Merge pull request #107842 from MicrosoftDocs/repo_sync_working_branch

huypub · web-flow · commit f4d5b018eb22 · 2020-03-16T14:43:51.000-07:00
Confirm merge from repo_sync_working_branch to master to sync with https://github.com/Microsoft/azure-docs (branch master)
diff --git a/articles/active-directory/devices/hybrid-azuread-join-plan.md b/articles/active-directory/devices/hybrid-azuread-join-plan.md
@@ -144,12 +144,15 @@ Based on the scenario that matches your identity infrastructure, see:
 - [Configure hybrid Azure Active Directory join for federated environment](hybrid-azuread-join-federated-domains.md)
 - [Configure hybrid Azure Active Directory join for managed environment](hybrid-azuread-join-managed-domains.md)
 
-## Review on-premises AD UPN support for Hybrid Azure AD join
+## Review on-premises AD users UPN support for Hybrid Azure AD join
 
-Sometimes, your on-premises AD UPNs could be different from your Azure AD UPNs. In such cases, Windows 10 Hybrid Azure AD join provides limited support for on-premises AD UPNs based on the [authentication method](/azure/security/fundamentals/choose-ad-authn), domain type and Windows 10 version. There are two types of on-premises AD UPNs that can exist in your environment:
+Sometimes, your on-premises AD users UPNs could be different from your Azure AD UPNs. In such cases, Windows 10 Hybrid Azure AD join provides limited support for on-premises AD UPNs based on the [authentication method](/azure/security/fundamentals/choose-ad-authn), domain type and Windows 10 version. There are two types of on-premises AD UPNs that can exist in your environment:
 
-- Routable UPN: A routable UPN has a valid verified domain, that is registered with a domain registrar. For example, if contoso.com is the primary domain in Azure AD, contoso.org is the primary domain in on-premises AD owned by Contoso and [verified in Azure AD](/azure/active-directory/fundamentals/add-custom-domain)
-- Non-routable UPN: A non-routable UPN does not have a verified domain. It is applicable only within your organization's private network. For example, if contoso.com is the primary domain in Azure AD, contoso.local is the primary domain in on-premises AD but is not a verifiable domain in the internet and only used within Contoso's network.
+- Routable users UPN: A routable UPN has a valid verified domain, that is registered with a domain registrar. For example, if contoso.com is the primary domain in Azure AD, contoso.org is the primary domain in on-premises AD owned by Contoso and [verified in Azure AD](/azure/active-directory/fundamentals/add-custom-domain)
+- Non-routable users UPN: A non-routable UPN does not have a verified domain. It is applicable only within your organization's private network. For example, if contoso.com is the primary domain in Azure AD, contoso.local is the primary domain in on-premises AD but is not a verifiable domain in the internet and only used within Contoso's network.
+
+> [!NOTE]
+> The information in this section applies only to an on-premises users UPN. It isn't applicable to an on-premises computer domain suffix (example: computer1.contoso.local).
 
 The table below provides details on support for these on-premises AD UPNs in Windows 10 Hybrid Azure AD join
 
diff --git a/articles/azure-monitor/app/ip-addresses.md b/articles/azure-monitor/app/ip-addresses.md
@@ -26,7 +26,7 @@ You need to open some outgoing ports in your server's firewall to allow the Appl
 
 | Purpose | URL | IP | Ports |
 | --- | --- | --- | --- |
-| Telemetry |dc.services.visualstudio.com<br/>dc.applicationinsights.microsoft.com |40.114.241.141<br/>104.45.136.42<br/>40.84.189.107<br/>168.63.242.221<br/>52.167.221.184<br/>52.169.64.244<br/>40.85.218.175<br/>104.211.92.54<br/>52.175.198.74<br/>51.140.6.23<br/>40.71.12.231<br/>13.69.65.22<br/>13.78.108.165<br/>13.70.72.233<br/>20.44.8.7<br/>13.86.218.248<br/>40.79.138.41<br/>52.231.18.241<br/>13.75.38.7<br/>102.133.155.50<br/>52.162.110.67<br/>191.233.204.248<br/>13.69.66.140<br/>13.77.52.29<br/>51.107.59.180<br/>40.71.12.235<br/>20.44.8.10<br/>40.71.13.169 | 443 |
+| Telemetry |dc.applicationinsights.azure.com<br/>dc.applicationinsights.microsoft.com<br/>dc.services.visualstudio.com |40.114.241.141<br/>104.45.136.42<br/>40.84.189.107<br/>168.63.242.221<br/>52.167.221.184<br/>52.169.64.244<br/>40.85.218.175<br/>104.211.92.54<br/>52.175.198.74<br/>51.140.6.23<br/>40.71.12.231<br/>13.69.65.22<br/>13.78.108.165<br/>13.70.72.233<br/>20.44.8.7<br/>13.86.218.248<br/>40.79.138.41<br/>52.231.18.241<br/>13.75.38.7<br/>102.133.155.50<br/>52.162.110.67<br/>191.233.204.248<br/>13.69.66.140<br/>13.77.52.29<br/>51.107.59.180<br/>40.71.12.235<br/>20.44.8.10<br/>40.71.13.169<br/>13.66.141.156 | 443 |
 | Live Metrics Stream (East US) |use.rt.prod.applicationinsights.trafficmanager.net |23.96.28.38<br/>13.92.40.198<br/>40.112.49.101<br/>40.117.80.207 |443 |
 | Live Metrics Stream (South Central US) |ussc.rt.prod.applicationinsights.trafficmanager.net |157.55.177.6<br/>104.44.140.84<br/>104.215.81.124<br/>23.100.122.113 |443 |
 | Live Metrics Stream (North Europe) |eun.rt.prod.applicationinsights.trafficmanager.net |40.115.103.168<br/>40.115.104.31<br/>40.87.140.215<br/>40.87.138.220 |443 |
diff --git a/articles/cloud-shell/troubleshooting.md b/articles/cloud-shell/troubleshooting.md
@@ -209,3 +209,6 @@ PowerShell:
   ```
 ## Azure Government limitations
 Azure Cloud Shell in Azure Government is only accessible through the Azure portal.
+
+>[!Note]
+> Connecting to GCC-High or Government DoD Clouds for Exchange Online is currently not supported.
diff --git a/articles/security/fundamentals/azure-disk-encryption-vms-vmss.md b/articles/security/fundamentals/azure-disk-encryption-vms-vmss.md
@@ -25,6 +25,7 @@ The following articles provide guidance for encrypting Linux virtual machines.
 - [Create and encrypt a Linux VM with Azure CLI](../../virtual-machines/linux/disk-encryption-cli-quickstart.md)
 - [Create and encrypt a Linux VM with Azure PowerShell](../../virtual-machines/linux/disk-encryption-powershell-quickstart.md)
 - [Create and encrypt a Linux VM with the Azure portal](../../virtual-machines/linux/disk-encryption-portal-quickstart.md)
+- [Azure Disk Encryption Extension Schemata for Linux](../../virtual-machines/extensions/azure-disk-enc-linux.md)
 - [Creating and configuring a key vault for Azure Disk Encryption](../../virtual-machines/linux/disk-encryption-key-vault.md)
 - [Azure Disk Encryption sample scripts](../../virtual-machines/linux/disk-encryption-sample-scripts.md)
 - [Azure Disk Encryption troubleshooting](../../virtual-machines/linux/disk-encryption-troubleshooting.md)
@@ -47,6 +48,7 @@ The following articles provide guidance for encrypting Windows virtual machines.
 - [Create and encrypt a Windows VM with Azure CLI](../../virtual-machines/windows/disk-encryption-cli-quickstart.md)
 - [Create and encrypt a Windows VM with Azure PowerShell](../../virtual-machines/windows/disk-encryption-powershell-quickstart.md)
 - [Create and encrypt a Windows VM with the Azure portal](../../virtual-machines/windows/disk-encryption-portal-quickstart.md)
+- [Azure Disk Encryption Extension Schemata for Windows](../../virtual-machines/extensions/azure-disk-enc-windows.md)
 - [Creating and configuring a key vault for Azure Disk Encryption](../../virtual-machines/windows/disk-encryption-key-vault.md)
 - [Azure Disk Encryption sample scripts](../../virtual-machines/windows/disk-encryption-sample-scripts.md)
 - [Azure Disk Encryption troubleshooting](../../virtual-machines/windows/disk-encryption-troubleshooting.md)
diff --git a/articles/spatial-anchors/quickstarts/get-started-ios.md b/articles/spatial-anchors/quickstarts/get-started-ios.md
@@ -28,7 +28,10 @@ You'll learn how to:
 To complete this quickstart, make sure you have:
 
 - A developer enabled macOS machine with the latest version of <a href="https://geo.itunes.apple.com/us/app/xcode/id497799835?mt=12" target="_blank">Xcode</a> and <a href="https://cocoapods.org" target="_blank">CocoaPods</a> installed.
-- Git installed via HomeBrew. Enter the following command into a single line of the Terminal: `/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"`. Then, run `brew install git` and `brew install git-lfs`.
+- Git installed via HomeBrew:
+  1. Enter the following command as a single line in the terminal: `/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"`. 
+  1. Run `brew install git` and `brew install git-lfs`.
+  1. Update your git config with `git lfs install` (for the current user) or `git lfs install --system` (for the entire system).
 - A developer enabled <a href="https://developer.apple.com/documentation/arkit/verifying_device_support_and_user_permission" target="_blank">ARKit compatible</a> iOS device.
 
 [!INCLUDE [Create Spatial Anchors resource](../../../includes/spatial-anchors-get-started-create-resource.md)]
@@ -133,6 +136,17 @@ brew install cocoapods --build-from-source
 brew link --overwrite cocoapods
 ```
 
+### App crashes when deploying to iOS 10.3.1 from a personal provisioning profile/developer account 
+
+If you deploy your iOS app on iOS 10.3.1 from a personal provisioning profile/developer account, you might see this error: `Library not loaded: @rpath/ADAL...`. 
+
+To resolve the issue:
+
+- Use a provisioning profile that isn't a Personal Team profile (paid developer account).
+- Deploy your app to an iOS device running iOS 13.3 or earlier, or to one running the iOS 13.4 beta or release version.
+- Read more about this issue on [Stack Overflow](https://stackoverflow.com/questions/60015309/running-ios-apps-causes-runtime-error-for-frameworks-code-signature-invalid).
+
+
 [!INCLUDE [Clean-up section](../../../includes/clean-up-section-portal.md)]
 
 [!INCLUDE [Next steps](../../../includes/spatial-anchors-quickstarts-nextsteps.md)]
diff --git a/articles/virtual-machines/extensions/azure-disk-enc-linux.md b/articles/virtual-machines/extensions/azure-disk-enc-linux.md
@@ -26,59 +26,70 @@ Azure Disk Encryption leverages the dm-crypt subsystem in Linux to provide full
 
 For a full list of prerequisites, see [Azure Disk Encryption for Linux VMs](../linux/disk-encryption-overview.md), specifically the following sections:
 
-- [Azure Disk Encryption for Linux VMs](../linux/disk-encryption-overview.md#supported-vms-and-operating-systems)
+- [Supported VMs and operating systems](../linux/disk-encryption-overview.md#supported-vms-and-operating-systems)
 - [Additional VM requirements](../linux/disk-encryption-overview.md#additional-vm-requirements)
 - [Networking requirements](../linux/disk-encryption-overview.md#networking-requirements)
+- [Encryption key storage requirements](../linux/disk-encryption-overview.md#encryption-key-storage-requirements)
 
 ## Extension schemata
 
-There are two schemata for Azure Disk Encryption: v1.1, a newer, recommended schema that does not use Azure Active Directory (AAD) properties, and v0.1, an older schema that requires AAD properties. You must use the schema version corresponding to the extension you are using: schema v1.1 for the AzureDiskEncryptionForLinux extension version 1.1, schema v0.1 for the AzureDiskEncryptionForLinux extension version 0.1.
+There are two versions of extension schema for Azure Disk Encryption (ADE):
+- v1.1 - A newer recommended schema that does not use Azure Active Directory (AAD) properties.
+- v0.1 - An older schema that requires Azure Active Directory (AAD) properties. 
+
+To select a target schema, the `typeHandlerVersion` property must be set equal to version of schema you want to use.
+
 ### Schema v1.1: No AAD (recommended)
 
-The v1.1 schema is recommended and does not require Azure Active Directory properties.
+The v1.1 schema is recommended and does not require Azure Active Directory (AAD) properties.
 
 ```json
 {
   "type": "extensions",
   "name": "[name]",
-  "apiVersion": "2015-06-15",
+  "apiVersion": "2019-07-01",
   "location": "[location]",
   "properties": {
         "publisher": "Microsoft.Azure.Security",
+	"type": "AzureDiskEncryptionForLinux",
+        "typeHandlerVersion": "[extensionVersion]",
+	"autoUpgradeMinorVersion": true,
         "settings": {
           "DiskFormatQuery": "[diskFormatQuery]",
           "EncryptionOperation": "[encryptionOperation]",
-          "KeyEncryptionAlgorithm": "[keyEncryptionAlgorithm]",
-          "KeyEncryptionKeyURL": "[keyEncryptionKeyURL]",
-          "KeyVaultURL": "[keyVaultURL]",
-          "SequenceVersion": "sequenceVersion]",
+	  "KeyEncryptionAlgorithm": "[keyEncryptionAlgorithm]",
+	  "KeyVaultURL": "[keyVaultURL]",
+	  "KeyVaultResourceId": "[KeyVaultResourceId]",
+	  "KeyEncryptionKeyURL": "[keyEncryptionKeyURL]",
+	  "KekVaultResourceId": "[KekVaultResourceId",
+	  "SequenceVersion": "sequenceVersion]",
           "VolumeType": "[volumeType]"
-        },
-        "type": "AzureDiskEncryptionForLinux",
-        "typeHandlerVersion": "[extensionVersion]"
+        }
   }
 }
 ```
 
 
 ### Schema v0.1: with AAD 
 
-The 0.1 schema requires `aadClientID` and either `aadClientSecret` or `AADClientCertificate`.
+The 0.1 schema requires `AADClientID` and either `AADClientSecret` or `AADClientCertificate`.
 
-Using `aadClientSecret`:
+Using `AADClientSecret`:
 
 ```json
 {
   "type": "extensions",
   "name": "[name]",
-  "apiVersion": "2015-06-15",
+  "apiVersion": "2019-07-01",
   "location": "[location]",
   "properties": {
 	"protectedSettings": {
 	  "AADClientSecret": "[aadClientSecret]",
 	  "Passphrase": "[passphrase]"
 	},
 	"publisher": "Microsoft.Azure.Security",
+	"type": "AzureDiskEncryptionForLinux",
+	"typeHandlerVersion": "[extensionVersion]",
 	"settings": {
 	  "AADClientID": "[aadClientID]",
 	  "DiskFormatQuery": "[diskFormatQuery]",
@@ -88,9 +99,7 @@ Using `aadClientSecret`:
 	  "KeyVaultURL": "[keyVaultURL]",
 	  "SequenceVersion": "sequenceVersion]",
 	  "VolumeType": "[volumeType]"
-	},
-	"type": "AzureDiskEncryptionForLinux",
-	"typeHandlerVersion": "[extensionVersion]"
+	}
   }
 }
 ```
@@ -101,14 +110,16 @@ Using `AADClientCertificate`:
 {
   "type": "extensions",
   "name": "[name]",
-  "apiVersion": "2015-06-15",
+  "apiVersion": "2019-07-01",
   "location": "[location]",
   "properties": {
 	"protectedSettings": {
 	  "AADClientCertificate": "[aadClientCertificate]",
 	  "Passphrase": "[passphrase]"
 	},
 	"publisher": "Microsoft.Azure.Security",
+	"type": "AzureDiskEncryptionForLinux",
+	"typeHandlerVersion": "[extensionVersion]",
 	"settings": {
 	  "AADClientID": "[aadClientID]",
 	  "DiskFormatQuery": "[diskFormatQuery]",
@@ -118,9 +129,7 @@ Using `AADClientCertificate`:
 	  "KeyVaultURL": "[keyVaultURL]",
 	  "SequenceVersion": "sequenceVersion]",
 	  "VolumeType": "[volumeType]"
-	},
-	"type": "AzureDiskEncryptionForLinux",
-	"typeHandlerVersion": "[extensionVersion]"
+	}
   }
 }
 ```
@@ -130,40 +139,51 @@ Using `AADClientCertificate`:
 
 | Name | Value / Example | Data Type |
 | ---- | ---- | ---- |
-| apiVersion | 2015-06-15 | date |
+| apiVersion | 2019-07-01 | date |
 | publisher | Microsoft.Azure.Security | string |
 | type | AzureDiskEncryptionForLinux | string |
 | typeHandlerVersion | 0.1, 1.1 | int |
 | (0.1 schema) AADClientID | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx | guid | 
 | (0.1 schema) AADClientSecret | password | string |
 | (0.1 schema) AADClientCertificate | thumbprint | string |
+| (optional) (0.1 schema) Passphrase | password | string |
 | DiskFormatQuery | {"dev_path":"","name":"","file_system":""} | JSON dictionary |
 | EncryptionOperation | EnableEncryption, EnableEncryptionFormatAll | string | 
-| KeyEncryptionAlgorithm | 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' | string |
-| KeyEncryptionKeyURL | url | string |
-| (optional) KeyVaultURL | url | string |
-| Passphrase | password | string | 
-| SequenceVersion | uniqueidentifier | string |
+| (optional - default RSA-OAEP ) KeyEncryptionAlgorithm | 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' | string |
+| KeyVaultURL | url | string |
+| KeyVaultResourceId | url | string |
+| (optional) KeyEncryptionKeyURL | url | string |
+| (optional) KekVaultResourceId | url | string |
+| (optional) SequenceVersion | uniqueidentifier | string |
 | VolumeType | OS, Data, All | string |
 
 ## Template deployment
 
-For an example of template deployment, see [Enable Encryption on a running Linux VM](https://github.com/Azure/azure-quickstart-templates/tree/master/201-encrypt-running-linux-vm).
+For an example of template deployment based on schema v1.1, see the Azure Quickstart Template [201-encrypt-running-linux-vm-without-aad](https://github.com/Azure/azure-quickstart-templates/tree/master/201-encrypt-running-linux-vm-without-aad).
+
+For an example of template deployment based on schema v0.1, see the Azure Quickstart Template [201-encrypt-running-linux-vm](https://github.com/Azure/azure-quickstart-templates/tree/master/201-encrypt-running-linux-vm).
 
-## Azure CLI deployment
+>[!WARNING]
+> - If you have previously used Azure Disk Encryption with Azure AD to encrypt a VM, you must continue use this option to encrypt your VM.
+> - When encrypting Linux OS volumes, the VM should be considered unavailable. We strongly recommend to avoid SSH logins while the encryption is in progress to avoid issues blocking any open files that will need to be accessed during the encryption process. To check progress, use the [Get-AzVMDiskEncryptionStatus](/powershell/module/az.compute/get-azvmdiskencryptionstatus) PowerShell cmdlet or the [vm encryption show](/cli/azure/vm/encryption#az-vm-encryption-show) CLI command. This process can be expected to take a few hours for a 30GB OS volume, plus additional time for encrypting data volumes. Data volume encryption time will be proportional to the size and quantity of the data volumes unless the encrypt format all option is used. 
+> - Disabling encryption on Linux VMs is only supported for data volumes. It is not supported on data or OS volumes if the OS volume has been encrypted. 
 
-Instructions can be found in the latest [Azure CLI documentation](/cli/azure/vm/encryption?view=azure-cli-latest). 
+>[!NOTE]
+> Also if `VolumeType` parameter is set to Data or All, data disks will be encrypted only if they are properly mounted.
 
 ## Troubleshoot and support
 
 ### Troubleshoot
 
-For troubleshooting, refer to the [Azure Disk Encryption troubleshooting guide](../../security/azure-security-disk-encryption-tsg.md).
+For troubleshooting, refer to the [Azure Disk Encryption troubleshooting guide](../linux/disk-encryption-troubleshooting.md).
 
 ### Support
 
-If you need more help at any point in this article, you can contact the Azure experts on the [MSDN Azure and Stack Overflow forums](https://azure.microsoft.com/support/community/). Alternatively, you can file an Azure support incident. Go to the [Azure support site](https://azure.microsoft.com/support/options/) and select Get support. For information about using Azure Support, read the [Microsoft Azure support FAQ](https://azure.microsoft.com/support/faq/).
+If you need more help at any point in this article, you can contact the Azure experts on the [MSDN Azure and Stack Overflow forums](https://azure.microsoft.com/support/community/). 
+
+Alternatively, you can file an Azure support incident. Go to [Azure support](https://azure.microsoft.com/support/options/) and select Get support. For information about using Azure Support, read the [Microsoft Azure Support FAQ](https://azure.microsoft.com/support/faq/).
 
 ## Next steps
 
-For more information about VM extensions, see [Virtual machine extensions and features for Linux](features-linux.md).
+* For more information about VM extensions, see [Virtual machine extensions and features for Linux](features-linux.md).
+* For more information about Azure Disk Encryption for Linux, see [Linux virtual machines](../../security/fundamentals/azure-disk-encryption-vms-vmss.md#linux-virtual-machines).
diff --git a/articles/virtual-machines/extensions/azure-disk-enc-windows.md b/articles/virtual-machines/extensions/azure-disk-enc-windows.md
