MicrosoftDocs
diff --git a/‎.openpublishing.redirection.json
Lines changed: 6 additions & 1 deletion b/‎.openpublishing.redirection.json
Lines changed: 6 additions & 1 deletion
diff --git a/‎articles/active-directory-domain-services/join-ubuntu-linux-vm.md
Lines changed: 6 additions & 0 deletions b/‎articles/active-directory-domain-services/join-ubuntu-linux-vm.md
Lines changed: 6 additions & 0 deletions
diff --git a/‎articles/active-directory/authentication/howto-mfa-nps-extension.md
Lines changed: 8 additions & 0 deletions b/‎articles/active-directory/authentication/howto-mfa-nps-extension.md
Lines changed: 8 additions & 0 deletions
diff --git a/‎articles/active-directory/b2b/toc.yml
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/b2b/toc.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/aks/cluster-autoscaler.md
Lines changed: 1 addition & 0 deletions b/‎articles/aks/cluster-autoscaler.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎articles/aks/operator-best-practices-advanced-scheduler.md
Lines changed: 1 addition & 1 deletion b/‎articles/aks/operator-best-practices-advanced-scheduler.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/application-gateway/key-vault-certs.md
Lines changed: 4 additions & 1 deletion b/‎articles/application-gateway/key-vault-certs.md
Lines changed: 4 additions & 1 deletion
@@ -3639,7 +3639,7 @@
     },
    {
       "source_path": "articles/key-vault/about-keys-secrets-and-certificates.md",
-      "redirect_url": "/azure/key-vault/index.yml",
+      "redirect_url": "/azure/key-vault",
       "redirect_document_id": false
     },
    {
@@ -7856,6 +7856,11 @@
       "redirect_url": "/azure/automation/source-control-integration",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/automation/oms-solution-updatemgmt-sccmintegration.md",
+      "redirect_url": "/azure/automation/updatemgmt-mecmintegration",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/automation/automation-change-tracking.md",
       "redirect_url": "/azure/automation/change-tracking",
 
@@ -151,6 +151,12 @@ Successfully enrolled machine in realm
 
 If your VM can't successfully complete the domain-join process, make sure that the VM's network security group allows outbound Kerberos traffic on TCP + UDP port 464 to the virtual network subnet for your Azure AD DS managed domain.
 
+If you received the error *Unspecified GSS failure.  Minor code may provide more information (Server not found in Kerberos database)*, open the file */etc/krb5.conf* and add the following code in `[libdefaults]` section and try again:
+
+```console
+rdns=false
+```
+
 ## Update the SSSD configuration
 
 One of the packages installed in a previous step was for System Security Services Daemon (SSSD). When a user tries to sign in to a VM using domain credentials, SSSD relays the request to an authentication provider. In this scenario, SSSD uses Azure AD DS to authenticate the request.
 
@@ -140,6 +140,14 @@ Use these steps to get a test account started:
 2. Follow the prompts to set up a verification method.
 3. [Create a Conditional Access policy](howto-mfa-getstarted.md#create-conditional-access-policy) to require multi-factor authentication for the test account.
 
+> [!IMPORTANT]
+>
+> Make sure that users have successfully registered for Azure Multi-Factor Authentication. If users have previously only registered for self-service password reset (SSPR), *StrongAuthenticationMethods* is enabled for their account. Azure Multi-Factor Authentication is enforced when *StrongAuthenticationMethods* is configured, even if the user only registered for SSPR.
+>
+> Combined security registration can be enabled that configures SSPR and Azure Multi-Factor Authentication at the same time. For more information, see [Enable combined security information registration in Azure Active Directory](howto-registration-mfa-sspr-combined.md).
+>
+> You can also [force users to re-register authentication methods](howto-mfa-userdevicesettings.md#manage-user-authentication-options) if they previously only enabled SSPR.
+
 ## Install the NPS extension
 
 > [!IMPORTANT]
 
@@ -17,7 +17,7 @@
     items:
     - name: Bulk invite via PowerShell
       href: bulk-invite-powershell.md
-    - name: Bulk invite via the portal (preview)
+    - name: Bulk invite via the portal
       href: tutorial-bulk-invite.md
     - name: Enforce multi-factor authentication
       href: b2b-tutorial-require-mfa.md
 
@@ -38,7 +38,7 @@ Organizations may have many cloud applications in use. Not all of those applicat
 
 ## Create a Conditional Access policy
 
-The following steps will help create a Conditional Access policy to require those assigned administrative roles to perform multi-factor authentication.
+The following steps will help create a Conditional Access policy to require All users to perform multi-factor authentication.
 
 1. Sign in to the **Azure portal** as a global administrator, security administrator, or Conditional Access administrator.
 1. Browse to **Azure Active Directory** > **Security** > **Conditional Access**.
 
@@ -113,6 +113,7 @@ You can also configure more granular details of the cluster autoscaler by changi
 | scale-down-unready-time          | How long an unready node should be unneeded before it is eligible for scale down         | 20 minutes    |
 | scale-down-utilization-threshold | Node utilization level, defined as sum of requested resources divided by capacity, below which a node can be considered for scale down | 0.5 |
 | max-graceful-termination-sec     | Maximum number of seconds the cluster autoscaler waits for pod termination when trying to scale down a node. | 600 seconds   |
+| balance-similar-node-groups | Detect similar node pools and balance the number of nodes between them | false |
 
 > [!IMPORTANT]
 > The cluster autoscaler profile affects all node pools that use the cluster autoscaler. You can't set an autoscaler profile per node pool.
 
@@ -130,7 +130,7 @@ For more information about using node selectors, see [Assigning Pods to Nodes][k
 
 A node selector is a basic way to assign pods to a given node. More flexibility is available using *node affinity*. With node affinity, you define what happens if the pod can't be matched with a node. You can *require* that Kubernetes scheduler matches a pod with a labeled host. Or, you can *prefer* a match but allow the pod to be scheduled on a different host if not match is available.
 
-The following example sets the node affinity to *requiredDuringSchedulingIgnoredDuringExecution*. This affinity requires the Kubernetes schedule to use a node with a matching label. If no node is available, the pod has to wait for scheduling to continue. To allow the pod to be scheduled on a different node, you can instead set the value to *preferredDuringScheduledIgnoreDuringExecution*:
+The following example sets the node affinity to *requiredDuringSchedulingIgnoredDuringExecution*. This affinity requires the Kubernetes schedule to use a node with a matching label. If no node is available, the pod has to wait for scheduling to continue. To allow the pod to be scheduled on a different node, you can instead set the value to *preferredDuringSchedulingIgnoreDuringExecution*:
 
 ```yaml
 kind: Pod
 
@@ -42,7 +42,10 @@ Application Gateway integration with Key Vault requires a three-step configurati
 
 1. **Configure your key vault**
 
-   You then either import an existing certificate or create a new one in your key vault. The certificate will be used by applications that run through the application gateway. In this step, you can also use a key vault secret that's stored as a password-less, base 64-encoded PFX file. We recommend using a certificate type because of the autorenewal capability that's available with certificate type objects in the key vault. After you've created a certificate or a secret, you define access policies in the key vault to allow the identity to be granted *get* access to the secret.
+   You then either import an existing certificate or create a new one in your key vault. The certificate will be used by applications that run through the application gateway. In this step, you can also use a key vault secret that's stored as a password-less, base-64 encoded PFX file. We recommend using a certificate type because of the autorenewal capability that's available with certificate type objects in the key vault. After you've created a certificate or a secret, you define access policies in the key vault to allow the identity to be granted *get* access to the secret.
+   
+   > [!NOTE]
+   > If you deploy the application gateway via an ARM template, either by using the Azure CLI or PowerShell, or via an Azure Application deployed from the Azure portal, the SSL certificate that's stored in the key vault as a base-64-encoded PFX file **must be passwordless**. Also, you must complete the steps in [Use Azure Key Vault to pass secure parameter value during deployment](../azure-resource-manager/templates/key-vault-parameter.md). It's particularly important to set `enabledForTemplateDeployment` to `true`.
 
 1. **Configure the application gateway**