Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into convertQS

Author: roygara

articles/active-directory/conditional-access/concept-conditional-access-cloud-apps.md

@@ -82,23 +82,33 @@ Administrators can exclude specific apps from policy if they wish, including the
 
 The following key applications are included in the Office 365 client app:
 
-   - Microsoft Forms
-   - Microsoft Planner
-   - Microsoft Stream
-   - Microsoft To-Do
-   - Microsoft Teams
-   - Exchange Online
-   - SharePoint Online
-   - Microsoft 365 Search Service
-   - Yammer
-   - Office Delve
-   - Office Online
-   - Office.com
-   - OneDrive
-   - Power Automate
-   - Power Apps
-   - Skype for Business Online
-   - Sway
+- Exchange Online
+- Microsoft 365 Search Service
+- Microsoft Forms
+- Microsoft Planner (ProjectWorkManagement)
+- Microsoft Stream
+- Microsoft Teams
+- Microsoft To-Do
+- Microsoft Flow
+- Microsoft Office 365 Portal
+- Microsoft Office client application
+- Microsoft Stream 
+- Microsoft To-Do WebApp
+- Microsoft Whiteboard Services
+- Office Delve
+- Office Online
+- Office.com
+- OneDrive
+- Power Apps
+- Power Automate
+- Security & Compliance Center
+- SharePoint Online
+- Skype for Business Online
+- Skype and Teams Tenant Admin API
+- Sway
+- Yammer
+
+A complete list of all services included can be found in the article [Apps included in Conditional Access Office 365 app suite](reference-office-365-application-contents.md).
 
 ### Microsoft Azure Management
 
@@ -192,4 +202,4 @@ For more information about authentication context use in applications, see the f
 
 - [Conditional Access: Conditions](concept-conditional-access-conditions.md)
 - [Conditional Access common policies](concept-conditional-access-policy-common.md)
-- [Client application dependencies](service-dependencies.md)
+- [Client application dependencies](service-dependencies.md)

articles/active-directory/verifiable-credentials/media/verifiable-credentials-faq/identity-hub.png

@@ -126,7 +126,7 @@ Yes, after reconfiguring your service, your tenant has a new DID use to issue an
 
 ### Is it possible to request Microsoft to retrieve "old DIDs"?
 
-No, at this point it is not possible to keep your tenant's DID after you have opt-out of the service.
+No, at this point it isn't possible to keep your tenant's DID after you have opt-out of the service.
 
 ## Next steps
 

articles/active-directory/verifiable-credentials/verifiable-credentials-faq.md

@@ -26,13 +26,18 @@ We are rolling out some important updates to our service that are breaking chang
 - Azure AD Verifiable Credentials customers can take advantage of enhancements to credential revocation that add a higher degree of privacy through the implementation of the [W3C Status List 2021](https://w3c-ccg.github.io/vc-status-list-2021/) standard. [Read more](whats-new.md?#credential-revocation-with-enhanced-privacy)
 
 >[!IMPORTANT]
-> All Azure AD Verifiable Credential customers receiving a banner notice in the Azure portal need to go through a service reconfiguration before March 31st 2022. On March 31st 2022 tenants that have not been reconfigured will lose access to any previous configuration and will require to configure a new instance of the Azure AD Verifiable Credential service. Learn more about how to [reconfigure your tenant](verifiable-credentials-faq.md?#how-do-i-reconfigure-the-azure-ad-verifiable-credentials-service).
+> All Azure AD Verifiable Credential customers receiving a banner notice in the Azure portal need to go through a service reconfiguration before March 31st 2022. On March 31st 2022 tenants that have not been reconfigured will lose access to any previous configuration. Administrators will have to set up a new instance of the Azure AD Verifiable Credential service. Learn more about how to [reconfigure your tenant](verifiable-credentials-faq.md?#how-do-i-reconfigure-the-azure-ad-verifiable-credentials-service).
 
 ### Azure AD Verifiable Credentials available in Europe
 
-Since the Azure AD Verifiable Credentials service's Public Preview rollout, the service has been available in our Azure North America region. Now, the service is also available in our Azure European region. Customers with Azure AD tenants setup in Europe will have Verifiable Credentials data located and processed in our Azure Europe region. Customers with Azure AD tenants setup in Europe who start using the Azure AD Verifiable Credentials service after February 15, 2022, will automatically have their data processed in Europe and don't need to take any further actions. Customers with Azure AD tenants setup in Europe that started using the Azure AD Verifiable Credentials service before February 15, 2022, are required to reconfigure the service on their tenants before March 31, 2022.
+Since the beginning of the Azure AD Verifiable Credentials service public preview, the service has only been available in our Azure North America region. Now, the service is also available in our Azure Europe region.
+
+- Customers with Azure AD European tenants now have their Verifiable Credentials data located and processed in our Azure Europe region.
+- Customers with Azure AD tenants setup in Europe who start using the Azure AD Verifiable Credentials service after February 15, 2022, have their data automatically processed in Europe and don't need to take any further actions.
+- Customers with Azure AD tenants setup in Europe that started using the Azure AD Verifiable Credentials service before February 15, 2022, are required to reconfigure the service on their tenants before March 31, 2022.
 
 Take the following steps to configure the Verifiable Credentials service in Europe:
+
 1. [Check the location](verifiable-credentials-faq.md#how-can-i-check-my-azure-ad-tenants-region) of your Azure Active Directory to make sure is in Europe.
 1. [Reconfigure the Verifiable Credentials service](verifiable-credentials-faq.md?#how-do-i-reconfigure-the-azure-ad-verifiable-credentials-service) in your tenant. 
 
@@ -52,7 +57,7 @@ To confirm which endpoint you should use, we recommend checking your Azure AD te
 
 ### Credential Revocation with Enhanced Privacy
 
-The Azure AD Verifiable Credential service supports the [W3C Status List 2021](https://w3c-ccg.github.io/vc-status-list-2021/) standard. Each Issuer tenant will have an [Identity Hub](https://identity.foundation/identity-hub/spec/) endpoint that is used by verifiers to check on the status of a credential using a privacy-respecting mechanism. The identity hub endpoint for the tenant is also published in the DID document. This feature replaces the current status endpoint.
+The Azure AD Verifiable Credential service supports the [W3C Status List 2021](https://w3c-ccg.github.io/vc-status-list-2021/) standard. Each Issuer tenant now has an [Identity Hub](https://identity.foundation/identity-hub/spec/) endpoint used by verifiers to check on the status of a credential using a privacy-respecting mechanism. The identity hub endpoint for the tenant is also published in the DID document. This feature replaces the current status endpoint.
 
 To uptake this feature follow the next steps:
 1. [Check if your tenant has the Hub endpoint](verifiable-credentials-faq.md#how-can-i-check-if-my-tenant-has-the-new-hub-endpoint).
@@ -61,34 +66,35 @@ To uptake this feature follow the next steps:
 1. Create new verifiable credentials contracts. In the rules file you must add the ` "credentialStatusConfiguration": "anonymous" ` property to start using the new feature in combination with the Hub endpoint for your credentials:
 
 Sample contract file:
-``` json 
-{
-  "attestations": {
-    "idTokens": [
-      {
-        "id": "https://self-issued.me",
-        "mapping": {
-          "firstName": { "claim": "$.given_name" },
-          "lastName": { "claim": "$.family_name" }
-        },
-        "configuration": "https://self-issued.me",
-        "client_id": "",
-        "redirect_uri": ""
-      }
-    ]
-  },
-  "validityInterval": 2592001,
-"credentialStatusConfiguration": "anonymous",
-  "vc": {
-    "type": [ "VerifiedCredentialExpert" ]
-  }
-} 
-```
+
+  ``` json 
+  {
+    "attestations": {
+      "idTokens": [
+        {
+          "id": "https://self-issued.me",
+          "mapping": {
+            "firstName": { "claim": "$.given_name" },
+            "lastName": { "claim": "$.family_name" }
+          },
+          "configuration": "https://self-issued.me",
+          "client_id": "",
+          "redirect_uri": ""
+        }
+      ]
+    },
+    "validityInterval": 2592001,
+  "credentialStatusConfiguration": "anonymous",
+    "vc": {
+      "type": [ "VerifiedCredentialExpert" ]
+    }
+  } 
+  ```
+
 3. You have to issue new verifiable credentials using your new configuration. All verifiable credentials previously issued will continue to exist as your previous DID will remain resolvable however, they use the previous status endpoint implementation.
 
 >[!IMPORTANT]
-> Reconfiguring the Azure AD Verifiable Credentials service is required so that the new Identity Hub service endpoint can be created for the tenant. Tenants have until March 31st 2022, to schedule and manage the reconfiguration of the Verifiable Vredential service. On March 31st, 2022 tenants that have not been reconfigured will lose access to any previous configuration and will require to configure a new instance of the Azure AD Verifiable Credential service.
-
+> You have to reconfigure your Azure AD Verifiable Credential service instance to create your new Identity hub endpoint. You have until March 31st 2022, to schedule and manage the reconfiguration of your deployment. On March 31st, 2022 deployments that have not been reconfigured will lose access to any previous Azure AD Verifiable Credentials service configuration. Administrators will need to set up a new service instance.
 
 ## December 2021
 

articles/active-directory/verifiable-credentials/whats-new.md

@@ -348,6 +348,35 @@ az aks nodepool list -g myResourceGroup --cluster-name myAKSCluster
 
 It takes a few minutes to delete the nodes and the node pool.
 
+## Associate capacity reservation groups to node pools (preview)
+
+[!INCLUDE [preview features callout](./includes/preview/preview-callout.md)]
+
+As your application workloads demands, you may associate node pools to capacity reservation groups created prior. This ensures guaranteed capacity is allocated for your node pools.  
+
+For more information on the capacity reservation groups, please refer to [Capacity Reservation Groups][capacity-reservation-groups].
+
+Associating a node pool with an existing capacity reservation group can be done using [az aks nodepool add][az-aks-nodepool-add] command and specifying a capacity reservation group with the --capacityReservationGroup flag" The capacity reservation group should already exist , otherwise the node pool will be added to the cluster with a warning and no capacity reservation group gets associated. 
+
+```azurecli-interactive
+az aks nodepool add -g MyRG --cluster-name MyMC -n myAP --capacityReservationGroup myCRG
+```
+Associating a system node pool with an existing capacity reservation group can be done using [az aks create][az-aks-create] command. If the capacity reservation group specified does not exist, then a warning is issued and the cluster gets created without any capacity reservation group association. 
+
+```azurecli-interactive
+az aks create -g MyRG --cluster-name MyMC --capacityReservationGroup myCRG
+```
+Deleting a node pool command will implicitly dissociate a node pool from any associated capacity reservation group, before that node pool is deleted.
+
+```azurecli-interactive
+az aks nodepool delete -g MyRG --cluster-name MyMC -n myAP
+```
+Deleting a cluster command implicitly dissociates all node pools in a cluster from their associated capacity reservation groups.
+
+```azurecli-interactive
+az aks delete -g MyRG --cluster-name MyMC
+```
+
 ## Specify a VM size for a node pool
 
 In the previous examples to create a node pool, a default VM size was used for the nodes created in the cluster. A more common scenario is for you to create node pools with different VM sizes and capabilities. For example, you may create a node pool that contains nodes with large amounts of CPU or memory, or a node pool that provides GPU support. In the next step, you [use taints and tolerations](#setting-nodepool-taints) to tell the Kubernetes scheduler how to limit access to pods that can run on these nodes.
@@ -843,6 +872,7 @@ Use [proximity placement groups][reduce-latency-ppg] to reduce latency for your
 [kubectl-describe]: https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#describe
 [kubernetes-labels]: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
 [kubernetes-label-syntax]: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#syntax-and-character-set
+[capacity-reservation-groups]:/azure/virtual-machines/capacity-reservation-associate-virtual-machine-scale-set
 
 <!-- INTERNAL LINKS -->
 [aks-windows]: windows-container-cli.md
@@ -864,6 +894,7 @@ Use [proximity placement groups][reduce-latency-ppg] to reduce latency for your
 [az-group-create]: /cli/azure/group#az_group_create
 [az-group-delete]: /cli/azure/group#az_group_delete
 [az-deployment-group-create]: /cli/azure/deployment/group#az_deployment_group_create
+[az-aks-nodepool-add]: /cli/azure/aks#az_aks_nodepool_add
 [gpu-cluster]: gpu-cluster.md
 [install-azure-cli]: /cli/azure/install-azure-cli
 [operator-best-practices-advanced-scheduler]: operator-best-practices-advanced-scheduler.md

articles/aks/use-multiple-node-pools.md

@@ -93,8 +93,6 @@
         href: observability.md
       - name: CI/CD using ARM templates
         href: devops-api-development-templates.md
-      - name: Soft-delete
-        href: soft-delete.md
       - name: Compute platform
         href: compute-infrastructure.md
 
@@ -332,6 +330,8 @@
               href: api-management-role-based-access-control.md
             - name: Move instances between regions
               href: api-management-howto-migrate.md
+            - name: Recover a deleted instance
+              href: soft-delete.md
             - name: Use managed identities for Azure resources
               href: api-management-howto-use-managed-service-identity.md
             - name: Self-hosted gateway