Merge branch 'master' into vnet

Author: tfosmark

.openpublishing.redirection.json

@@ -24605,6 +24605,16 @@
       "redirect_url": "/azure/storage/blobs/storage-quickstart-blobs-java",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/storage/blobs/storage-quickstart-blobs-nodejs-v10.md",
+      "redirect_url": "/azure/storage/blobs/storage-quickstart-blobs-nodejs-legacy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/storage/blobs/storage-quickstart-blobs-javascript-client-libraries-v10.md",
+      "redirect_url": "/azure/storage/blobs/storage-quickstart-blobs-javascript-client-libraries-legacy",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/storage/blobs/storage-nodejs-how-to-use-blob-storage.md",
       "redirect_url": "/azure/storage/blobs/storage-quickstart-blobs-nodejs",
@@ -40879,11 +40889,6 @@
       "redirect_url": "/azure/azure-monitor/platform/data-platform",
       "redirect_document_id": false
     },
-    {
-      "source_path": "articles/azure-monitor/platform/data-sources-reference.md",
-      "redirect_url": "/azure/azure-monitor/platform/data-sources",
-      "redirect_document_id": false
-    },
     {
       "source_path": "articles/azure-monitor/platform/collect-activity-logs-subscriptions.md",
       "redirect_url": "/azure/azure-monitor/platform/activity-log-collect-tenants",

CODEOWNERS

@@ -1,24 +1,17 @@
 # Testing the new code owners feature in GitHub. Please contact Cory Fowler if you have questions.
-# articles/storage/  @tamram @robinsh
-# articles/virtual-machines/  @iainfoulds @cynthn
-# articles/virtual-machines/linux/  @iainfoulds @cynthn
-# articles/virtual-machines/windows/  @iainfoulds @cynthn
-# articles/application-insights/  @SergeyKanzhelev
-# articles/cosmos-db/ @mimig1
-
-# All Articles
-articles/ @apex-docs-pr-reviewers
-
 # Cognitive Services
 articles/cognitive-services/ @diberry @erhopf, @nitinme
 
 # DevOps
-
 articles/ansible/ @TomArcherMsft
 articles/chef/ @TomArcherMsft
 articles/jenkins/ @TomArcherMsft
 articles/terraform/ @TomArcherMsft
 
 # Governance
-
 articles/governance/ @DCtheGeek
+
+# Configuration
+*.json @SyntaxC4 @snoviking @arob98
+.acrolinx-config.edn @MonicaRush @arob98
+articles/zone-pivot-groups.yml @SyntaxC4 @snoviking @arob98

articles/active-directory-b2c/active-directory-b2c-reference-oidc.md

@@ -20,7 +20,7 @@ OpenID Connect is an authentication protocol, built on top of OAuth 2.0, that ca
 
 [OpenID Connect](https://openid.net/specs/openid-connect-core-1_0.html) extends the OAuth 2.0 *authorization* protocol for use as an *authentication* protocol. This authentication protocol allows you to perform single sign-on. It introduces the concept of an *ID token*, which allows the client to verify the identity of the user and obtain basic profile information about the user.
 
-Because it extends OAuth 2.0, it also enables applications to securely acquire *access tokens*. You can use access tokens to access resources that are secured by an [authorization server](active-directory-b2c-reference-protocols.md). OpenID Connect is recommended if you're building a web application that's hosted on a server and accessed through a browser. If you want to add identity management to your mobile or desktop applications using Azure AD B2C, you should use [OAuth 2.0](active-directory-b2c-reference-oauth-code.md) rather than OpenID Connect. For more information about tokens, see the [Overview of tokens in Azure Active Directory B2C](active-directory-b2c-reference-tokens.md)
+Because it extends OAuth 2.0, it also enables applications to securely acquire *access tokens*. You can use access tokens to access resources that are secured by an [authorization server](active-directory-b2c-reference-protocols.md). OpenID Connect is recommended if you're building a web application that's hosted on a server and accessed through a browser. For more information about tokens, see the [Overview of tokens in Azure Active Directory B2C](active-directory-b2c-reference-tokens.md)
 
 Azure AD B2C extends the standard OpenID Connect protocol to do more than simple authentication and authorization. It introduces the [user flow parameter](active-directory-b2c-reference-policies.md), which enables you to use OpenID Connect to add user experiences to your application, such as sign-up, sign-in, and profile management.
 

articles/active-directory/manage-apps/use-scim-to-provision-users-and-groups.md

@@ -59,15 +59,16 @@ Note that you don't need to support both users and groups or all the attributes
 | Azure Active Directory user | "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" |
 | --- | --- |
 | IsSoftDeleted |active |
+|department|urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department|
 | displayName |displayName |
+|employeeId|urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:employeeNumber|
 | Facsimile-TelephoneNumber |phoneNumbers[type eq "fax"].value |
 | givenName |name.givenName |
 | jobTitle |title |
 | mail |emails[type eq "work"].value |
 | mailNickname |externalId |
-| manager |manager |
+| manager |urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager |
 | mobile |phoneNumbers[type eq "mobile"].value |
-| objectId |ID |
 | postalCode |addresses[type eq "work"].postalCode |
 | proxy-Addresses |emails[type eq "other"].Value |
 | physical-Delivery-OfficeName |addresses[type eq "other"].Formatted |
@@ -76,15 +77,16 @@ Note that you don't need to support both users and groups or all the attributes
 | telephone-Number |phoneNumbers[type eq "work"].value |
 | user-PrincipalName |userName |
 
+
 ### Table 2: Default group attribute mapping
 
 | Azure Active Directory group | urn:ietf:params:scim:schemas:core:2.0:Group |
 | --- | --- |
-| displayName |externalId |
+| displayName |displayName |
 | mail |emails[type eq "work"].value |
 | mailNickname |displayName |
 | members |members |
-| objectId |ID |
+| objectId |externalId |
 | proxyAddresses |emails[type eq "other"].Value |
 
 ## Step 2: Understand the Azure AD SCIM implementation

articles/active-directory/users-groups-roles/domains-admin-takeover.md

@@ -125,40 +125,40 @@ cmdlet | Usage
 
 1. Connect to Azure AD using the credentials that were used to respond to the self-service offering:
    ```powershell
-    Install-Module -Name MSOnline
-    $msolcred = get-credential
+   Install-Module -Name MSOnline
+   $msolcred = get-credential
     
-    connect-msolservice -credential $msolcred
+   connect-msolservice -credential $msolcred
    ```
 2. Get a list of domains:
 
    ```powershell
-    Get-MsolDomain
+   Get-MsolDomain
    ```
 3. Run the Get-MsolDomainVerificationDns cmdlet to create a challenge:
    ```powershell
-    Get-MsolDomainVerificationDns –DomainName *your_domain_name* –Mode DnsTxtRecord
-  
+   Get-MsolDomainVerificationDns –DomainName *your_domain_name* –Mode DnsTxtRecord
+   ```
     For example:
-  
-    Get-MsolDomainVerificationDns –DomainName contoso.com –Mode DnsTxtRecord
+   ```
+   Get-MsolDomainVerificationDns –DomainName contoso.com –Mode DnsTxtRecord
    ```
 
 4. Copy the value (the challenge) that is returned from this command. For example:
    ```powershell
-    MS=32DD01B82C05D27151EA9AE93C5890787F0E65D9
+   MS=32DD01B82C05D27151EA9AE93C5890787F0E65D9
    ```
 5. In your public DNS namespace, create a DNS txt record that contains the value that you copied in the previous step. The name for this record is the name of the parent domain, so if you create this resource record by using the DNS role from Windows Server, leave the Record name blank and just paste the value into the Text box.
 6. Run the Confirm-MsolDomain cmdlet to verify the challenge:
 
    ```powershell
-    Confirm-MsolEmailVerifiedDomain -DomainName *your_domain_name*
+   Confirm-MsolDomain –DomainName *your_domain_name* –ForceTakeover Force
    ```
 
    For example:
 
    ```powershell
-    Confirm-MsolEmailVerifiedDomain -DomainName contoso.com
+   Confirm-MsolDomain –DomainName contoso.com –ForceTakeover Force
    ```
 
 A successful challenge returns you to the prompt without an error.

articles/aks/private-clusters.md

@@ -77,16 +77,16 @@ Where --enable-private-cluster is a mandatory flag for a private cluster
 #### Advanced Networking  
 
 ```azurecli-interactive
-az aks create \ 
-    --resource-group <private-cluster-resource-group>\ 
-    --name <private-cluster-name> \ 
-    --load-balancer-sku standard
-    --enable-private-cluster 
-    --network-plugin azure \ 
-    --vnet-subnet-id <subnet-id> \ 
-    --docker-bridge-address 172.17.0.1/16 \ 
-    --dns-service-ip 10.2.0.10 \ 
-    --service-cidr 10.2.0.0/24 \ 
+az aks create \
+    --resource-group <private-cluster-resource-group> \
+    --name <private-cluster-name> \
+    --load-balancer-sku standard \
+    --enable-private-cluster \
+    --network-plugin azure \
+    --vnet-subnet-id <subnet-id> \
+    --docker-bridge-address 172.17.0.1/16 \
+    --dns-service-ip 10.2.0.10 \
+    --service-cidr 10.2.0.0/24 
 ```
 Where --enable-private-cluster is a mandatory flag for a private cluster 
 
@@ -104,6 +104,11 @@ The API server end point has no public IP address. Consequently, users will need
     * click on the Private DNS Zone 
     * select Virtual network link in the left pane
     * create a new link to add the VNET of the VM to the Private DNS Zone *(It takes a few minutes for the DNS zone link to become available)*
+    * go back to the MC_* resource group in the portal
+    * select the virtual network on the right pane. Virtual network name will be in the form aks-vnet-*.
+    * select Peerings on the left pane
+    * click on Add and add the Virtual network of the VM and create the peering.
+    * Go to the Vnet where you have the VM and then click on peerings and select the AKS Virtual network and create the peering. If the address ranges on the AKS Virtual network and the VM's virtual network clashes, Then peering will fail. Refer to this [document][virtual-network-peering] for more information about virtual network peering.
 * SSH into the VM
 * Install Kubectl tool and run kubectl commands
 
@@ -128,3 +133,5 @@ The API server end point has no public IP address. Consequently, users will need
 [az-extension-add]: /cli/azure/extension#az-extension-add
 [az-extension-update]: /cli/azure/extension#az-extension-update
 [private-link-service]: https://docs.microsoft.com/azure/private-link/private-link-service-overview
+[virtual-network-peering]: ../virtual-network/virtual-network-peering-overview.md
+

articles/api-management/api-management-howto-mutual-certificates.md

@@ -12,7 +12,7 @@ ms.service: api-management
 ms.workload: mobile
 ms.tgt_pltfrm: na
 ms.topic: article
-ms.date: 06/20/2018
+ms.date: 01/08/2020
 ms.author: apimpm
 ---
 
@@ -26,19 +26,22 @@ For information about managing certificates using the API Management REST API, s
 
 [!INCLUDE [updated-for-az](../../includes/updated-for-az.md)]
 
-This guide shows you how to configure your API Management service instance to use client certificate authentication to access the back-end service for an API. Before following the steps in this article, you should have your back-end service configured for client certificate authentication ([to configure certificate authentication in Azure WebSites refer to this article][to configure certificate authentication in Azure WebSites refer to this article]). You need access to the certificate and the password for uploading it to the API Management service.
+This guide shows you how to configure your API Management service instance to use client certificate authentication to access the back-end service for an API. Before following the steps in this article, you should have your back-end service configured for client certificate authentication ([to configure certificate authentication in the Azure App Service refer to this article][to configure certificate authentication in Azure WebSites refer to this article]). You need access to the certificate and the password for uploading it to the API Management service.
 
 ## <a name="step1"> </a>Upload a Certificate
 
+> [!NOTE]
+> Instead of an uploaded certificate you can use a certificate stored in the [Azure Key Vault](https://azure.microsoft.com/services/key-vault/) service as shown in this [example](https://github.com/galiniliev/api-management-policy-snippets/blob/galin/AkvCert/examples/Look%20up%20Key%20Vault%20certificate%20using%20Managed%20Service%20Identity%20and%20call%20backend.policy.xml).
+
 ![Add client certificates](media/api-management-howto-mutual-certificates/apim-client-cert-new.png)
 
 Follow the steps below to upload a new client certificate. If you have not created an API Management service instance yet, see the tutorial [Create an API Management service instance][Create an API Management service instance].
 
 1. Navigate to your Azure API Management service instance in the Azure portal.
 2. Select **Certificates** from the menu.
-3. Click the **+ Add** button.  
-    ![Add client certificates](media/api-management-howto-mutual-certificates/apim-client-cert-add.png)  
-4. Browse for the certificate, provide its ID and password.  
+3. Click the **+ Add** button.
+    ![Add client certificates](media/api-management-howto-mutual-certificates/apim-client-cert-add.png)
+4. Browse for the certificate, provide its ID and password.
 5. Click **Create**.
 
 > [!NOTE]
@@ -61,14 +64,14 @@ If the certificate is in use by an API, then a warning screen is displayed. To d
 
 ## <a name="step2"> </a>Configure an API to use a client certificate for gateway authentication
 
-1. Click **APIs** from the **API Management** menu on the left and navigate to the API.  
+1. Click **APIs** from the **API Management** menu on the left and navigate to the API.
     ![Enable client certificates](media/api-management-howto-mutual-certificates/apim-client-cert-enable.png)
 
-2. In the **Design** tab, click on a pencil icon of the **Backend** section. 
-3. Change the **Gateway credentials** to **Client cert** and select your certificate from the dropdown.  
+2. In the **Design** tab, click on a pencil icon of the **Backend** section.
+3. Change the **Gateway credentials** to **Client cert** and select your certificate from the dropdown.
     ![Enable client certificates](media/api-management-howto-mutual-certificates/apim-client-cert-enable-select.png)
 
-4. Click **Save**. 
+4. Click **Save**.
 
 > [!WARNING]
 > This change is effective immediately, and calls to operations of that API will use the certificate to authenticate on the back-end server.

articles/api-management/api-management-howto-properties.md

@@ -11,21 +11,21 @@ ms.service: api-management
 ms.workload: mobile
 ms.tgt_pltfrm: na
 ms.topic: article
-ms.date: 11/05/2019
+ms.date: 01/08/2020
 ms.author: apimpm
 ---
 
 # How to use named values in Azure API Management policies
 
 API Management policies are a powerful capability of the system that allow the Azure portal to change the behavior of the API through configuration. Policies are a collection of statements that are executed sequentially on the request or response of an API. Policy statements can be constructed using literal text values, policy expressions, and named values.
 
-Each API Management service instance has a properties collection of key/value pairs, which is called named values, that are global to the service instance. There is no imposed limit on the number of items in the collection. Named values can be used to manage constant string values across all API configuration and policies. Each named value may have the following attributes:
+Each API Management service instance has a collection of key/value pairs, which is called named values, that are global to the service instance. There is no imposed limit on the number of items in the collection. Named values can be used to manage constant string values across all API configuration and policies. Each named value may have the following attributes:
 
-| Attribute      | Type            | Description                                                                                                                         |
-| -------------- | --------------- | ----------------------------------------------------------------------------------------------------------------------------------- |
+| Attribute      | Type            | Description                                                                                                                            |
+| -------------- | --------------- | -------------------------------------------------------------------------------------------------------------------------------------- |
 | `Display name` | string          | Used for referencing the named value in policies. A string of one to 256 characters. Only letters, numbers, dot, and dash are allowed. |
-| `Value`        | string          | Actual value. Must not be empty or consist only of whitespace. Maximum of 4096 characters long.                                     |
-| `Secret`       | boolean         | Determines whether the value is a secret and should be encrypted or not.                                                            |
+| `Value`        | string          | Actual value. Must not be empty or consist only of whitespace. Maximum of 4096 characters long.                                        |
+| `Secret`       | boolean         | Determines whether the value is a secret and should be encrypted or not.                                                               |
 | `Tags`         | array of string | Used to filter the named value list. Up to 32 tags.                                                                                    |
 
 ![Named values](./media/api-management-howto-properties/named-values.png)
@@ -38,6 +38,9 @@ Named values can contain literal strings and [policy expressions](/azure/api-man
 | Credential | ••••••••••••••••••••••     | True   | security      |
 | Expression | @(DateTime.Now.ToString()) | False  |               |
 
+> [!NOTE]
+> Instead of named values stored within an API Management service, you can use values stored in the [Azure Key Vault](https://azure.microsoft.com/services/key-vault/) service as demonstrated by this [example](https://github.com/Azure/api-management-policy-snippets/blob/master/examples/Look%20up%20Key%20Vault%20secret%20using%20Managed%20Service%20Identity.policy.xml).
+
 ## To add and edit a named value
 
 ![Add a named value](./media/api-management-howto-properties/add-property.png)
@@ -46,7 +49,7 @@ Named values can contain literal strings and [policy expressions](/azure/api-man
 2. Select **Named values**.
 3. Press **+Add**.
 
-    Name and Value are required values. If value is a secret, check the *This is a secret* checkbox. Enter one or more optional tags to help with organizing your named values, and click Save.
+    Name and Value are required values. If value is a secret, check the _This is a secret_ checkbox. Enter one or more optional tags to help with organizing your named values, and click Save.
 
 4. Click **Create**.
 

articles/app-service/containers/configure-language-ruby.md

@@ -11,7 +11,7 @@ ms.custom: seodec18
 
 # Configure a Linux Ruby app for Azure App Service
 
-This article describes how [Azure App Service](app-service-linux-intro.md) runs Ruby apps, and how you can customize the behavior of App Service when needed. Ruby apps must be deployed with all the required [pip](https://pypi.org/project/pip/) modules.
+This article describes how [Azure App Service](app-service-linux-intro.md) runs Ruby apps, and how you can customize the behavior of App Service when needed. Ruby apps must be deployed with all the required [gems](https://rubygems.org/gems).
 
 This guide provides key concepts and instructions for Ruby developers who use a built-in Linux container in App Service. If you've never used Azure App Service, you should follow the [Ruby quickstart](quickstart-ruby.md) and [Ruby with PostgreSQL tutorial](tutorial-ruby-postgres-app.md) first.