Merge pull request #100666 from MicrosoftDocs/master

1/09 PM Publish

Author: huypub

CODEOWNERS

@@ -1,24 +1,17 @@
 # Testing the new code owners feature in GitHub. Please contact Cory Fowler if you have questions.
-# articles/storage/  @tamram @robinsh
-# articles/virtual-machines/  @iainfoulds @cynthn
-# articles/virtual-machines/linux/  @iainfoulds @cynthn
-# articles/virtual-machines/windows/  @iainfoulds @cynthn
-# articles/application-insights/  @SergeyKanzhelev
-# articles/cosmos-db/ @mimig1
-
-# All Articles
-articles/ @apex-docs-pr-reviewers
-
 # Cognitive Services
 articles/cognitive-services/ @diberry @erhopf, @nitinme
 
 # DevOps
-
 articles/ansible/ @TomArcherMsft
 articles/chef/ @TomArcherMsft
 articles/jenkins/ @TomArcherMsft
 articles/terraform/ @TomArcherMsft
 
 # Governance
-
 articles/governance/ @DCtheGeek
+
+# Configuration
+*.json @SyntaxC4
+.acrolinx-config.edn @MonicaRush
+articles/zone-pivot-groups.yml @SyntaxC4

articles/active-directory/users-groups-roles/domains-admin-takeover.md

@@ -125,40 +125,40 @@ cmdlet | Usage
 
 1. Connect to Azure AD using the credentials that were used to respond to the self-service offering:
    ```powershell
-    Install-Module -Name MSOnline
-    $msolcred = get-credential
+   Install-Module -Name MSOnline
+   $msolcred = get-credential
     
-    connect-msolservice -credential $msolcred
+   connect-msolservice -credential $msolcred
    ```
 2. Get a list of domains:
 
    ```powershell
-    Get-MsolDomain
+   Get-MsolDomain
    ```
 3. Run the Get-MsolDomainVerificationDns cmdlet to create a challenge:
    ```powershell
-    Get-MsolDomainVerificationDns –DomainName *your_domain_name* –Mode DnsTxtRecord
-  
+   Get-MsolDomainVerificationDns –DomainName *your_domain_name* –Mode DnsTxtRecord
+   ```
     For example:
-  
-    Get-MsolDomainVerificationDns –DomainName contoso.com –Mode DnsTxtRecord
+   ```
+   Get-MsolDomainVerificationDns –DomainName contoso.com –Mode DnsTxtRecord
    ```
 
 4. Copy the value (the challenge) that is returned from this command. For example:
    ```powershell
-    MS=32DD01B82C05D27151EA9AE93C5890787F0E65D9
+   MS=32DD01B82C05D27151EA9AE93C5890787F0E65D9
    ```
 5. In your public DNS namespace, create a DNS txt record that contains the value that you copied in the previous step. The name for this record is the name of the parent domain, so if you create this resource record by using the DNS role from Windows Server, leave the Record name blank and just paste the value into the Text box.
 6. Run the Confirm-MsolDomain cmdlet to verify the challenge:
 
    ```powershell
-    Confirm-MsolEmailVerifiedDomain -DomainName *your_domain_name*
+   Confirm-MsolDomain –DomainName *your_domain_name* –ForceTakeover Force
    ```
 
    For example:
 
    ```powershell
-    Confirm-MsolEmailVerifiedDomain -DomainName contoso.com
+   Confirm-MsolDomain –DomainName contoso.com –ForceTakeover Force
    ```
 
 A successful challenge returns you to the prompt without an error.

articles/api-management/api-management-howto-mutual-certificates.md

@@ -12,7 +12,7 @@ ms.service: api-management
 ms.workload: mobile
 ms.tgt_pltfrm: na
 ms.topic: article
-ms.date: 06/20/2018
+ms.date: 01/08/2020
 ms.author: apimpm
 ---
 
@@ -26,19 +26,22 @@ For information about managing certificates using the API Management REST API, s
 
 [!INCLUDE [updated-for-az](../../includes/updated-for-az.md)]
 
-This guide shows you how to configure your API Management service instance to use client certificate authentication to access the back-end service for an API. Before following the steps in this article, you should have your back-end service configured for client certificate authentication ([to configure certificate authentication in Azure WebSites refer to this article][to configure certificate authentication in Azure WebSites refer to this article]). You need access to the certificate and the password for uploading it to the API Management service.
+This guide shows you how to configure your API Management service instance to use client certificate authentication to access the back-end service for an API. Before following the steps in this article, you should have your back-end service configured for client certificate authentication ([to configure certificate authentication in the Azure App Service refer to this article][to configure certificate authentication in Azure WebSites refer to this article]). You need access to the certificate and the password for uploading it to the API Management service.
 
 ## <a name="step1"> </a>Upload a Certificate
 
+> [!NOTE]
+> Instead of an uploaded certificate you can use a certificate stored in the [Azure Key Vault](https://azure.microsoft.com/services/key-vault/) service as shown in this [example](https://github.com/galiniliev/api-management-policy-snippets/blob/galin/AkvCert/examples/Look%20up%20Key%20Vault%20certificate%20using%20Managed%20Service%20Identity%20and%20call%20backend.policy.xml).
+
 ![Add client certificates](media/api-management-howto-mutual-certificates/apim-client-cert-new.png)
 
 Follow the steps below to upload a new client certificate. If you have not created an API Management service instance yet, see the tutorial [Create an API Management service instance][Create an API Management service instance].
 
 1. Navigate to your Azure API Management service instance in the Azure portal.
 2. Select **Certificates** from the menu.
-3. Click the **+ Add** button.  
-    ![Add client certificates](media/api-management-howto-mutual-certificates/apim-client-cert-add.png)  
-4. Browse for the certificate, provide its ID and password.  
+3. Click the **+ Add** button.
+    ![Add client certificates](media/api-management-howto-mutual-certificates/apim-client-cert-add.png)
+4. Browse for the certificate, provide its ID and password.
 5. Click **Create**.
 
 > [!NOTE]
@@ -61,14 +64,14 @@ If the certificate is in use by an API, then a warning screen is displayed. To d
 
 ## <a name="step2"> </a>Configure an API to use a client certificate for gateway authentication
 
-1. Click **APIs** from the **API Management** menu on the left and navigate to the API.  
+1. Click **APIs** from the **API Management** menu on the left and navigate to the API.
     ![Enable client certificates](media/api-management-howto-mutual-certificates/apim-client-cert-enable.png)
 
-2. In the **Design** tab, click on a pencil icon of the **Backend** section. 
-3. Change the **Gateway credentials** to **Client cert** and select your certificate from the dropdown.  
+2. In the **Design** tab, click on a pencil icon of the **Backend** section.
+3. Change the **Gateway credentials** to **Client cert** and select your certificate from the dropdown.
     ![Enable client certificates](media/api-management-howto-mutual-certificates/apim-client-cert-enable-select.png)
 
-4. Click **Save**. 
+4. Click **Save**.
 
 > [!WARNING]
 > This change is effective immediately, and calls to operations of that API will use the certificate to authenticate on the back-end server.

articles/api-management/api-management-howto-properties.md

@@ -11,21 +11,21 @@ ms.service: api-management
 ms.workload: mobile
 ms.tgt_pltfrm: na
 ms.topic: article
-ms.date: 11/05/2019
+ms.date: 01/08/2020
 ms.author: apimpm
 ---
 
 # How to use named values in Azure API Management policies
 
 API Management policies are a powerful capability of the system that allow the Azure portal to change the behavior of the API through configuration. Policies are a collection of statements that are executed sequentially on the request or response of an API. Policy statements can be constructed using literal text values, policy expressions, and named values.
 
-Each API Management service instance has a properties collection of key/value pairs, which is called named values, that are global to the service instance. There is no imposed limit on the number of items in the collection. Named values can be used to manage constant string values across all API configuration and policies. Each named value may have the following attributes:
+Each API Management service instance has a collection of key/value pairs, which is called named values, that are global to the service instance. There is no imposed limit on the number of items in the collection. Named values can be used to manage constant string values across all API configuration and policies. Each named value may have the following attributes:
 
-| Attribute      | Type            | Description                                                                                                                         |
-| -------------- | --------------- | ----------------------------------------------------------------------------------------------------------------------------------- |
+| Attribute      | Type            | Description                                                                                                                            |
+| -------------- | --------------- | -------------------------------------------------------------------------------------------------------------------------------------- |
 | `Display name` | string          | Used for referencing the named value in policies. A string of one to 256 characters. Only letters, numbers, dot, and dash are allowed. |
-| `Value`        | string          | Actual value. Must not be empty or consist only of whitespace. Maximum of 4096 characters long.                                     |
-| `Secret`       | boolean         | Determines whether the value is a secret and should be encrypted or not.                                                            |
+| `Value`        | string          | Actual value. Must not be empty or consist only of whitespace. Maximum of 4096 characters long.                                        |
+| `Secret`       | boolean         | Determines whether the value is a secret and should be encrypted or not.                                                               |
 | `Tags`         | array of string | Used to filter the named value list. Up to 32 tags.                                                                                    |
 
 ![Named values](./media/api-management-howto-properties/named-values.png)
@@ -38,6 +38,9 @@ Named values can contain literal strings and [policy expressions](/azure/api-man
 | Credential | ••••••••••••••••••••••     | True   | security      |
 | Expression | @(DateTime.Now.ToString()) | False  |               |
 
+> [!NOTE]
+> Instead of named values stored within an API Management service, you can use values stored in the [Azure Key Vault](https://azure.microsoft.com/services/key-vault/) service as demonstrated by this [example](https://github.com/Azure/api-management-policy-snippets/blob/master/examples/Look%20up%20Key%20Vault%20secret%20using%20Managed%20Service%20Identity.policy.xml).
+
 ## To add and edit a named value
 
 ![Add a named value](./media/api-management-howto-properties/add-property.png)
@@ -46,7 +49,7 @@ Named values can contain literal strings and [policy expressions](/azure/api-man
 2. Select **Named values**.
 3. Press **+Add**.
 
-    Name and Value are required values. If value is a secret, check the *This is a secret* checkbox. Enter one or more optional tags to help with organizing your named values, and click Save.
+    Name and Value are required values. If value is a secret, check the _This is a secret_ checkbox. Enter one or more optional tags to help with organizing your named values, and click Save.
 
 4. Click **Create**.
 

articles/app-service/containers/configure-language-ruby.md

@@ -11,7 +11,7 @@ ms.custom: seodec18
 
 # Configure a Linux Ruby app for Azure App Service
 
-This article describes how [Azure App Service](app-service-linux-intro.md) runs Ruby apps, and how you can customize the behavior of App Service when needed. Ruby apps must be deployed with all the required [pip](https://pypi.org/project/pip/) modules.
+This article describes how [Azure App Service](app-service-linux-intro.md) runs Ruby apps, and how you can customize the behavior of App Service when needed. Ruby apps must be deployed with all the required [gems](https://rubygems.org/gems).
 
 This guide provides key concepts and instructions for Ruby developers who use a built-in Linux container in App Service. If you've never used Azure App Service, you should follow the [Ruby quickstart](quickstart-ruby.md) and [Ruby with PostgreSQL tutorial](tutorial-ruby-postgres-app.md) first.
 

articles/app-service/overview-managed-identity.md

@@ -15,7 +15,7 @@ ms.reviewer: yevbronsh
 > [!Important] 
 > Managed identities for App Service and Azure Functions will not behave as expected if your app is migrated across subscriptions/tenants. The app will need to obtain a new identity, which can be done by disabling and re-enabling the feature. See [Removing an identity](#remove) below. Downstream resources will also need to have access policies updated to use the new identity.
 
-This topic shows you how to create a managed identity for App Service and Azure Functions applications and how to use it to access other resources. A managed identity from Azure Active Directory allows your app to easily access other AAD-protected resources such as Azure Key Vault. The identity is managed by the Azure platform and does not require you to provision or rotate any secrets. For more about managed identities in AAD, see [Managed identities for Azure resources](../active-directory/managed-identities-azure-resources/overview.md).
+This topic shows you how to create a managed identity for App Service and Azure Functions applications and how to use it to access other resources. A managed identity from Azure Active Directory (AAD) allows your app to easily access other AAD-protected resources such as Azure Key Vault. The identity is managed by the Azure platform and does not require you to provision or rotate any secrets. For more about managed identities in AAD, see [Managed identities for Azure resources](../active-directory/managed-identities-azure-resources/overview.md).
 
 Your application can be granted two types of identities: 
 - A **system-assigned identity** is tied to your application and is deleted if your app is deleted. An app can only have one system-assigned identity.
@@ -74,7 +74,7 @@ The following steps will walk you through creating a web app and assigning it an
 
 The following steps will walk you through creating a web app and assigning it an identity using Azure PowerShell:
 
-1. If needed, install the Azure PowerShell using the instruction found in the [Azure PowerShell guide](/powershell/azure/overview), and then run `Login-AzAccount` to create a connection with Azure.
+1. If needed, install the Azure PowerShell using the instructions found in the [Azure PowerShell guide](/powershell/azure/overview), and then run `Login-AzAccount` to create a connection with Azure.
 
 2. Create a web application using Azure PowerShell. For more examples of how to use Azure PowerShell with App Service, see [App Service PowerShell samples](../app-service/samples-powershell.md):
 
@@ -232,12 +232,12 @@ Where `<PRINCIPALID>` and `<CLIENTID>` are replaced with GUIDs. The principalId
 
 ## Obtaining tokens for Azure resources
 
-An app can use its identity to get tokens to other resources protected by AAD, such as Azure Key Vault. These tokens represent the application accessing the resource, and not any specific user of the application. 
+An app can use its managed identity to get tokens to access other resources protected by AAD, such as Azure Key Vault. These tokens represent the application accessing the resource, and not any specific user of the application. 
 
 > [!IMPORTANT]
-> You may need to configure the target resource to allow access from your application. For example, if you request a token to Key Vault, you need to make sure you have added an access policy that includes your application's identity. Otherwise, your calls to Key Vault will be rejected, even if they include the token. To learn more about which resources support Azure Active Directory tokens, see [Azure services that support Azure AD authentication](../active-directory/managed-identities-azure-resources/services-support-managed-identities.md#azure-services-that-support-azure-ad-authentication).
+> You may need to configure the target resource to allow access from your application. For example, if you request a token to access Key Vault, you need to make sure you have added an access policy that includes your application's identity. Otherwise, your calls to Key Vault will be rejected, even if they include the token. To learn more about which resources support Azure Active Directory tokens, see [Azure services that support Azure AD authentication](../active-directory/managed-identities-azure-resources/services-support-managed-identities.md#azure-services-that-support-azure-ad-authentication).
 
-There is a simple REST protocol for obtaining a token in App Service and Azure Functions. This can be used for all applications and languages. For some .NET and Java, the Azure SDK provides an abstraction over this protocol and facilitates a local development experience.
+There is a simple REST protocol for obtaining a token in App Service and Azure Functions. This can be used for all applications and languages. For .NET and Java, the Azure SDK provides an abstraction over this protocol and facilitates a local development experience.
 
 ### Using the REST protocol
 

articles/automation/automation-dsc-onboarding.md

@@ -32,8 +32,7 @@ Azure Automation State Configuration can be used to manage a variety of machines
 
 - Azure virtual machines
 - Azure virtual machines (classic)
-- Amazon Web Services (AWS) EC2 instances
-- Physical/virtual Windows machines on-premises, or in a cloud other than Azure/AWS
+- Physical/virtual Windows machines on-premises, or in a cloud other than Azure (including AWS EC2 instances)
 - Physical/virtual Linux machines on-premises, in Azure, or in a cloud other than Azure
 
 In addition, if you are not ready to manage machine configuration from the cloud, Azure Automation
@@ -99,13 +98,7 @@ Examples are provided in
 To find the registration key and registration URL to use as parameters in the template,
 see the following [**Secure registration**](#secure-registration) section.
 
-## Amazon Web Services (AWS) virtual machines
-
-You can easily onboard Amazon Web Services virtual machines for configuration management by Azure
-Automation State Configuration using the AWS DSC Toolkit. You can learn more about the toolkit
-[here](https://blogs.msdn.microsoft.com/powershell/2016/04/20/aws-dsc-toolkit/).
-
-## Physical/virtual Windows machines on-premises, or in a cloud other than Azure/AWS
+## Physical/virtual Windows machines on-premises, or in a cloud other than Azure (including AWS EC2 instances)
 
 Windows servers running on-premises or in other cloud environments
 can also be onboarded to Azure Automation State Configuration, as long as they have

articles/automation/automation-onboard-solutions-from-automation-account.md

@@ -53,7 +53,7 @@ If the selected workspace already has the solution, the solution isn't re-deploy
 
 When a computer is added to the Update Management or the Change Tracking and Inventory solutions, they're added to one of two saved searches in your workspace. These saved searches are queries that contain the computers that are targeted for these solutions.
 
-Navigate to your Automation account and select **Saved searches** under **General**. The two saved searches used by these solutions can be seen in the following table:
+Navigate to your Log Analytics workspace and select **Saved searches** under **General**. The two saved searches used by these solutions can be seen in the following table:
 
 |Name     |Category  |Alias  |
 |---------|---------|---------|

articles/automation/troubleshoot/desired-state-configuration.md

@@ -269,7 +269,7 @@ Treat the cross-subscription node as though it lives in a separate cloud, or on-
 
 Follow the steps below to register the node.
 
-* Windows - [Physical/virtual Windows machines on-premises, or in a cloud other than Azure/AWS](../automation-dsc-onboarding.md#physicalvirtual-windows-machines-on-premises-or-in-a-cloud-other-than-azureaws).
+* Windows - [Physical/virtual Windows machines on-premises, or in a cloud other than Azure/AWS](../automation-dsc-onboarding.md#physicalvirtual-windows-machines-on-premises-or-in-a-cloud-other-than-azure-including-aws-ec2-instances).
 * Linux - [Physical/virtual Linux machines on-premises, or in a cloud other than Azure](../automation-dsc-onboarding.md#physicalvirtual-linux-machines-on-premises-or-in-a-cloud-other-than-azure).
 
 ### <a name="agent-has-a-problem"></a>Scenario: Error message - "Provisioning Failed"