Merge pull request #209973 from MicrosoftDocs/repo_sync_working_branch

huypub · web-flow · commit ef1f4361d959 · 2022-09-02T09:43:46.000-07:00
Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)
diff --git a/articles/active-directory/enterprise-users/clean-up-unmanaged-azure-ad-accounts.md b/articles/active-directory/enterprise-users/clean-up-unmanaged-azure-ad-accounts.md
@@ -16,34 +16,15 @@ ms.collection: M365-identity-device-management
 
 # Clean up unmanaged Azure Active Directory accounts
 
-Azure Active Directory (Azure AD) supports self-service sign-up for
-email-verified users. Users can create Azure AD accounts if they can
-verify email ownership. To learn more, see, [What is self-service
-sign-up for Azure Active
-Directory?](./directory-self-service-signup.md)
-
-However, if a user creates an account, and the domain isn't verified in
-an Azure AD tenant, the user is created in an unmanaged, or viral
-tenant. The user can create an account with an organization's domain,
-not under the lifecycle management of the organization's IT. Access can
-persist after the user leaves the organization.
+Prior to August 2022, Azure AD B2B supported Self-service sign-up for email-verified users which allowed users to create Azure AD accounts if they can verify ownership of the email. These accounts were created in unmanaged (aka “viral”) tenants. This meant that the user created an account with an organization’s domain that is not under the lifecycle management of the organization’s IT and access can persist after the user leaves the organization. To learn more, see, [What is self-service sign-up for Azure Active Directory?](./directory-self-service-signup.md)
 
-## Remove unmanaged Azure AD accounts
-
-You can remove unmanaged Azure AD accounts from your Azure AD tenants
-and prevent these types of accounts from redeeming future invitations.
+The creation of unmanaged Azure AD accounts via Azure AD B2B is now deprecated and new B2B invitations cannot be redeemed with these accounts as of August 2022. However, invitations sent prior to August 2022 could have been redeemed with unmanaged Azure AD accounts. 
 
-1. Enable [email one-time
-    passcode](../external-identities/one-time-passcode.md#enable-email-one-time-passcode)
-    (OTP).
+## Remove unmanaged Azure AD accounts
 
-2. Use the sample application in [Azure-samples/Remove-unmanaged-guests](https://github.com/Azure-Samples/Remove-Unmanaged-Guests) or
-    go to
-    [AzureAD/MSIdentityTools](https://github.com/AzureAD/MSIdentityTools/wiki/)
-    PowerShell module to identify viral users in an Azure AD tenant and
-    reset user redemption status.
+Admins can use either this sample application in [Azure-samples/Remove-unmanaged-guests](https://github.com/Azure-Samples/Remove-Unmanaged-Guests) or PowerShell cmdlets in [AzureAD/MSIdentityTools](https://github.com/AzureAD/MSIdentityTools/wiki/) to remove existing unmanaged Azure AD accounts from your Azure AD tenants. These tools allow you to identify viral users in your Azure AD tenant and reset the redemption status of these users.  
 
-Once the above steps are complete, when users with unmanaged Azure AD accounts try to access your tenant, they'll re-redeem their invitations. However, because Email OTP is enabled, Azure AD will prevent users from redeeming with an existing unmanaged Azure AD account and they’ll redeem with another account type. Google Federation and SAML/WS-Fed aren't enabled by default. So by default, these users will redeem with either an MSA or Email OTP, with MSA taking precedence. For a full explanation on the B2B redemption precedence, refer to the [redemption precedence flow chart](../external-identities/redemption-experience.md#invitation-redemption-flow).
+Once you have run one of the available tools, when users with unmanaged Azure AD accounts try to access your tenant, they will re-redeem their invitations. However, Azure AD will prevent users from redeeming with an existing unmanaged Azure AD account and they’ll redeem with another account type. Google Federation and SAML/WS-Fed are not enabled by default. So by default, these users will redeem with either an MSA or Email OTP, with MSA taking precedence. For a full explanation on the B2B redemption precedence, refer to the [redemption precedence flow chart](../external-identities/redemption-experience.md#invitation-redemption-flow).
 
 ## Overtaken tenants and domains
 
@@ -59,11 +40,7 @@ In some cases, overtaken domains might not be updated, for example, missing a DN
 
 ## Reset redemption using a sample application
 
-Before you begin, to identify and reset unmanaged Azure AD account redemption:
-
-1. Ensure email OTP is enabled.
-
-2. Use the sample application on
+Use the sample application on
     [Azure-Samples/Remove-Unmanaged-Guests](https://github.com/Azure-Samples/Remove-Unmanaged-Guests).
 
 ## Reset redemption using MSIdentityTools PowerShell Module
@@ -103,4 +80,4 @@ To delete unmanaged Azure AD accounts, run:
 ## Next steps
 
 Examples of using
-[Get-MSIdUnmanagedExternalUser](https://github.com/AzureAD/MSIdentityTools/wiki/Get-MsIdUnmanagedExternalUser)
+[Get-MSIdUnmanagedExternalUser](https://github.com/AzureAD/MSIdentityTools/wiki/Get-MsIdUnmanagedExternalUser)
diff --git a/articles/active-directory/verifiable-credentials/issuance-request-api.md b/articles/active-directory/verifiable-credentials/issuance-request-api.md
@@ -35,7 +35,7 @@ The Request Service REST API issuance request requires the following HTTP header
 |`Authorization`| Attach the access token as a bearer token to the authorization header in an HTTP request. For example, `Authorization: Bearer <token>`.|
 |`Content-Type`| `Application/json`|
 
-Construct an HTTP POST request to the Request Service REST API. Replace the `{tenantID}` with your tenant ID or tenant name.
+Construct an HTTP POST request to the Request Service REST API. 
 
 ```http
 https://verifiedid.did.msidentity.com/v1.0/verifiableCredentials/createIssuanceRequest
diff --git a/articles/azure-monitor/containers/container-insights-overview.md b/articles/azure-monitor/containers/container-insights-overview.md
@@ -20,7 +20,7 @@ Container insights is a feature designed to monitor the performance of container
 Container insights supports clusters running the Linux and Windows Server 2019 operating system. The container runtimes it supports are Moby and any CRI-compatible runtime such as CRI-O and ContainerD. Docker is no longer supported as a container runtime as of September 2022. For more information about this deprecation, see the [AKS release notes][aks-release-notes].
 
 >[!NOTE]
-> Container insights support for Windows Server 2022 operating system is in public preview.
+> Container insights support for Windows Server 2022 operating system and AKS for ARM nodes is in public preview.
 
 Monitoring your containers is critical, especially when you're running a production cluster, at scale, with multiple applications.
 
@@ -67,4 +67,4 @@ The main differences in monitoring a Windows Server cluster compared to a Linux
 To begin monitoring your Kubernetes cluster, review [Enable Container insights](container-insights-onboard.md) to understand the requirements and available methods to enable monitoring.
 
 <!-- LINKS - external -->
-[aks-release-notes]: https://github.com/Azure/AKS/releases
+[aks-release-notes]: https://github.com/Azure/AKS/releases
diff --git a/articles/azure-monitor/vm/vminsights-dependency-agent-maintenance.md b/articles/azure-monitor/vm/vminsights-dependency-agent-maintenance.md
@@ -78,6 +78,9 @@ If the Dependency agent fails to start, check the logs for detailed error inform
 
 Since the Dependency agent works at the kernel level, support is also dependent on the kernel version. As of Dependency agent version 9.10.* the agent supports * kernels.  The following table lists the major and minor Linux OS release and supported kernel versions for the Dependency agent.
 
+>[!NOTE]
+> Dependency agent is not supported for Azure Virtual Machines with Ampere Altra ARM–based processors.
+
 | Distribution | OS version | Kernel version |
 |:---|:---|:---|
 |  Red Hat Linux 8   | 8.5     | 4.18.0-348.\*el8_5.x86_644.18.0-348.\*el8.x86_64 |
@@ -119,4 +122,4 @@ Since the Dependency agent works at the kernel level, support is also dependent
 
 ## Next steps
 
-If you want to stop monitoring your VMs for a while or remove VM insights entirely, see [Disable monitoring of your VMs in VM insights](../vm/vminsights-optout.md).
+If you want to stop monitoring your VMs for a while or remove VM insights entirely, see [Disable monitoring of your VMs in VM insights](../vm/vminsights-optout.md).
diff --git a/articles/azure-resource-manager/management/lock-resources.md b/articles/azure-resource-manager/management/lock-resources.md
@@ -89,6 +89,8 @@ Applying locks can lead to unexpected results. Some operations, which don't seem
 
 - A read-only lock on an Azure Kubernetes Service (AKS) cluster limits how you can access cluster resources through the portal. A read-only lock prevents you from using the AKS cluster's Kubernetes resources section in the Azure portal to choose a cluster resource. These operations require a POST method request for authentication.
 
+- A cannot-delete lock on a **Virtual Machine** that is protected by **Site Recovery** prevents certain resource links related to Site Recovery from being removed properly when you remove the protection or disable replication. If you plan to re-protect the VM later, you need to remove the lock prior to disabling protection. In case you miss to remove the lock, you need to follow certain steps to clean up the stale links before you can re-protect the VM. For more information, see [Troubleshoot Azure VM replication](../../site-recovery/azure-to-azure-troubleshoot-errors.md#replication-not-enabled-on-vm-with-stale-resources-error-code-150226).
+
 ## Who can create or delete locks
 
 To create or delete management locks, you need access to `Microsoft.Authorization/*` or `Microsoft.Authorization/locks/*` actions. Only the **Owner** and the **User Access Administrator** built-in roles can create and delete management locks. You can create a custom role with the required permissions.
diff --git a/articles/azure-vmware/concepts-identity.md b/articles/azure-vmware/concepts-identity.md
@@ -167,7 +167,8 @@ Unlike on-premises deployment, not all pre-defined NSX-T Data Center RBAC roles
  In an Azure VMware Solution deployment, the following NSX-T Data Center predefined RBAC roles are not supported with LDAP integration:
 
 - Enterprise Admin
-- Network AdminSecurity Admin
+- Network Admin
+- Security Admin
 - Netx Partner Admin
 - GI Partner Admin
 
diff --git a/articles/iot-edge/how-to-install-iot-edge-kubernetes.md b/articles/iot-edge/how-to-install-iot-edge-kubernetes.md
@@ -29,4 +29,4 @@ IoT Edge can be installed on Kubernetes by using [KubeVirt](https://www.cncf.io/
 A functional sample for running IoT Edge on Azure Kubernetes Service (AKS) using KubeVirt is available at [https://aka.ms/iotedge-kubevirt](https://aka.ms/iotedge-kubevirt). 
 
 > [!NOTE]
-> Based on feedback, the prior translation-based preview of IoT Edge integration with Kubernetes has been discontinued and will not be made generally available. An exception being Azure Stack Edge devices where tranlation-based Kubernetes integration will be supported until IoT Edge v1.1 is maintained (Dec 2022).
+> Based on feedback, the prior translation-based preview of IoT Edge integration with Kubernetes has been discontinued and will not be made generally available. An exception being Azure Stack Edge devices where translation-based Kubernetes integration will be supported until IoT Edge v1.1 is maintained (Dec 2022).
