MicrosoftDocs
diff --git a/‎articles/active-directory/governance/entitlement-management-access-package-approval-policy.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/governance/entitlement-management-access-package-approval-policy.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/governance/entitlement-management-access-package-assignments.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/governance/entitlement-management-access-package-assignments.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/governance/entitlement-management-access-package-create.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/governance/entitlement-management-access-package-create.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/governance/entitlement-management-access-package-edit.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/governance/entitlement-management-access-package-edit.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/governance/entitlement-management-access-package-first.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/governance/entitlement-management-access-package-first.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/governance/entitlement-management-access-package-incompatible.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/governance/entitlement-management-access-package-incompatible.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/governance/entitlement-management-access-package-lifecycle-policy.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/governance/entitlement-management-access-package-lifecycle-policy.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/roles/admin-units-manage.md
Lines changed: 16 additions & 15 deletions b/‎articles/active-directory/roles/admin-units-manage.md
Lines changed: 16 additions & 15 deletions
diff --git a/‎articles/aks/private-clusters.md
Lines changed: 15 additions & 15 deletions b/‎articles/aks/private-clusters.md
Lines changed: 15 additions & 15 deletions
diff --git a/‎articles/azure-video-indexer/media/network-security/nsg-service-tag-videoindexer.png
16.7 KB b/‎articles/azure-video-indexer/media/network-security/nsg-service-tag-videoindexer.png
16.7 KB
@@ -11,7 +11,7 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.topic: how-to
 ms.subservice: compliance
-ms.date: 05/16/2021
+ms.date: 01/25/2023
 ms.author: owinfrey
 ms.reviewer: 
 ms.collection: M365-identity-device-management
 
@@ -11,7 +11,7 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.topic: how-to
 ms.subservice: compliance
-ms.date: 01/05/2022
+ms.date: 01/25/2023
 ms.author: owinfrey
 ms.reviewer: 
 ms.collection: M365-identity-device-management
 
@@ -11,7 +11,7 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.topic: how-to
 ms.subservice: compliance
-ms.date: 06/18/2020
+ms.date: 01/25/2023
 ms.author: owinfrey
 ms.reviewer: 
 ms.collection: M365-identity-device-management
 
@@ -11,7 +11,7 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.topic: how-to
 ms.subservice: compliance
-ms.date: 06/18/2020
+ms.date: 01/25/2023
 ms.author: owinfrey
 ms.reviewer: 
 ms.collection: M365-identity-device-management
 
@@ -11,7 +11,7 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.topic: tutorial
 ms.subservice: compliance
-ms.date: 08/01/2022
+ms.date: 01/25/2023
 ms.author: owinfrey
 ms.reviewer: markwahl-msft
 ms.collection: M365-identity-device-management
 
@@ -11,7 +11,7 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.topic: how-to
 ms.subservice: compliance
-ms.date: 12/15/2021
+ms.date: 01/25/2023
 ms.author: owinfrey
 ms.reviewer: 
 ms.collection: M365-identity-device-management
 
@@ -11,7 +11,7 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.topic: how-to
 ms.subservice: compliance
-ms.date: 03/24/2022
+ms.date: 01/25/2023
 ms.author: owinfrey
 ms.reviewer: 
 ms.collection: M365-identity-device-management
 
@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.topic: how-to
 ms.subservice: roles
 ms.workload: identity
-ms.date: 03/22/2022
+ms.date: 01/25/2023
 ms.author: rolyon
 ms.reviewer: anandy
 ms.custom: oldportal;it-pro;
@@ -66,6 +66,20 @@ Use the [New-AzureADMSAdministrativeUnit](/powershell/module/azuread/new-azuread
 New-AzureADMSAdministrativeUnit -Description "West Coast region" -DisplayName "West Coast"
 ```
 
+### Microsoft Graph PowerShell
+
+Use the [New-MgDirectoryAdministrativeUnit](/powershell/module/microsoft.graph.identity.directorymanagement/new-mgdirectoryadministrativeunit) command to create a new administrative unit.
+
+```powershell
+Import-Module Microsoft.Graph.Identity.DirectoryManagement
+$params = @{
+	DisplayName = "Seattle District Technical Schools"
+	Description = "Seattle district technical schools administration"
+	Visibility = "HiddenMembership"
+}
+New-MgDirectoryAdministrativeUnit -BodyParameter $params
+```
+
 ### Microsoft Graph API
 
 Use the [Create administrativeUnit](/graph/api/administrativeunit-post-administrativeunits) API to create a new administrative unit.
@@ -109,27 +123,14 @@ In Azure AD, you can delete an administrative unit that you no longer need as a
 
 1. To confirm that you want to delete the administrative unit, select **Yes**.
 
-### PowerShell - AzureAD Module
+### PowerShell
 
 Use the [Remove-AzureADMSAdministrativeUnit](/powershell/module/azuread/remove-azureadmsadministrativeunit) command to delete an administrative unit.
 
 ```powershell
 $adminUnitObj = Get-AzureADMSAdministrativeUnit -Filter "displayname eq 'DeleteMe Admin Unit'"
 Remove-AzureADMSAdministrativeUnit -Id $adminUnitObj.Id
 ```
-### PowerShell - Microsoft Graph PowerShell SDK
-
-```
-Import-Module Microsoft.Graph.Identity.DirectoryManagement
-
-$params = @{
-	DisplayName = "Seattle District Technical Schools"
-	Description = "Seattle district technical schools administration"
-	Visibility = "HiddenMembership"
-}
-
-New-MgDirectoryAdministrativeUnit -BodyParameter $params
-```
 
 ### Microsoft Graph API
 
 
@@ -3,7 +3,7 @@ title: Create a private Azure Kubernetes Service cluster
 description: Learn how to create a private Azure Kubernetes Service (AKS) cluster
 services: container-service
 ms.topic: article
-ms.date: 12/13/2022
+ms.date: 01/25/2023
 ms.custom: references_regions
 ---
 
@@ -23,8 +23,8 @@ Private cluster is available in public regions, Azure Government, and Azure Chin
 
 ## Prerequisites
 
-* The Azure CLI version 2.28.0 and higher.
-* The aks-preview extension 0.5.29 or higher.
+* The Azure CLI version 2.28.0 and higher. Run `az --version` to find the version, and run `az upgrade` to upgrade the version. If you need to install or upgrade, see [Install Azure CLI][install-azure-cli].
+* The `aks-preview` extension 0.5.29 or higher.
 * If using Azure Resource Manager (ARM) or the Azure REST API, the AKS API version must be 2021-05-01 or higher.
 * Azure Private Link service is supported on Standard Azure Load Balancer only. Basic Azure Load Balancer isn't supported.  
 * To use a custom DNS server, add the Azure public IP address 168.63.129.16 as the upstream DNS server in the custom DNS server. For more information about the Azure IP address, see [What is IP address 168.63.129.16?][virtual-networks-168.63.129.16]
@@ -96,33 +96,30 @@ az aks create -n <private-cluster-name> -g <private-cluster-resource-group> --lo
 az aks update -n <private-cluster-name> -g <private-cluster-resource-group> --disable-public-fqdn
 ```
 
-## Configure Private DNS Zone
+## Configure private DNS zone
 
-The following parameters can be used to configure Private DNS Zone.
+The following parameters can be used to configure private DNS zone.
 
-- **system**, which is also the default value. If the `--private-dns-zone` argument is omitted, AKS will create a Private DNS Zone in the Node Resource Group.
-- **none**, defaults to public DNS which means AKS will not create a Private DNS Zone.  
-- **CUSTOM_PRIVATE_DNS_ZONE_RESOURCE_ID**, which requires you to create a Private DNS Zone in this format for Azure global cloud: `privatelink.<region>.azmk8s.io` or `<subzone>.privatelink.<region>.azmk8s.io`. You'll need the Resource ID of that Private DNS Zone going forward. Additionally, you need a user assigned identity or service principal with at least the `private dns zone contributor`  and `network contributor` roles.
-  - If the Private DNS Zone is in a different subscription than the AKS cluster, you need to register the Azure provider **Microsoft.ContainerServices** in both subscriptions.
+- **system** - This is the default value. If the `--private-dns-zone` argument is omitted, AKS creates a Private DNS zone in the node resource group.
+- **none** - the default is public DNS. AKS won't create a private DNS zone.  
+- **CUSTOM_PRIVATE_DNS_ZONE_RESOURCE_ID**, requires you to create a private DNS zone only in the following format for Azure global cloud: `privatelink.<region>.azmk8s.io` or `<subzone>.privatelink.<region>.azmk8s.io`. You'll need the Resource ID of that private DNS zone going forward. Additionally, you need a user assigned identity or service principal with at least the [Private DNS Zone Contributor][private-dns-zone-contributor-role]  and [Network Contributor][network-contributor-role] roles. When deploying using API server VNet integration, a private DNS zone additionally supports the naming format of `private.<region>.azmk8s.io` or `<subzone>.private.<region>.azmk8s.io`.
+  - If the private DNS zone is in a different subscription than the AKS cluster, you need to register the Azure provider **Microsoft.ContainerServices** in both subscriptions.
   - "fqdn-subdomain" can be utilized with "CUSTOM_PRIVATE_DNS_ZONE_RESOURCE_ID" only to provide subdomain capabilities to `privatelink.<region>.azmk8s.io`
 
-    > [!NOTE]
-    > Deploying a private link-based AKS cluster only supports a Private DNS Zone using the following naming format `privatelink.<region>.azmk8s.io` or `<subzone>-privatelink.<region>.azmk8s.io`. When deploying using API server VNet integration, a Private DNS Zone additionally supports the naming format of `private.<region>.azmk8s.io` or `<subzone>-private.<region>.azmk8s.io`.
-
-### Create a private AKS cluster with Private DNS Zone
+### Create a private AKS cluster with private DNS zone
 
 ```azurecli-interactive
 az aks create -n <private-cluster-name> -g <private-cluster-resource-group> --load-balancer-sku standard --enable-private-cluster --enable-managed-identity --assign-identity <ResourceId> --private-dns-zone [system|none]
 ```
 
-### Create a private AKS cluster with Custom Private DNS Zone or Private DNS SubZone
+### Create a private AKS cluster with custom private DNS zone or private DNS subzone
 
 ```azurecli-interactive
 # Custom Private DNS Zone name should be in format "<subzone>.privatelink.<region>.azmk8s.io"
 az aks create -n <private-cluster-name> -g <private-cluster-resource-group> --load-balancer-sku standard --enable-private-cluster --enable-managed-identity --assign-identity <ResourceId> --private-dns-zone <custom private dns zone or custom private dns subzone ResourceId>
 ```
 
-### Create a private AKS cluster with Custom Private DNS Zone and Custom Subdomain
+### Create a private AKS cluster with custom private DNS zone and custom subdomain
 
 ```azurecli-interactive
 # Custom Private DNS Zone name could be in formats "privatelink.<region>.azmk8s.io" or "<subzone>.privatelink.<region>.azmk8s.io"
@@ -276,3 +273,6 @@ For associated best practices, see [Best practices for network connectivity and
 [create-aks-cluster-api-vnet-integration]: api-server-vnet-integration.md
 [azure-home]: ../azure-portal/azure-portal-overview.md#azure-home
 [operator-best-practices-network]: operator-best-practices-network.md
+[install-azure-cli]: /cli/azure/install-azure-cli
+[private-dns-zone-contributor-role]: ../role-based-access-control/built-in-roles.md#dns-zone-contributor
+[network-contributor-role]: ../role-based-access-control/built-in-roles.md#network-contributor