Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into heidist-search

Author: HeidiSteen

articles/cosmos-db/connect-mongodb-account.md

@@ -45,11 +45,11 @@ This tutorial provides two ways to retrieve connection string information:
 ## Connection string requirements
 
 > [!Important]
-> Azure Cosmos DB has strict security requirements and standards. Azure Cosmos DB accounts require authentication and secure communication via *SSL*. 
+> Azure Cosmos DB has strict security requirements and standards. Azure Cosmos DB accounts require authentication and secure communication via *TLS*. 
 >
 >
 
-Azure Cosmos DB supports the standard MongoDB connection string URI format, with a couple of specific requirements: Azure Cosmos DB accounts require authentication and secure communication via SSL. So, the connection string format is:
+Azure Cosmos DB supports the standard MongoDB connection string URI format, with a couple of specific requirements: Azure Cosmos DB accounts require authentication and secure communication via TLS. So, the connection string format is:
 
     mongodb://username:password@host:port/[database]?ssl=true
 

articles/cosmos-db/create-mongodb-golang.md

@@ -89,7 +89,7 @@ The following snippets are all taken from the main.go file.
 
 ### Connecting the Go app to Cosmos DB
 
-Azure Cosmos DB's API for MongoDB supports the SSL-enabled connection. To connect, you need to define the **DialServer** function in [mgo.DialInfo](https://godoc.org/gopkg.in/mgo.v2#DialInfo), and make use of the [tls.*Dial*](https://golang.org/pkg/crypto/tls#Dial) function to perform the connection.
+Azure Cosmos DB's API for MongoDB supports the TLS-enabled connection. To connect, you need to define the **DialServer** function in [mgo.DialInfo](https://godoc.org/gopkg.in/mgo.v2#DialInfo), and make use of the [tls.*Dial*](https://golang.org/pkg/crypto/tls#Dial) function to perform the connection.
 
 The following Golang code snippet connects the Go app with Azure Cosmos DB's API for MongoDB. The *DialInfo* class holds options for establishing a session.
 
@@ -125,7 +125,7 @@ defer session.Close()
 session.SetSafe(&mgo.Safe{})
 ```
 
-The **mgo.Dial()** method is used when there is no SSL connection. For an SSL connection, the **mgo.DialWithInfo()** method is required.
+The **mgo.Dial()** method is used when there is no TLS connection. For a TLS connection, the **mgo.DialWithInfo()** method is required.
 
 An instance of the **DialWIthInfo{}** object is used to create the session object. Once the session is established, you can access the collection by using the following code snippet:
 

articles/cosmos-db/create-mongodb-nodejs.md

@@ -225,7 +225,7 @@ In the `db` object, replace the value of `uri` as show in the following example.
 ```
 
 > [!NOTE] 
-> The `ssl=true` option is important because [Cosmos DB requires SSL](connect-mongodb-account.md#connection-string-requirements). 
+> The `ssl=true` option is important because of Cosmos DB requirements. For more information, see [Connection string requirements](connect-mongodb-account.md#connection-string-requirements).
 >
 >
 

articles/cosmos-db/database-security.md

@@ -43,7 +43,7 @@ We recommend the following checklist of requirements on which to compare databas
 And although it may seem obvious, recent [large-scale database breaches](https://thehackernews.com/2017/01/mongodb-database-security.html) remind us of the simple but critical importance of the following requirements:
 
 - Patched servers that are kept up-to-date
-- HTTPS by default/SSL encryption
+- HTTPS by default/TLS encryption
 - Administrative accounts with strong passwords
 
 ## How does Azure Cosmos DB secure my database
@@ -71,7 +71,7 @@ Let's dig into each one in detail.
 |HTTPS/SSL/TLS encryption|All connections to Azure Cosmos DB support HTTPS. Azure Cosmos DB also supports TLS 1.2.<br>It is possible to enforce a minimum TLS version server-side. To do so, please contact [[email protected]](mailto:[email protected]).|
 |Encryption at rest|All data stored into Azure Cosmos DB is encrypted at rest. Learn more in [Azure Cosmos DB encryption at rest](./database-encryption-at-rest.md)|
 |Patched servers|As a managed database, Azure Cosmos DB eliminates the need to manage and patch servers, that's done for you, automatically.|
-|Administrative accounts with strong passwords|It's hard to believe we even need to mention this requirement, but unlike some of our competitors, it's impossible to have an administrative account with no password in Azure Cosmos DB.<br><br> Security via SSL and HMAC secret based authentication is baked in by default.|
+|Administrative accounts with strong passwords|It's hard to believe we even need to mention this requirement, but unlike some of our competitors, it's impossible to have an administrative account with no password in Azure Cosmos DB.<br><br> Security via TLS and HMAC secret based authentication is baked in by default.|
 |Security and data protection certifications| For the most up-to-date list of certifications see the overall [Azure Compliance site](https://www.microsoft.com/en-us/trustcenter/compliance/complianceofferings) as well as the latest [Azure Compliance Document](https://gallery.technet.microsoft.com/Overview-of-Azure-c1be3942) with all certifications (search for Cosmos). For a more focused read check out the April 25, 2018 post [Azure #CosmosDB: Secure, private, compliant that includes SOCS 1/2 Type 2, HITRUST, PCI DSS Level 1, ISO 27001, HIPAA, FedRAMP High, and many others.
 
 The following screenshot shows how you can use audit logging and activity logs to monitor your account: 

articles/cosmos-db/local-emulator.md

@@ -94,7 +94,7 @@ Account key: C2y6yDjf5/R+ob0N8A7Cgv30VRDJIWEHLM+4QDU5DE2nQ9nDuVTqobD4b8mGGyPMbIZ
 > [!NOTE]
 > If you have started the emulator with the /Key option, then use the generated key instead of `C2y6yDjf5/R+ob0N8A7Cgv30VRDJIWEHLM+4QDU5DE2nQ9nDuVTqobD4b8mGGyPMbIZnqyMsEcaGQy67XIw/Jw==`. For more information about /Key option, see [Command-line tool reference.](#command-line)
 
-As with the Azure Cosmos DB, the Azure Cosmos Emulator supports only secure communication via SSL.
+As with the Azure Cosmos DB, the Azure Cosmos Emulator supports only secure communication via TLS.
 
 ## Running on a local network
 
@@ -210,17 +210,17 @@ Start emulator from an administrator command prompt with "/EnableGremlinEndpoint
   :> g.V()
   ```
 
-## Export the SSL certificate
+## Export the TLS/SSL certificate
 
 .NET languages and runtime use the Windows Certificate Store to securely connect to the Azure Cosmos DB local emulator. Other languages have their own method of managing and using certificates. Java uses its own [certificate store](https://docs.oracle.com/cd/E19830-01/819-4712/ablqw/index.html) whereas Python uses [socket wrappers](https://docs.python.org/2/library/ssl.html).
 
 In order to obtain a certificate to use with languages and runtimes that do not integrate with the Windows Certificate Store, you will need to export it using the Windows Certificate Manager. You can start it by running certlm.msc or follow the step by step instructions in [Export the Azure Cosmos Emulator Certificates](./local-emulator-export-ssl-certificates.md). Once the certificate manager is running, open the Personal Certificates as shown below and export the certificate with the friendly name "DocumentDBEmulatorCertificate" as a BASE-64 encoded X.509 (.cer) file.
 
-![Azure Cosmos DB local emulator SSL certificate](./media/local-emulator/database-local-emulator-ssl_certificate.png)
+![Azure Cosmos DB local emulator TLS/SSL certificate](./media/local-emulator/database-local-emulator-ssl_certificate.png)
 
 The X.509 certificate can be imported into the Java certificate store by following the instructions in [Adding a Certificate to the Java CA Certificates Store](https://docs.microsoft.com/azure/java-add-certificate-ca-store). Once the certificate is imported into the certificate store, clients for SQL and Azure Cosmos DB's API for MongoDB will be able to connect to the Azure Cosmos Emulator.
 
-When connecting to the emulator from Python and Node.js SDKs, SSL verification is disabled.
+When connecting to the emulator from Python and Node.js SDKs, TLS verification is disabled.
 
 ## <a id="command-line"></a>Command-line tool reference
 From the installation location, you can use the command-line to start and stop the emulator, configure options, and perform other operations.
@@ -255,8 +255,8 @@ To view the list of options, type `Microsoft.Azure.Cosmos.Emulator.exe /?` at th
 | StopTraces     | Stop collecting debug trace logs using LOGMAN. | Microsoft.Azure.Cosmos.Emulator.exe /StopTraces  | |
 | StartWprTraces  |  Start collecting debug trace logs using Windows Performance Recording tool. | Microsoft.Azure.Cosmos.Emulator.exe /StartWprTraces | |
 | StopWprTraces     | Stop collecting debug trace logs using Windows Performance Recording tool. | Microsoft.Azure.Cosmos.Emulator.exe /StopWprTraces  | |
-|FailOnSslCertificateNameMismatch | By default the Emulator regenerates its self-signed SSL certificate, if the certificate's SAN does not include the Emulator host's domain name, local IPv4 address, 'localhost', and '127.0.0.1'. With this option, the emulator will fail at startup instead. You should then use the /GenCert option to create and install a new self-signed SSL certificate. | Microsoft.Azure.Cosmos.Emulator.exe /FailOnSslCertificateNameMismatch  | |
-| GenCert | Generate and install a new self-signed SSL certificate. optionally including a comma-separated list of additional DNS names for accessing the Emulator over the network. | Microsoft.Azure.Cosmos.Emulator.exe /GenCert=\<dns-names\> |\<dns-names\>: Optional comma-separated list of additional dns names  |
+|FailOnSslCertificateNameMismatch | By default the Emulator regenerates its self-signed TLS/SSL certificate, if the certificate's SAN does not include the Emulator host's domain name, local IPv4 address, 'localhost', and '127.0.0.1'. With this option, the emulator will fail at startup instead. You should then use the /GenCert option to create and install a new self-signed TLS/SSL certificate. | Microsoft.Azure.Cosmos.Emulator.exe /FailOnSslCertificateNameMismatch  | |
+| GenCert | Generate and install a new self-signed TLS/SSL certificate. optionally including a comma-separated list of additional DNS names for accessing the Emulator over the network. | Microsoft.Azure.Cosmos.Emulator.exe /GenCert=\<dns-names\> |\<dns-names\>: Optional comma-separated list of additional dns names  |
 | DirectPorts |Specifies the ports to use for direct connectivity. Defaults are 10251,10252,10253,10254. | Microsoft.Azure.Cosmos.Emulator.exe /DirectPorts:\<directports\> | \<directports\>: Comma-delimited list of 4 ports |
 | Key |Authorization key for the emulator. Key must be the base-64 encoding of a 64-byte vector. | Microsoft.Azure.Cosmos.Emulator.exe /Key:\<key\> | \<key\>: Key must be the base-64 encoding of a 64-byte vector|
 | EnableRateLimiting | Specifies that request rate limiting behavior is enabled. |Microsoft.Azure.Cosmos.Emulator.exe /EnableRateLimiting | |
@@ -393,7 +393,7 @@ powershell .\importcert.ps1
 Starting interactive shell
 ```
 
-Now use the endpoint and master key-in from the response in your client and import the SSL certificate into your host. To import the SSL certificate, do the following from an admin command prompt:
+Now use the endpoint and master key-in from the response in your client and import the TLS/SSL certificate into your host. To import the TLS/SSL certificate, do the following from an admin command prompt:
 
 From the command-line:
 
@@ -522,7 +522,7 @@ To collect debugging traces, run the following commands from an administrative c
 
 ## Next steps
 
-In this tutorial, you've learned how to use the local emulator for free local development. You can now proceed to the next tutorial and learn how to export emulator SSL certificates.
+In this tutorial, you've learned how to use the local emulator for free local development. You can now proceed to the next tutorial and learn how to export emulator TLS/SSL certificates.
 
 > [!div class="nextstepaction"]
 > [Export the Azure Cosmos Emulator certificates](local-emulator-export-ssl-certificates.md)

articles/cost-management-billing/costs/aws-integration-set-up-configure.md

@@ -3,7 +3,7 @@ title: Set up AWS integration with Azure Cost Management
 description: This article walks you through setting up and configuring AWS Cost and Usage report integration with Azure Cost Management.
 author: bandersmsft
 ms.author: banders
-ms.date: 02/12/2020
+ms.date: 04/02/2020
 ms.topic: conceptual
 ms.service: cost-management-billing
 ms.reviewer: matrive
@@ -15,6 +15,10 @@ With Amazon Web Services (AWS) Cost and Usage report (CUR) integration, you moni
 
 Cost Management processes the AWS Cost and Usage report stored in an S3 bucket by using your AWS access credentials to get report definitions and download report GZIP CSV files.
 
+Watch the video [How to set up Connectors for AWS in Cost Management](https://www.youtube.com/watch?v=Jg5KC1cx5cA) to learn more about how to set up AWS report integration..
+
+>[!VIDEO https://www.youtube.com/embed/Jg5KC1cx5cA]
+
 ## Create a Cost and Usage report in AWS
 
 Using a Cost and Usage report is the AWS-recommended way to collect and process AWS costs. For more information, see the [AWS Cost and Usage Report](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-reports-costusage.html) documentation.

articles/data-factory/delete-activity.md

@@ -20,7 +20,7 @@ ms.date: 08/20/2019
 You can use the Delete Activity in Azure Data Factory to delete files or folders from on-premises storage stores or cloud storage stores. Use this activity to clean up or archive files when they are no longer needed.
 
 > [!WARNING]
-> Deleted files or folders cannot be restored. Be cautious when using the Delete activity to delete files or folders.
+> Deleted files or folders cannot be restored (unless the storage has soft-delete enabled). Be cautious when using the Delete activity to delete files or folders.
 
 ## Best practices
 
@@ -573,4 +573,4 @@ You can also get the template to move files from [here](solution-template-move-f
 
 Learn more about moving files in Azure Data Factory.
 
--   [Copy Data tool in Azure Data Factory](copy-data-tool.md)
+-   [Copy Data tool in Azure Data Factory](copy-data-tool.md)

articles/hdinsight/create-cluster-error-dictionary.md

@@ -154,7 +154,7 @@ If you plan to use network security groups to control network traffic, take
 
 ---
 
-## Error code: StoragePermissionsBlockedForMsi  
+## Error code: StoragePermissionsBlockedForMsi
 
 ### Error
 
@@ -175,7 +175,7 @@ For more information, see [Set up permissions for the managed identity on the Da
 
 ---
 
-## Error code: InvalidNetworkSecurityGroupSecurityRules  
+## Error code: InvalidNetworkSecurityGroupSecurityRules
 
 ### Error
 
@@ -192,12 +192,12 @@ If you plan to use network security groups to control network traffic, take
 - Identify the Azure region that you plan to use for HDInsight, and create a safe list of the IP addresses for your region. For more information, see [Health and management services: Specific regions](https://docs.microsoft.com/azure/hdinsight/hdinsight-management-ip-addresses#health-and-management-services-specific-regions).
 - Identify the IP addresses that HDInsight requires. For more information, see [HDInsight management IP addresses](https://docs.microsoft.com/azure/hdinsight/hdinsight-management-ip-addresses).
 - Create or modify the network security groups for the subnet that you plan to install HDInsight into. For network security groups, allow inbound traffic on port 443 from the IP addresses. This configuration ensures that HDInsight management services can reach the cluster from outside the virtual network.
-  
+
 ---
 
 ## Error code: Cluster setup failed to install components on one or more hosts
 
-###  Error
+### Error
 
 "Cluster setup failed to install components on one or more hosts. Please retry your request."
 
@@ -209,6 +209,42 @@ Typically, this error is generated when there's a transient problem or an Azure
 
 Check the [Azure status](https://status.azure.com) page for any Azure outages that might affect cluster deployment. If there are no outages, retry cluster deployment.
 
+---
+
+## Error Code: FailedToConnectWithClusterErrorCode
+
+### Error
+
+Unable to connect to cluster management endpoint. Please retry later.
+
+### Cause
+
+HDInsight Service cannot connect to your cluster when attempting to create the cluster
+
+### Resolution
+
+If you are using custom VNet network security group (NSGs) and user-defined routes (UDRs), ensure that your cluster can communicate with HDInsight management services. For additional information see [HDInsight management IP addresses](https://docs.microsoft.com/azure/hdinsight/hdinsight-management-ip-addresses).
+
+---
+
+## Error Code: Deployments failed due to policy violation: 'Resource '<Resource URI>' was disallowed by policy. Policy identifiers: '[{"policyAssignment":{"name":"<Policy Name> ","id":"/providers/Microsoft.Management/managementGroups/<Management Group Name> providers/Microsoft.Authorization/policyAssignments/<Policy Name>"},"policyDefinition": <Policy Definition>
+
+### Cause
+
+Subscription-based Azure policies can deny the creation of public IP addresses. HDInsight cluster creation requires two public IPs.
+
+The following policies generally impact cluster creation:
+
+* Policies which prevent creating IP Addresses or Load balancers within the subscription.
+* Policy which prevent creating storage accounts.
+* Policy which prevent deleting networking resources such as IP Addresses or Load Balancers.
+
+### Resolution
+
+Delete or Disable the subscription-based Azure policy while creating HDInsight Cluster.
+
+---
+
 ## Next steps
 
 For more information about troubleshooting errors in cluster creation, see [Troubleshoot cluster creation failures with Azure HDInsight](https://docs.microsoft.com/azure/hdinsight/hadoop/hdinsight-troubleshoot-cluster-creation-fails).

articles/sentinel/connect-azure-ad-identity-protection.md

@@ -14,7 +14,7 @@ ms.author: yelevin
 
 
 
-You can stream logs from [Azure AD Identity Protection](https://docs.microsoft.com/azure/information-protection/reports-aip) into Azure Sentinel to stream alerts into Azure Sentinel to view dashboards, create custom alerts, and improve investigation. Azure Active Directory Identity Protection provides a consolidated view at risk users, risk detections and vulnerabilities, with the ability to remediate risk immediately, and set policies to auto-remediate future events. The service is built on Microsoft’s experience protecting consumer identities and gains tremendous accuracy from the signal from over 13 billion log-ins a day. 
+You can stream logs from [Azure AD Identity Protection](https://docs.microsoft.com/azure/active-directory/identity-protection/overview-identity-protection) into Azure Sentinel to stream alerts into Azure Sentinel to view dashboards, create custom alerts, and improve investigation. Azure Active Directory Identity Protection provides a consolidated view at risk users, risk detections and vulnerabilities, with the ability to remediate risk immediately, and set policies to auto-remediate future events. The service is built on Microsoft’s experience protecting consumer identities and gains tremendous accuracy from the signal from over 13 billion log-ins a day. 
 
 
 ## Prerequisites