodeCoun
 
 To avoid needing an **Owner** or **Azure account administrator** role, you can also manually configure a service principal to pull images from ACR. For more information, see [ACR authentication with service principals](../container-registry/container-registry-auth-service-principal.md) or [Authenticate from Kubernetes with a pull secret](../container-registry/container-registry-auth-kubernetes.md). Alternatively, you can use a [managed identity](use-managed-identity.md) instead of a service principal for easier management.
 
-After a few minutes, the deployment completes, and returns JSON-formatted information about the AKS deployment.
+After a few minutes, the deployment completes and returns JSON-formatted information about the AKS deployment.
 
 > [!NOTE]
-> To ensure your cluster to operate reliably, you should run at least 2 (two) nodes.
+> To ensure your cluster operates reliably, you should run at least two nodes.
 
 ## Install the Kubernetes CLI
 
-To connect to the Kubernetes cluster from your local computer, you use [kubectl][kubectl], the Kubernetes command-line client.
+Use the Kubernetes CLI, [`kubectl`][kubectl], to connect to the Kubernetes cluster from your local computer.
 
 ### [Azure CLI](#tab/azure-cli)
 
-If you use the Azure Cloud Shell, `kubectl` is already installed. You can also install it locally using the [az aks install-cli][] command:
+If you use the Azure Cloud Shell, `kubectl` is already installed. You can also install it locally using the [`az aks install-cli`][az aks install-cli] command.
 
 ```azurecli
 az aks install-cli
 ```
+
 ### [Azure PowerShell](#tab/azure-powershell)
 
-If you use the Azure Cloud Shell, `kubectl` is already installed. You can also install it locally using the [Install-AzAksKubectl][install-azakskubectl] cmdlet:
+If you use the Azure Cloud Shell, `kubectl` is already installed. You can also install it locally using the [`Install-AzAksKubectl`][install-azakskubectl] cmdlet.
 
 ```azurepowershell
 Install-AzAksKubectl
@@ -98,23 +101,23 @@ Install-AzAksKubectl
 
 ### [Azure CLI](#tab/azure-cli)
 
-To configure `kubectl` to connect to your Kubernetes cluster, use the [az aks get-credentials][] command. The following example gets credentials for the AKS cluster named *myAKSCluster* in the *myResourceGroup*:
+To configure `kubectl` to connect to your Kubernetes cluster, use the [`az aks get-credentials`][az aks get-credentials] command. The following example gets credentials for the AKS cluster named *myAKSCluster* in *myResourceGroup*.
 
 ```azurecli
 az aks get-credentials --resource-group myResourceGroup --name myAKSCluster
 ```
 
 ### [Azure PowerShell](#tab/azure-powershell)
 
-To configure `kubectl` to connect to your Kubernetes cluster, use the [Import-AzAksCredential][import-azakscredential] cmdlet. The following example gets credentials for the AKS cluster named *myAKSCluster* in the *myResourceGroup*:
+To configure `kubectl` to connect to your Kubernetes cluster, use the [`Import-AzAksCredential`][import-azakscredential] cmdlet. The following example gets credentials for the AKS cluster named *myAKSCluster* in *myResourceGroup*.
 
 ```azurepowershell
 Import-AzAksCredential -ResourceGroupName myResourceGroup -Name myAKSCluster
 ```
 
 ---
 
-To verify the connection to your cluster, run the [kubectl get nodes][kubectl-get] command to return a list of the cluster nodes:
+To verify connection to your cluster, run [`kubectl get nodes`][kubectl-get] to return a list of cluster nodes.
 
 ```azurecli-interactive
 kubectl get nodes
@@ -132,21 +135,23 @@ aks-nodepool1-37463671-vmss000001   Ready    agent   2m28s   v1.18.10
 
 ## Next steps
 
-In this tutorial, a Kubernetes cluster was deployed in AKS, and you configured `kubectl` to connect to it. You learned how to:
+In this tutorial, you deployed a Kubernetes cluster in AKS and configured `kubectl` to connect to the cluster. You learned how to:
 
 > [!div class="checklist"]
-> * Deploy a Kubernetes AKS cluster that can authenticate to an Azure container registry
-> * Install the Kubernetes CLI (kubectl)
-> * Configure kubectl to connect to your AKS cluster
+>
+> * Deploy an AKS cluster that can authenticate to an ACR.
+> * Install the Kubernetes CLI, `kubectl`.
+> * Configure `kubectl` to connect to your AKS cluster.
 
-Advance to the next tutorial to learn how to deploy an application to the cluster.
+In the next tutorial, you'll learn how to deploy an application to your cluster.
 
 > [!div class="nextstepaction"]
-> [Deploy application in Kubernetes][aks-tutorial-deploy-app]
+> [Deploy an application in AKS][aks-tutorial-deploy-app]
 
 <!-- LINKS - external -->
 [kubectl]: https://kubernetes.io/docs/user-guide/kubectl/
 [kubectl-get]: https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#get
+[k8s-rbac]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
 
 <!-- LINKS - internal -->
 [aks-tutorial-deploy-app]: ./tutorial-kubernetes-deploy-application.md
@@ -165,3 +170,7 @@ Advance to the next tutorial to learn how to deploy an application to the cluste
 [new-azakscluster]: /powershell/module/az.aks/new-azakscluster
 [install-azakskubectl]: /powershell/module/az.aks/install-azaksclitool
 [import-azakscredential]: /powershell/module/az.aks/import-azakscredential
+[aks-k8s-rbac]: azure-ad-rbac.md
+[preset-config]: /quotas-skus-regions.md#cluster-configuration-presets-in-the-azure-portal
+[azure-managed-identities]: ../active-directory/managed-identities-azure-resources/overview.md
+[az-container-insights]: ../azure-monitor/containers/container-insights-overview.md
@@ -3,7 +3,7 @@ title: Use Azure Dedicated Hosts in Azure Kubernetes Service (AKS)
 description: Learn how to create an Azure Dedicated Hosts Group and associate it with Azure Kubernetes Service (AKS)
 services: container-service
 ms.topic: article
-ms.date: 09/13/2022
+ms.date: 12/01/2022
 ---
 
 # Add Azure Dedicated Host to an Azure Kubernetes Service (AKS) cluster
@@ -28,16 +28,7 @@ The following limitations apply when you integrate Azure Dedicated Host with Azu
 * It isn't supported to update agent pool from host group A to host group B.
 * Using ADH across subscriptions.
 
-## Add a Dedicated Host Group to an AKS cluster
-
-A host group is a resource that represents a collection of dedicated hosts. You create a host group in a region and an availability zone, and add hosts to it. When planning for high availability, there are more options. You can use one or both of the following options with your dedicated hosts:
-
-* Span across multiple availability zones. In this case, you're required to have a host group in each of the zones you wish to use.
-* Span across multiple fault domains, which are mapped to physical racks.
-
-In either case, you need to provide the fault domain count for your host group. If you don't want to span fault domains in your group, use a fault domain count of 1.
-
-You can also decide to use both availability zones and fault domains.
+## Planning for ADH Capacity on AKS
 
 Not all host SKUs are available in all regions, and availability zones. You can list host availability, and any offer restrictions before you start provisioning dedicated hosts.
 
@@ -49,6 +40,25 @@ az vm list-skus -l eastus  -r hostGroups/hosts  -o table
 > First, when using host group, the nodepool fault domain count is always the same as the host group fault domain count. In order to use cluster auto-scaling to work with ADH and AKS, please make sure your host group fault domain count and capacity is enough.
 > Secondly, only change fault domain count from the default of 1 to any other number if you know what they are doing as a misconfiguration could lead to a unscalable configuration.
 
+[Determine how many hosts you would need based on the expected VM Utilization](https://learn.microsoft.com/azure/virtual-machines/dedicated-host-general-purpose-skus).
+
+Evaluate [host utilization](https://learn.microsoft.com/azure/virtual-machines/dedicated-hosts-how-to?tabs=cli#check-the-status-of-the-host) to determine the number of allocatable VMs by size before you deploy.
+
+```azurecli-interactive
+az vm host get-instance-view -g myDHResourceGroup --host-group MyHostGroup --name MyHost
+```
+
+## Add a Dedicated Host Group to an AKS cluster
+
+A host group is a resource that represents a collection of dedicated hosts. You create a host group in a region and an availability zone, and add hosts to it. When planning for high availability, there are more options. You can use one or both of the following options with your dedicated hosts:
+
+* Span across multiple availability zones. In this case, you're required to have a host group in each of the zones you wish to use.
+* Span across multiple fault domains, which are mapped to physical racks.
+
+In either case, you need to provide the fault domain count for your host group. If you don't want to span fault domains in your group, use a fault domain count of 1.
+
+You can also decide to use both availability zones and fault domains.
+
 ## Create a Host Group
 
 Now create a dedicated host in the host group. In addition to a name for the host, you're required to provide the SKU for the host. Host SKU captures the supported VM series and the hardware generation for your dedicated host.
 
@@ -431,6 +431,8 @@
         href: virtual-network-reference.md
       - name: Self-hosted gateway configuration
         href: self-hosted-gateway-settings-reference.md  
+      - name: Diagnostic logs settings
+        href: diagnostic-logs-reference.md
 - name: Resources
   items:
       - name: FAQ