Merge pull request #231055 from MicrosoftDocs/repo_sync_working_branch

huypub · web-flow · commit ec61223092d1 · 2023-03-16T14:47:34.000-07:00
Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)
diff --git a/articles/active-directory/hybrid/how-to-connect-modify-group-writeback.md b/articles/active-directory/hybrid/how-to-connect-modify-group-writeback.md
@@ -32,7 +32,6 @@ If the original version of group writeback is already enabled and in use in your
 
 To configure directory settings to disable automatic writeback of newly created Microsoft 365 groups, use one of these methods:
 
-- Azure portal: Update the `NewUnifiedGroupWritebackDefault` setting to `false`. 
 - PowerShell: Use the [Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/installation?view=graph-powershell-1.0&preserve-view=true). For example: 
     
   ```PowerShell 
diff --git a/articles/aks/faq.md b/articles/aks/faq.md
@@ -311,7 +311,24 @@ AKS nodes run the "chrony" service, which pulls time from the localhost.  Contai
 
 ## How are AKS addons updated?
 
-Any patch, including security patches, is automatically applied to the AKS cluster. Anything bigger than a patch, like major or minor version changes (which can have breaking changes to your deployed objects), is updated when you update your cluster if a new release is available. You can find when a new release is available by visiting the [AKS release notes](https://github.com/Azure/AKS/releases). 
+Any patch, including security patches, is automatically applied to the AKS cluster. Anything bigger than a patch, like major or minor version changes (which can have breaking changes to your deployed objects), is updated when you update your cluster if a new release is available. You can find when a new release is available by visiting the [AKS release notes](https://github.com/Azure/AKS/releases).
+
+## What is the purpose of the AKS Linux Extension I see installed on my Linux VMSS instances?
+
+The AKS Linux Extension is an Azure VM extension whose purpose is to install and configure monitoring tools on Kubernetes worker nodes. The extension is installed on all new and existing Linux nodes. It configures the following monitoring tools:  
+
+- [Node-exporter](https://github.com/prometheus/node_exporter): collects hardware telemetry from the virtual machine and makes it available using a metrics endpoint. These metrics are then able to be scraped by a monitoring tool such as Prometheus.
+- [Node-problem-detector](https://github.com/kubernetes/node-problem-detector): aims to make various node problems visible to upstream layers in the cluster management stack. It is a systemd unit that runs on each node, detects node problems, and reports them to the cluster’s API server using Events and NodeConditions.
+- [Local-gadget](https://www.inspektor-gadget.io/docs/latest/local-gadget/): uses in-kernel eBPF helper programs to monitor events mainly related to syscalls from userspace programs in a pod.
+
+These tools assist in providing observability around many node health related problems such as: 
+
+- Infrastructure daemon issues: NTP service down
+- Hardware issues: Bad CPU, memory or disk
+- Kernel issues: Kernel deadlock, corrupted file system
+- Container runtime issues: Unresponsive runtime daemon 
+
+The extension **does not** require any additional outbound access to any URLs, IP addresses, or ports beyond the [documented AKS egress requirements](./limit-egress-traffic.md). It does not require any special permissions granted in Azure. It uses kubeconfig to connect to the API server to send the monitoring data collected.
 
 <!-- LINKS - internal -->
 
diff --git a/articles/azure-arc/kubernetes/tutorial-use-gitops-flux2.md b/articles/azure-arc/kubernetes/tutorial-use-gitops-flux2.md
@@ -582,7 +582,7 @@ When you delete a Flux configuration, all of the Flux configuration objects in t
 
 When you delete the Flux extension, both the `microsoft.flux` extension resource in Azure and the Flux extension objects in the cluster will be removed.
 
-For an Azure Arc-enabled Kubernetes cluster, navigate to the cluster and select **Extensions**. Select the `flux` extension and select **Delete**, then confirm the deletion.
+For an Azure Arc-enabled Kubernetes cluster, navigate to the cluster and select **Extensions**. Select the `flux` extension and select **Uninstall**, then confirm the deletion.
 
 For AKS clusters, you can't use the Azure portal to delete the extension. Instead, use the following Azure CLI command:
 
diff --git a/articles/cosmos-db/how-to-always-encrypted.md b/articles/cosmos-db/how-to-always-encrypted.md
@@ -54,11 +54,6 @@ For each property that you want to encrypt, the encryption policy defines:
 - An encryption type. It can be either randomized or deterministic.
 - The encryption algorithm to use when encrypting the property. The specified algorithm can override the algorithm defined when creating the key if they are compatible.
 
-> [!NOTE]
-> The following properties can't be encrypted:
-> - ID
-> - The container's partition key
-
 #### Randomized vs. deterministic encryption
 
 The Azure Cosmos DB service never sees the plain text of properties encrypted with Always Encrypted. However, it still supports some querying capabilities over the encrypted data, depending on the encryption type used for a property. Always Encrypted supports the following two types of encryptions:
diff --git a/articles/private-link/rbac-permissions.md b/articles/private-link/rbac-permissions.md
@@ -129,6 +129,16 @@ This section lists the granular permissions required to deploy a private link se
 }
 ```
 
+## Approval RBAC for private endpoint
+
+Typically, a network administrator creates a private endpoint. Depending on your Azure role-based access control (RBAC) permissions, a private endpoint that you create is either *automatically approved* to send traffic to the API Management instance, or requires the resource owner to *manually approve* the connection.
+
+
+|Approval method     |Minimum RBAC permissions  |
+|---------|---------|
+|Automatic     | `Microsoft.Network/virtualNetworks/**`<br/>`Microsoft.Network/virtualNetworks/subnets/**`<br/>`Microsoft.Network/privateEndpoints/**`<br/>`Microsoft.Network/networkinterfaces/**`<br/>`Microsoft.Network/locations/availablePrivateEndpointTypes/read`<br/>`Microsoft.ApiManagement/service/**`<br/>`Microsoft.ApiManagement/service/privateEndpointConnections/**`        |
+|Manual     | `Microsoft.Network/virtualNetworks/**`<br/>`Microsoft.Network/virtualNetworks/subnets/**`<br/>`Microsoft.Network/privateEndpoints/**`<br/>`Microsoft.Network/networkinterfaces/**`<br/>`Microsoft.Network/locations/availablePrivateEndpointTypes/read`           |
+
 ## Next steps
 
 For more information on private endpoint and private link services in Azure Private link, see:
