MicrosoftDocs
diff --git a/‎articles/active-directory/develop/sample-v2-code.md
Lines changed: 4 additions & 4 deletions b/‎articles/active-directory/develop/sample-v2-code.md
Lines changed: 4 additions & 4 deletions
diff --git a/‎articles/active-directory/users-groups-roles/groups-settings-v2-cmdlets.md
Lines changed: 4 additions & 0 deletions b/‎articles/active-directory/users-groups-roles/groups-settings-v2-cmdlets.md
Lines changed: 4 additions & 0 deletions
diff --git a/‎articles/azure-monitor/platform/data-sources-performance-counters.md
Lines changed: 1 addition & 1 deletion b/‎articles/azure-monitor/platform/data-sources-performance-counters.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/azure-vmware/concepts-identity.md
Lines changed: 56 additions & 0 deletions b/‎articles/azure-vmware/concepts-identity.md
Lines changed: 56 additions & 0 deletions
diff --git a/‎articles/azure-vmware/concepts-networking.md
Lines changed: 81 additions & 0 deletions b/‎articles/azure-vmware/concepts-networking.md
Lines changed: 81 additions & 0 deletions
@@ -49,7 +49,7 @@ The following samples illustrate web applications that sign in users. Some sampl
 
 | Platform | Only signs in users | Signs in users and calls Microsoft Graph |
 | -------- | ------------------- | --------------------------------- |
-| ![This image shows the ASP.NET Core logo](media/sample-v2-code/logo_NETcore.png)</p>ASP.NET Core 2.2 | [ASP.NET Core WebApp signs-in users tutorial](https://aka.ms/aspnetcore-webapp-sign-in) | Same sample in the [ASP.NET Core web app calls Microsoft Graph](https://aka.ms/aspnetcore-webapp-call-msgraph) phase |
+| ![This image shows the ASP.NET Core logo](media/sample-v2-code/logo_NETcore.png)</p>ASP.NET Core | [ASP.NET Core WebApp signs-in users tutorial](https://aka.ms/aspnetcore-webapp-sign-in) | Same sample in the [ASP.NET Core web app calls Microsoft Graph](https://aka.ms/aspnetcore-webapp-call-msgraph) phase |
 | ![This image shows the ASP.NET logo](media/sample-v2-code/logo_NETframework.png)</p> ASP.NET | [ASP.NET Quickstart](https://github.com/AzureAdQuickstarts/AppModelv2-WebApp-OpenIDConnect-DotNet) </p> [dotnet-webapp-openidconnect-v2](https://github.com/azure-samples/active-directory-dotnet-webapp-openidconnect-v2)  |  [dotnet-admin-restricted-scopes-v2](https://github.com/azure-samples/active-directory-dotnet-admin-restricted-scopes-v2) </p> |[msgraph-training-aspnetmvcapp](https://github.com/microsoftgraph/msgraph-training-aspnetmvcapp)
 | ![This image shows the Java logo](media/sample-v2-code/logo_java.png)  |                   | [ms-identity-java-webapp](https://github.com/Azure-Samples/ms-identity-java-webapp) |
 | ![This image shows the Python logo](media/sample-v2-code/logo_python.png)  |                   | [ms-identity-python-webapp](https://github.com/Azure-Samples/ms-identity-python-webapp) |
@@ -59,7 +59,7 @@ The following samples illustrate web applications that sign in users. Some sampl
 
 The following samples show public client applications (desktop or mobile applications) that access the Microsoft Graph API, or your own web API in the name of a user. All these client applications use Microsoft Authentication Library (MSAL).
 
-| Client application | Platform | Flow/Grant | Calls Microsoft Graph | Calls an ASP.NET Core 2.0 web API |
+| Client application | Platform | Flow/Grant | Calls Microsoft Graph | Calls an ASP.NET Core web API |
 | ------------------ | -------- |  ----------| ---------- | ------------------------- |
 | Desktop (WPF)      | ![This image shows the .NET/C# logo](media/sample-v2-code/logo_NET.png) | [interactive](msal-authentication-flows.md#interactive)| [dotnet-desktop-msgraph-v2](https://github.com/azure-samples/active-directory-dotnet-desktop-msgraph-v2) | [dotnet-native-aspnetcore-v2](https://aka.ms/msidentity-aspnetcore-webapi) |
 | Desktop (Console)   | ![This image shows the .NET/C# (Desktop) logo](media/sample-v2-code/logo_NET.png) | [Integrated Windows Authentication](msal-authentication-flows.md#integrated-windows-authentication) | [dotnet-iwa-v2](https://github.com/azure-samples/active-directory-dotnet-iwa-v2) |  |
@@ -101,7 +101,7 @@ The following samples show how to protect a web API with the Microsoft identity
 
 | Platform | Sample |
 | -------- | ------------------- |
-| ![This image shows the ASP.NET Core logo](media/sample-v2-code/logo_NETcore.png)</p>ASP.NET Core 2.2 | ASP.NET Core web API (service) of [dotnet-native-aspnetcore-v2](https://aka.ms/msidentity-aspnetcore-webapi-calls-msgraph)  |
+| ![This image shows the ASP.NET Core logo](media/sample-v2-code/logo_NETcore.png)</p>ASP.NET Core | ASP.NET Core web API (service) of [dotnet-native-aspnetcore-v2](https://aka.ms/msidentity-aspnetcore-webapi-calls-msgraph)  |
 | ![This image shows the ASP.NET logo](media/sample-v2-code/logo_NET.png)</p>ASP.NET MVC | Web API (service) of [ms-identity-aspnet-webapi-onbehalfof](https://github.com/Azure-Samples/ms-identity-aspnet-webapi-onbehalfof) |
 | ![This image shows the Java logo](media/sample-v2-code/logo_java.png) | Web API (service) of [ms-identity-java-webapi](https://github.com/Azure-Samples/ms-identity-java-webapi) |
 | ![This image shows the Node.js logo](media/sample-v2-code/logo_nodejs.png) | Web API (service) of [active-directory-javascript-nodejs-webapi-v2](https://github.com/Azure-Samples/active-directory-javascript-nodejs-webapi-v2) |
@@ -113,7 +113,7 @@ The following samples show how to protect an Azure Function using HttpTrigger an
 
 | Platform | Sample |
 | -------- | ------------------- |
-| ![This image shows the ASP.NET Core logo](media/sample-v2-code/logo_NETcore.png)</p>ASP.NET Core 2.2 | ASP.NET Core web API (service) Azure Function of [dotnet-native-aspnetcore-v2](https://github.com/Azure-Samples/ms-identity-dotnet-webapi-azurefunctions)  |
+| ![This image shows the ASP.NET Core logo](media/sample-v2-code/logo_NETcore.png)</p>ASP.NET Core | ASP.NET Core web API (service) Azure Function of [dotnet-native-aspnetcore-v2](https://github.com/Azure-Samples/ms-identity-dotnet-webapi-azurefunctions)  |
 | ![This image shows the Node.js logo](media/sample-v2-code/logo_nodejs.png)</p>NodeJS | Web API (service) of [NodeJS and passport-azure-ad](https://github.com/Azure-Samples/ms-identity-nodejs-webapi-azurefunctions) |
 | ![This image shows the Python logo](media/sample-v2-code/logo_python.png)</p>Python | Web API (service) of [Python](https://github.com/Azure-Samples/ms-identity-python-webapi-azurefunctions) |
 | ![This image shows the Node.js logo](media/sample-v2-code/logo_nodejs.png)</p>NodeJS | Web API (service) of [NodeJS and passport-azure-ad using on behalf of](https://github.com/Azure-Samples/ms-identity-nodejs-webapi-onbehalfof-azurefunctions) |
 
@@ -46,6 +46,10 @@ To verify that the module is ready to use, use the following command:
 
 Now you can start using the cmdlets in the module. For a full description of the cmdlets in the Azure AD module, please refer to the online reference documentation for [Azure Active Directory PowerShell Version 2](/powershell/azure/install-adv2?view=azureadps-2.0).
 
+> [!NOTE]
+> The Azure AD PowerShell cmdlets does not work with the new Powershell 7 as it is based on .net Core. We are aware and this is in the process of getting updated. As of now we suggest to use the Windows Powershell 5.x Module to be used for Azure AD powershell operations. 
+
+
 ## Connect to the directory
 
 Before you can start managing groups using Azure AD PowerShell cmdlets, you must connect your PowerShell session to the directory you want to manage. Use the following command:
 
@@ -171,7 +171,7 @@ Following is the default configuration for performance metrics.
 	</source>
 
 ## Data collection
-Azure Monitor collects all specified performance counters at their specified sample interval on all agents that have that counter installed.  The data is not aggregated, and the raw data is available in all log query views for the duration specified by your subscription.
+Azure Monitor collects all specified performance counters at their specified sample interval on all agents that have that counter installed.  The data is not aggregated, and the raw data is available in all log query views for the duration specified by your log analytics workspace.
 
 ## Performance record properties
 Performance records have a type of **Perf** and have the properties in the following table.
 
@@ -0,0 +1,56 @@
+---
+title: Concepts - Identity and access
+description: Learn about the identity and access concepts of Azure VMware Solution (AVS)
+ms.topic: conceptual
+ms.date: 05/04/2020
+---
+
+# Azure VMware Solution (AVS) identity concepts
+
+A vCenter server and NSX-T manager are provisioned when a private cloud is deployed. You use vCenter to manage virtual machine workloads and NSX-T manager to extend the private cloud software-defined network.
+
+Access and identity management use CloudAdmin group privileges for vCenter and restricted administrator rights for NSX-T manager. This policy ensures that your private cloud platform can be upgraded automatically. This delivers the newest features and patches on a regular basis. See the [private cloud upgrades concepts article][concepts-upgrades] for more details on private cloud upgrades.
+
+## vCenter access and identity
+
+Privileges in vCenter are provided through the CloudAdmin group. That group can be managed locally in vCenter, or through integration of vCenter LDAP single sign-on with Azure Active Directory. You're provided with the ability to enable that integration after you deploy a private cloud.
+
+The CloudAdmin and CloudGlobalAdmin privileges are shown in the table below.
+
+|  Privilege Set           | CloudAdmin | CloudGlobalAdmin | Comment |
+| :---                     |    :---:   |       :---:      |   :--:  |
+|  Alarms                  | A CloudAdmin user has all Alarms privileges for alarms in the Compute-ResourcePool and VMs.     |          --        |  -- |
+|  Auto Deploy	           |  --  |        --        |  Microsoft does host management.  |
+|  Certificates            |  --  |        --       |  Microsoft does certificate management.  |
+|  Content Library         | A CloudAdmin user has privileges to create and use files in a Content Library.    |         Enabled with SSO.         |  Microsoft will distribute files in the Content Library to ESXi hosts.  |
+|  Datacenter              |  --  |        --          |  Microsoft does all data center operations.  |
+|  Datastore               | Datastore.AllocateSpace, Datastore.Browse, Datastore.Config, Datastore.DeleteFile, Datastore.FileManagement, Datastore.UpdateVirtualMachineMetadata     |    --    |   -- |
+|  ESX Agent Manager       |  --  |         --       |  Microsoft does all operations.  |
+|  Folder                  |  A CloudAdmin user has all Folder privileges.     |  --  |  --  |
+|  Global                  |  Global.CancelTask, Global.GlobalTag, Global.Health, Global.LogEvent, Global.ManageCustomFields, Global.ServiceManagers, Global.SetCustomField, Global.SystemTag         |                  |    |
+|  Host                    |  Host.Hbr.HbrManagement      |        --          |  Microsoft does all other Host operations.  |
+|  InventoryService        |  InventoryService.Tagging      |        --          |  --  |
+|  Network                 |  Network.Assign    |                  |  Microsoft does all other Network operations.  |
+|  Permissions             |  --  |        --       |  Microsoft does all Permissions operations.  |
+|  Profile-driven Storage  |  --  |        --       |  Microsoft does all Profile operations.  |
+|  Resource                |  A CloudAdmin user has all Resource privileges.        |      --       | --   |
+|  Scheduled Task          |  A CloudAdmin user has all ScheduleTask privileges.   |   --   | -- |
+|  Sessions                |  Sessions.GlobalMessage, Sessions.ValidateSession      |   --   |  Microsoft does all other Sessions operations.  |
+|  Storage Views           |  StorageViews.View   |        --          |  Microsoft does all other Storage View operations (Configure Service).  |
+|  Tasks                   |  --  |  --   |  Microsoft manages extensions that manage tasks.  |
+|  vApp                    |  A CloudAdmin user has all vApp privileges.  |  --  |  --  |
+|  Virtual Machine         |  A CloudAdmin user has all VirtualMachine privileges.  |  --  |  --  |
+|  vService                |  A CloudAdmin user has all vService privileges.  |  --  |  --  |
+
+## NSX-T Manager access and identity
+
+You access NSX-T Manager using the "administrator" account. That account has full privileges and enables you to create and manage T1 routers, logical switches, and all services. The full privileges in NSX-T also provide you with access to the NSX-T T0 router. A change to the T0 router could result in degraded network performance or a loss of access to a private cloud. To meet support requirements, it's required that you open an support request in the Azure portal to request any changes to your NSX-T T0 router.
+  
+## Next steps
+
+The next step is to learn about [private cloud upgrade concepts][concepts-upgrades].
+
+<!-- LINKS - external -->
+
+<!-- LINKS - internal -->
+[concepts-upgrades]: ./concepts-upgrades.md
@@ -0,0 +1,81 @@
+---
+title: Concepts - Network interconnectivity
+description: Learn about key aspects and use cases of networking and interconnectivity in Azure VMware Solution (AVS)
+ms.topic: conceptual
+ms.date: 05/04/2020
+---
+
+# Azure VMware Solution (AVS) Preview networking and interconnectivity concepts
+
+Network interconnectivity between your Azure VMware Solution (AVS) private clouds and on-premises environments or virtual networks in Azure enables you to access and use your private cloud. A few key networking and interconnectivity concepts that establish the basis of interconnectivity are described in this article.
+
+A useful perspective on interconnectivity is to consider the two types of AVS private cloud implementations. The implementations with basic Azure-only interconnectivity and the implementations with full on-premises to private cloud interconnectivity.
+
+The use cases for AVS private clouds include:
+- new VMware VM workloads in the cloud
+- VM workload bursting to the cloud
+- VM workload migration to the cloud
+- disaster recovery
+- consumption of Azure services
+
+ All use cases for the AVS service are enabled with on-premises to private cloud connectivity. The basic interconnectivity model is best suited for AVS evaluations or implementations that don't require access from on-premises environments.
+
+The two types of AVS private cloud interconnectivity are described in the sections below.  The most basic interconnectivity is "Azure virtual network connectivity", and it enables you to manage and use your private cloud with only a single virtual network in Azure. The interconnectivity described in "On-premises connectivity" extends the virtual network connectivity to also include interconnectivity between on-premises environments and AVS private clouds.
+
+## Azure virtual network interconnectivity
+
+The basic network interconnectivity that is established at the time of a private cloud deployment is shown in the diagram below. It shows the logical, ExpressRoute-based networking between a virtual network in Azure and a private cloud. The interconnectivity fulfills three of the primary use cases:
+- Inbound access to management networks where vCenter server and NSX-T manager are located.
+    - Accessible from VMs within your Azure subscription, not from your on-premises systems.
+- Outbound access from VMs to Azure services.
+- Inbound access and consumption of workloads running a private cloud.
+
+![Basic virtual network -to- private cloud connectivity](./media/concepts/adjacency-overview-drawing-single.png)
+
+The ExpressRoute circuit in this virtual network to private cloud scenario is established when you create a connection from a virtual network in your subscription to the ExpressRoute circuit of your private cloud. The peering uses an authorization key and a circuit ID that you request in the Azure portal. The ExpressRoute connection that is established through the peering is a private, one-to-one connection between your private cloud and the virtual network. You can manage your private cloud, consume workloads in your private cloud, and access Azure services over that ExpressRoute connection.
+
+When you deploy an AVS private cloud, a single /22 private network address space is required. This address space shouldn't overlap with address spaces used in other virtual networks in your subscription. Within this address space, management, provisioning, and vMotion networks are provisioned automatically. The routing is BGP-based and it's automatically provisioned and enabled by default for each private cloud deployment.
+
+When a private cloud is deployed, you're provided with the IP addresses for vCenter and NSX-T Manager. To access those management interfaces, you'll create additional resources in a virtual network in your subscription. The procedures for creating those resources and establishing ExpressRoute private peering are provided in the tutorials.
+
+You design the private cloud logical networking and implement it with NSX-T. The private cloud comes with pre-provisioned NSX-T. A Tier-0 Gateway & Tier-1 Gateway is pre-provisioned for the you. You can create a segment and attach it to the existing Tier-1 gateway or attach to a new Tier-1 gateway that you can define. NSX-T logical networking components provide East-West connectivity between workloads and also provide North-South connectivity to the internet and Azure services. 
+
+## On-premises interconnectivity
+
+You can also connect on-premises environments to your AVS private clouds. This type of interconnectivity is an extension to the basic interconnectivity described in the previous section.
+
+![virtual network and on-premises full private cloud connectivity](./media/concepts/adjacency-overview-drawing-double.png)
+
+To establish full interconnectivity to a private cloud, you use the Azure portal to enable ExpressRoute Global Reach between a private cloud ExpressRoute circuit and an on-premises ExpressRoute circuit. This configuration extends the basic connectivity to include access to private clouds from on-premises environments.
+
+An on-premises to Azure virtual network ExpressRoute circuit is required to connect from on-premises environments to your private cloud in Azure. This ExpressRoute circuit is in your subscription and isn't part of a private cloud deployment. The on-premises ExpressRoute circuit is beyond the scope of this document. If you require on-premises connectivity to your private cloud, you can use one of your existing ExpressRoute circuits or purchase one in the Azure portal.
+
+Once linked with Global Reach, the two ExpressRoute circuits will route network traffic between your on-premises environments and your private cloud. The on-premises to private cloud interconnectivity is shown in the preceding diagram. The interconnectivity represented in the diagram enables the following use cases:
+
+- Hot/Cold Cross-vCenter vMotion
+- On-Premise to AVS private cloud management access
+
+To enable full connectivity, an Authorization Key and private peering ID for Global Reach can be requested in the Azure portal. You use the key and ID to establish Global Reach between an ExpressRoute circuit in your subscription and the ExpressRoute circuit for your new private cloud. The [tutorial for creating a private cloud](tutorial-create-private-cloud.md) provides you with the procedures for requesting and using the key and ID.
+
+The routing requirements of the solution require you to plan private cloud network address spaces so that you avoid overlaps with other virtual networks and on-premises networks. AVS private clouds require a minimum of a `/22` CIDR network address block for subnets, shown below. This network complements your on-premises networks. In order to connect to on-premises environments and virtual networks, this must be a non-overlapping network address block.
+
+Example `/22` CIDR network address block:  `10.10.0.0/22`
+
+The subnets:
+
+| Network usage             | Subnet | Example        |
+| ------------------------- | ------ | -------------- |
+| Private cloud management            | `/24`    | `10.10.0.0/24`   |
+| vMotion network       | `/24`    | `10.10.1.0/24`   |
+| VM workloads | `/24`   | `10.10.2.0/24`   |
+| ExpressRoute peering | `/24`    | `10.10.3.8/30`   |
+
+## Next steps 
+
+The next step is to learn about [private cloud storage concepts](concepts-storage.md).
+
+<!-- LINKS - external -->
+[enable Global Reach]: https://docs.microsoft.com/azure/expressroute/expressroute-howto-set-global-reach
+
+<!-- LINKS - internal -->
+