Skip to content

Commit de0554c

Browse files
committed
Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into heidist-rbac
2 parents 15e502c + 50187ab commit de0554c

File tree

54 files changed

+501
-338
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

54 files changed

+501
-338
lines changed

articles/active-directory/governance/entitlement-management-access-package-approval-policy.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ ms.workload: identity
1111
ms.tgt_pltfrm: na
1212
ms.topic: how-to
1313
ms.subservice: compliance
14-
ms.date: 05/16/2021
14+
ms.date: 01/25/2023
1515
ms.author: owinfrey
1616
ms.reviewer:
1717
ms.collection: M365-identity-device-management

articles/active-directory/governance/entitlement-management-access-package-assignments.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ ms.workload: identity
1111
ms.tgt_pltfrm: na
1212
ms.topic: how-to
1313
ms.subservice: compliance
14-
ms.date: 01/05/2022
14+
ms.date: 01/25/2023
1515
ms.author: owinfrey
1616
ms.reviewer:
1717
ms.collection: M365-identity-device-management

articles/active-directory/governance/entitlement-management-access-package-create.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ ms.workload: identity
1111
ms.tgt_pltfrm: na
1212
ms.topic: how-to
1313
ms.subservice: compliance
14-
ms.date: 06/18/2020
14+
ms.date: 01/25/2023
1515
ms.author: owinfrey
1616
ms.reviewer:
1717
ms.collection: M365-identity-device-management

articles/active-directory/governance/entitlement-management-access-package-edit.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ ms.workload: identity
1111
ms.tgt_pltfrm: na
1212
ms.topic: how-to
1313
ms.subservice: compliance
14-
ms.date: 06/18/2020
14+
ms.date: 01/25/2023
1515
ms.author: owinfrey
1616
ms.reviewer:
1717
ms.collection: M365-identity-device-management

articles/active-directory/governance/entitlement-management-access-package-first.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ ms.workload: identity
1111
ms.tgt_pltfrm: na
1212
ms.topic: tutorial
1313
ms.subservice: compliance
14-
ms.date: 08/01/2022
14+
ms.date: 01/25/2023
1515
ms.author: owinfrey
1616
ms.reviewer: markwahl-msft
1717
ms.collection: M365-identity-device-management

articles/active-directory/governance/entitlement-management-access-package-incompatible.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ ms.workload: identity
1111
ms.tgt_pltfrm: na
1212
ms.topic: how-to
1313
ms.subservice: compliance
14-
ms.date: 12/15/2021
14+
ms.date: 01/25/2023
1515
ms.author: owinfrey
1616
ms.reviewer:
1717
ms.collection: M365-identity-device-management

articles/active-directory/governance/entitlement-management-access-package-lifecycle-policy.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ ms.workload: identity
1111
ms.tgt_pltfrm: na
1212
ms.topic: how-to
1313
ms.subservice: compliance
14-
ms.date: 03/24/2022
14+
ms.date: 01/25/2023
1515
ms.author: owinfrey
1616
ms.reviewer:
1717
ms.collection: M365-identity-device-management

articles/active-directory/roles/admin-units-manage.md

Lines changed: 16 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ ms.service: active-directory
99
ms.topic: how-to
1010
ms.subservice: roles
1111
ms.workload: identity
12-
ms.date: 03/22/2022
12+
ms.date: 01/25/2023
1313
ms.author: rolyon
1414
ms.reviewer: anandy
1515
ms.custom: oldportal;it-pro;
@@ -66,6 +66,20 @@ Use the [New-AzureADMSAdministrativeUnit](/powershell/module/azuread/new-azuread
6666
New-AzureADMSAdministrativeUnit -Description "West Coast region" -DisplayName "West Coast"
6767
```
6868

69+
### Microsoft Graph PowerShell
70+
71+
Use the [New-MgDirectoryAdministrativeUnit](/powershell/module/microsoft.graph.identity.directorymanagement/new-mgdirectoryadministrativeunit) command to create a new administrative unit.
72+
73+
```powershell
74+
Import-Module Microsoft.Graph.Identity.DirectoryManagement
75+
$params = @{
76+
DisplayName = "Seattle District Technical Schools"
77+
Description = "Seattle district technical schools administration"
78+
Visibility = "HiddenMembership"
79+
}
80+
New-MgDirectoryAdministrativeUnit -BodyParameter $params
81+
```
82+
6983
### Microsoft Graph API
7084

7185
Use the [Create administrativeUnit](/graph/api/administrativeunit-post-administrativeunits) API to create a new administrative unit.
@@ -109,27 +123,14 @@ In Azure AD, you can delete an administrative unit that you no longer need as a
109123

110124
1. To confirm that you want to delete the administrative unit, select **Yes**.
111125

112-
### PowerShell - AzureAD Module
126+
### PowerShell
113127

114128
Use the [Remove-AzureADMSAdministrativeUnit](/powershell/module/azuread/remove-azureadmsadministrativeunit) command to delete an administrative unit.
115129

116130
```powershell
117131
$adminUnitObj = Get-AzureADMSAdministrativeUnit -Filter "displayname eq 'DeleteMe Admin Unit'"
118132
Remove-AzureADMSAdministrativeUnit -Id $adminUnitObj.Id
119133
```
120-
### PowerShell - Microsoft Graph PowerShell SDK
121-
122-
```
123-
Import-Module Microsoft.Graph.Identity.DirectoryManagement
124-
125-
$params = @{
126-
DisplayName = "Seattle District Technical Schools"
127-
Description = "Seattle district technical schools administration"
128-
Visibility = "HiddenMembership"
129-
}
130-
131-
New-MgDirectoryAdministrativeUnit -BodyParameter $params
132-
```
133134

134135
### Microsoft Graph API
135136

articles/aks/private-clusters.md

Lines changed: 15 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ title: Create a private Azure Kubernetes Service cluster
33
description: Learn how to create a private Azure Kubernetes Service (AKS) cluster
44
services: container-service
55
ms.topic: article
6-
ms.date: 12/13/2022
6+
ms.date: 01/25/2023
77
ms.custom: references_regions
88
---
99

@@ -23,8 +23,8 @@ Private cluster is available in public regions, Azure Government, and Azure Chin
2323

2424
## Prerequisites
2525

26-
* The Azure CLI version 2.28.0 and higher.
27-
* The aks-preview extension 0.5.29 or higher.
26+
* The Azure CLI version 2.28.0 and higher. Run `az --version` to find the version, and run `az upgrade` to upgrade the version. If you need to install or upgrade, see [Install Azure CLI][install-azure-cli].
27+
* The `aks-preview` extension 0.5.29 or higher.
2828
* If using Azure Resource Manager (ARM) or the Azure REST API, the AKS API version must be 2021-05-01 or higher.
2929
* Azure Private Link service is supported on Standard Azure Load Balancer only. Basic Azure Load Balancer isn't supported.
3030
* To use a custom DNS server, add the Azure public IP address 168.63.129.16 as the upstream DNS server in the custom DNS server. For more information about the Azure IP address, see [What is IP address 168.63.129.16?][virtual-networks-168.63.129.16]
@@ -96,33 +96,30 @@ az aks create -n <private-cluster-name> -g <private-cluster-resource-group> --lo
9696
az aks update -n <private-cluster-name> -g <private-cluster-resource-group> --disable-public-fqdn
9797
```
9898

99-
## Configure Private DNS Zone
99+
## Configure private DNS zone
100100

101-
The following parameters can be used to configure Private DNS Zone.
101+
The following parameters can be used to configure private DNS zone.
102102

103-
- **system**, which is also the default value. If the `--private-dns-zone` argument is omitted, AKS will create a Private DNS Zone in the Node Resource Group.
104-
- **none**, defaults to public DNS which means AKS will not create a Private DNS Zone.
105-
- **CUSTOM_PRIVATE_DNS_ZONE_RESOURCE_ID**, which requires you to create a Private DNS Zone in this format for Azure global cloud: `privatelink.<region>.azmk8s.io` or `<subzone>.privatelink.<region>.azmk8s.io`. You'll need the Resource ID of that Private DNS Zone going forward. Additionally, you need a user assigned identity or service principal with at least the `private dns zone contributor` and `network contributor` roles.
106-
- If the Private DNS Zone is in a different subscription than the AKS cluster, you need to register the Azure provider **Microsoft.ContainerServices** in both subscriptions.
103+
- **system** - This is the default value. If the `--private-dns-zone` argument is omitted, AKS creates a Private DNS zone in the node resource group.
104+
- **none** - the default is public DNS. AKS won't create a private DNS zone.
105+
- **CUSTOM_PRIVATE_DNS_ZONE_RESOURCE_ID**, requires you to create a private DNS zone only in the following format for Azure global cloud: `privatelink.<region>.azmk8s.io` or `<subzone>.privatelink.<region>.azmk8s.io`. You'll need the Resource ID of that private DNS zone going forward. Additionally, you need a user assigned identity or service principal with at least the [Private DNS Zone Contributor][private-dns-zone-contributor-role] and [Network Contributor][network-contributor-role] roles. When deploying using API server VNet integration, a private DNS zone additionally supports the naming format of `private.<region>.azmk8s.io` or `<subzone>.private.<region>.azmk8s.io`.
106+
- If the private DNS zone is in a different subscription than the AKS cluster, you need to register the Azure provider **Microsoft.ContainerServices** in both subscriptions.
107107
- "fqdn-subdomain" can be utilized with "CUSTOM_PRIVATE_DNS_ZONE_RESOURCE_ID" only to provide subdomain capabilities to `privatelink.<region>.azmk8s.io`
108108

109-
> [!NOTE]
110-
> Deploying a private link-based AKS cluster only supports a Private DNS Zone using the following naming format `privatelink.<region>.azmk8s.io` or `<subzone>-privatelink.<region>.azmk8s.io`. When deploying using API server VNet integration, a Private DNS Zone additionally supports the naming format of `private.<region>.azmk8s.io` or `<subzone>-private.<region>.azmk8s.io`.
111-
112-
### Create a private AKS cluster with Private DNS Zone
109+
### Create a private AKS cluster with private DNS zone
113110

114111
```azurecli-interactive
115112
az aks create -n <private-cluster-name> -g <private-cluster-resource-group> --load-balancer-sku standard --enable-private-cluster --enable-managed-identity --assign-identity <ResourceId> --private-dns-zone [system|none]
116113
```
117114

118-
### Create a private AKS cluster with Custom Private DNS Zone or Private DNS SubZone
115+
### Create a private AKS cluster with custom private DNS zone or private DNS subzone
119116

120117
```azurecli-interactive
121118
# Custom Private DNS Zone name should be in format "<subzone>.privatelink.<region>.azmk8s.io"
122119
az aks create -n <private-cluster-name> -g <private-cluster-resource-group> --load-balancer-sku standard --enable-private-cluster --enable-managed-identity --assign-identity <ResourceId> --private-dns-zone <custom private dns zone or custom private dns subzone ResourceId>
123120
```
124121

125-
### Create a private AKS cluster with Custom Private DNS Zone and Custom Subdomain
122+
### Create a private AKS cluster with custom private DNS zone and custom subdomain
126123

127124
```azurecli-interactive
128125
# Custom Private DNS Zone name could be in formats "privatelink.<region>.azmk8s.io" or "<subzone>.privatelink.<region>.azmk8s.io"
@@ -276,3 +273,6 @@ For associated best practices, see [Best practices for network connectivity and
276273
[create-aks-cluster-api-vnet-integration]: api-server-vnet-integration.md
277274
[azure-home]: ../azure-portal/azure-portal-overview.md#azure-home
278275
[operator-best-practices-network]: operator-best-practices-network.md
276+
[install-azure-cli]: /cli/azure/install-azure-cli
277+
[private-dns-zone-contributor-role]: ../role-based-access-control/built-in-roles.md#dns-zone-contributor
278+
[network-contributor-role]: ../role-based-access-control/built-in-roles.md#network-contributor
16.7 KB
Loading

0 commit comments

Comments
 (0)