Merge pull request #84818 from MicrosoftDocs/repo_sync_working_branch

huypub · web-flow · commit e3db8c7c47d0 · 2019-08-09T09:44:14.000-07:00
Confirm merge from repo_sync_working_branch to master to sync with https://github.com/Microsoft/azure-docs (branch master)
diff --git a/articles/active-directory-b2c/active-directory-b2c-ui-customization-custom.md b/articles/active-directory-b2c/active-directory-b2c-ui-customization-custom.md
@@ -48,6 +48,9 @@ Create HTML content with your product's brand name in the title.
 
 2. Paste the copied snippet in a text editor, and then save the file as *customize-ui.html*.
 
+> [!NOTE]
+> HTML form elements will be removed due to security restrictions if you use login.microsoftonline.com. Please use b2clogin.com if you want to use HTML form elements in your custom HTML content. See [Use b2clogin.com](b2clogin.md) for other benefits.
+
 ## Create an Azure Blob storage account
 
 >[!NOTE]
diff --git a/articles/active-directory-b2c/b2clogin.md b/articles/active-directory-b2c/b2clogin.md
@@ -17,12 +17,15 @@ ms.subservice: B2C
 
 When you set up an identity provider for sign-up and sign-in in your Azure Active Directory (Azure AD) B2C application, you need to specify a redirect URL. In the past, login.microsoftonline.com was used, now you should be using b2clogin.com.
 
+> [!NOTE]
+> You can use JavaScript client-side code (currently in preview) in b2clogin.com. Your JavaScript code will be removed from your custom page if you use login.microsoftonline.com. Additional security restrictions are also applied to login.microsoftonline.com, such as removing HTML form elements from your custom page. 
+
 Using b2clogin.com gives you additional benefits, such as:
 
 - Space consumed in the cookie header by Microsoft services is reduced.
 - Your URLs no longer include a reference to Microsoft. For example, `https://your-tenant-name.b2clogin.com/tenant-id/oauth2/authresp`.
 
->[!NOTE]
+> [!NOTE]
 > You can use both the tenant name and the tenant GUID as follows:
 > * `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com` (which still refers to `onmicrosoft.com`)
 > * `https://your-tenant-name.b2clogin.com/your-tenant-guid` (in which case there is no reference to Microsoft at all)
diff --git a/articles/active-directory/manage-apps/functions-for-customizing-application-data.md b/articles/active-directory/manage-apps/functions-for-customizing-application-data.md
@@ -389,7 +389,7 @@ Based on the user's first name, middle name and last name, you need to generate
 
     SelectUniqueValue( 
         Join("@", NormalizeDiacritics(StripSpaces(Join(".",  [PreferredFirstName], [PreferredLastName]))), "contoso.com"), 
-        Join("@", NormalizeDiacritics(StripSpaces(Join(".",  Mid([PreferredFirstName], 1, 1), [PreferredLastName]))), "contoso.com")
+        Join("@", NormalizeDiacritics(StripSpaces(Join(".",  Mid([PreferredFirstName], 1, 1), [PreferredLastName]))), "contoso.com"),
         Join("@", NormalizeDiacritics(StripSpaces(Join(".",  Mid([PreferredFirstName], 1, 2), [PreferredLastName]))), "contoso.com")
     )
 
diff --git a/articles/active-directory/saas-apps/slack-provisioning-tutorial.md b/articles/active-directory/saas-apps/slack-provisioning-tutorial.md
@@ -117,7 +117,9 @@ For more information on how to read the Azure AD provisioning logs, see [Reporti
   
   * Only updates if these two settings are configured in Slack's workplace/organization - **Profile syncing is enabled** and **Users cannot change their display name**.
   
-  * Slack's **userName** attribute has to be under 21 characters and have a unique value.
+* Slack's **userName** attribute has to be under 21 characters and have a unique value.
+
+* Slack only allows matching with the attributes **userName** and **email**.  
 
 ## Additional Resources
 
diff --git a/articles/aks/ssh.md b/articles/aks/ssh.md
@@ -35,7 +35,7 @@ To configure your virtual machine scale set-based for SSH access, find the name
 Use the [az aks show][az-aks-show] command to get the resource group name of your AKS cluster, then the [az vmss list][az-vmss-list] command to get the name of your scale set.
 
 ```azurecli-interactive
-CLUSTER_RESOURCE_GROUP=$(az aks show --resource-group myResourceGroup --name myAKSCluster --query nodeResourceGroup -o tsv)
+$CLUSTER_RESOURCE_GROUP=$(az aks show --resource-group myResourceGroup --name myAKSCluster --query nodeResourceGroup -o tsv)
 SCALE_SET_NAME=$(az vmss list --resource-group $CLUSTER_RESOURCE_GROUP --query [0].name -o tsv)
 ```
 
@@ -92,7 +92,7 @@ To configure your virtual machine availability set-based AKS cluster for SSH acc
 Use the [az aks show][az-aks-show] command to get the resource group name of your AKS cluster, then the [az vm list][az-vm-list] command to list the virtual machine name of your cluster's Linux node.
 
 ```azurecli-interactive
-CLUSTER_RESOURCE_GROUP=$(az aks show --resource-group myResourceGroup --name myAKSCluster --query nodeResourceGroup -o tsv)
+$CLUSTER_RESOURCE_GROUP=$(az aks show --resource-group myResourceGroup --name myAKSCluster --query nodeResourceGroup -o tsv)
 az vm list --resource-group $CLUSTER_RESOURCE_GROUP -o table
 ```
 
diff --git a/articles/api-management/api-management-howto-disaster-recovery-backup-restore.md b/articles/api-management/api-management-howto-disaster-recovery-backup-restore.md
@@ -172,6 +172,7 @@ Note the following constraints when making a backup request:
 -   While backup is in progress, **avoid changes in service management** such as SKU upgrade or downgrade, change in domain name, and more.
 -   Restore of a **backup is guaranteed only for 30 days** since the moment of its creation.
 -   **Usage data** used for creating analytics reports **isn't included** in the backup. Use [Azure API Management REST API][azure api management rest api] to periodically retrieve analytics reports for safekeeping.
+-   In addition, the following items are not part of the backup data: custom domain SSL certificates and any intermediate or root certificates uploaded by customer, developer portal content, and virtual network integration settings.
 -   The frequency with which you perform service backups affect your recovery point objective. To minimize it, we recommend implementing regular backups and performing on-demand backups after you make changes to your API Management service.
 -   **Changes** made to the service configuration, (for example, APIs, policies, and developer portal appearance) while backup operation is in process **might be excluded from the backup and will be lost**.
 -   **Allow** access from control plane to Azure Storage Account. Customer should open the following set of Inbound IPs on their Storage Account for Backup. 
diff --git a/articles/azure-functions/functions-create-first-java-maven.md b/articles/azure-functions/functions-create-first-java-maven.md
@@ -119,7 +119,7 @@ public class Function {
 
 ## Run the function locally
 
-Change directory to the newly created project folder and build and run the function with Maven:
+Change directory to the newly created project folder (the one containing your host.json and pom.xml files) and build and run the function with Maven:
 
 ```CMD
 cd fabrikam-function
diff --git a/articles/azure-functions/functions-run-local.md b/articles/azure-functions/functions-run-local.md
@@ -89,7 +89,7 @@ The following steps use Homebrew to install the Core Tools on macOS.
 
 The following steps use [APT](https://wiki.debian.org/Apt) to install Core Tools on your Ubuntu/Debian Linux distribution. For other Linux distributions, see the [Core Tools readme](https://github.com/Azure/azure-functions-core-tools/blob/master/README.md#linux).
 
-1. Register the Microsoft product key as trusted:
+1. Install the Microsoft package repository GPG key, to validate package integrity:
 
     ```bash
     curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
diff --git a/articles/azure-government/documentation-government-services-securityandidentity.md b/articles/azure-government/documentation-government-services-securityandidentity.md
@@ -37,10 +37,7 @@ The Qualys Vulnerability Assessment agent is not available.
 - **Windows Defender Advanced Threat Protection alerts**  
 Windows Defender ATP installation on Windows VMs via Security Center and the associated alerts are not available.
 
-### Alerts and notifications
-
-- **Email notifications for high severity alerts and JIT access**  
-Alerts and just-in-time access will function normally. However, email notifications are not available.
+### Notifications
 
 - **Azure activity logs**  
 User activity in Security Center is not logged in Azure activity logs in Microsoft Azure Government. This means that there’s no trace or audit for user performed actions.
diff --git a/articles/event-grid/custom-event-quickstart.md b/articles/event-grid/custom-event-quickstart.md
@@ -80,10 +80,10 @@ The endpoint for your web app must include the suffix `/api/updates/`.
 endpoint=https://$sitename.azurewebsites.net/api/updates
 
 az eventgrid event-subscription create \
-  -g gridResourceGroup \
-  --topic-name $topicname \
-  --name demoViewerSub \
+  --source-resource-id "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.EventGrid/topics/$topicname" 
+  --name demoViewerSub 
   --endpoint $endpoint
+  
 ```
 
 View your web app again, and notice that a subscription validation event has been sent to it. Select the eye icon to expand the event data. Event Grid sends the validation event so the endpoint can verify that it wants to receive event data. The web app includes code to validate the subscription.
diff --git a/articles/lighthouse/how-to/onboard-customer.md b/articles/lighthouse/how-to/onboard-customer.md
@@ -103,7 +103,7 @@ Locations         : {}
 # Log in first with az login if you're not using Cloud Shell
 
 az account set –subscription <subscriptionId>
-az provider show –namespace "Microsoft.ManagedServices" –-output table
+az provider show --namespace "Microsoft.ManagedServices" --output table
 ```
 
 This should return results similar to the following:
@@ -151,16 +151,16 @@ In order to define authorizations, you'll need to know the ID values for each us
 # Log in first with az login if you're not using Cloud Shell
 
 # To retrieve the objectId for an Azure AD group
-az ad group list –-query "[?displayName == '<yourGroupName>'].objectId" –-output tsv
+az ad group list --query "[?displayName == '<yourGroupName>'].objectId" --output tsv
 
 # To retrieve the objectId for an Azure AD user
-az ad user show –-upn-or-object-id "<yourUPN>" –-query "objectId" –-output tsv
+az ad user show --upn-or-object-id "<yourUPN>" –-query "objectId" --output tsv
 
 # To retrieve the objectId for an SPN
-az ad sp list –-query "[?displayName == '<spDisplayName>'].objectId" –-output tsv
+az ad sp list --query "[?displayName == '<spDisplayName>'].objectId" --output tsv
 
 # To retrieve role definition IDs
-az role definition list –-name "<roleName>" | grep name
+az role definition list --name "<roleName>" | grep name
 ```
 
 ## Create an Azure Resource Manager template
diff --git a/articles/machine-learning/service/concept-deep-learning-vs-machine-learning.md b/articles/machine-learning/service/concept-deep-learning-vs-machine-learning.md
@@ -73,7 +73,7 @@ One important task that deep learning can perform is e-discovery. Companies are
 
 ## What are artificial neural networks?
 
-An artificial neural network is a deep learning model inspired by the way biological neural networks in the human brain process information. There are multiple types of artificial neural networks that are currently being used. The most popular artificial neural network typologies are discussed below.
+Artificial neural networks are formed by layers of connected nodes. Deep learning models use neural networks with a very large number of layers. The most popular artificial neural network typologies are discussed below.
 
 ### Feedforward neural network
 
diff --git a/articles/network-watcher/network-watcher-nsg-flow-logging-portal.md b/articles/network-watcher/network-watcher-nsg-flow-logging-portal.md
@@ -105,6 +105,11 @@ NSG flow logging requires the **Microsoft.Insights** provider. To register the p
    ![Select flow Logs version](./media/network-watcher-nsg-flow-logging-portal/select-flow-log-version.png)
 
 9. Select the storage account that you created in step 3.
+   > [!NOTE]
+   > NSG Flow Logs do not work with storage accounts if:
+   > * The storage accounts have a firewall enabled.
+   > * The storage accounts have [hierarchical namespace](https://docs.microsoft.com/azure/storage/blobs/data-lake-storage-namespace) enabled.
+1. In the top, left corner of portal, select **All services**. In the **Filter** box, type *Network Watcher*. When **Network Watcher** appears in the search results, select it.
 10. Set **Retention (days)** to 5, and then select **Save**.
 
 ## Download flow log
@@ -210,7 +215,7 @@ The value for **mac** in the previous output is the MAC address of the network i
 | A            | Action                 | Whether the traffic was allowed (A) or denied (D).  
 | C            | Flow State **Version 2 Only** | Captures the state of the flow. Possible states are **B**: Begin, when a flow is created. Statistics aren't provided. **C**: Continuing for an ongoing flow. Statistics are provided at 5-minute intervals. **E**: End, when a flow is terminated. Statistics are provided. |
 | 30 | Packets sent - Source to destination **Version 2 Only** | The total number of TCP or UDP packets sent from source to destination since last update. |
-| 16978 | Bytes sent - Source to destination **Version 2 Only** | The total number of TCP or UDP packet bytes sent from source to destination since last update. Packet bytes include the packet header and payload. | 
+| 16978 | Bytes sent - Source to destination **Version 2 Only** | The total number of TCP or UDP packet bytes sent from source to destination since last update. Packet bytes include the packet header and payload. |
 | 24 | Packets sent - Destination to source **Version 2 Only** | The total number of TCP or UDP packets sent from destination to source since last update. |
 | 14008| Bytes sent - Destination to source **Version 2 Only** | The total number of TCP and UDP packet bytes sent from destination to source since last update. Packet bytes include packet header and payload.|
 
diff --git a/articles/sql-database/sql-database-active-geo-replication.md b/articles/sql-database/sql-database-active-geo-replication.md
@@ -71,7 +71,7 @@ To achieve real business continuity, adding database redundancy between datacent
 > [!NOTE]
 > The log replay is delayed on the secondary database if there are schema updates on the Primary. The latter requires a schema lock on the secondary database.
 > [!IMPORTANT]
-> You can use geo-replication to create a secondary database in the same region as the primary. You can use this secondary to load-balance a read-only workloads in the same region. However, a secondary database in the same region does not provide additional fault resilience and therefore is not a suitable failover target for disaster recovery. It will also not guarantee avaialability zone isolation. Use Business critical or Premium service tier with [zone redundant configuration](sql-database-high-availability.md#zone-redundant-configuration) to achieve avaialability zone isolation.   
+> You can use geo-replication to create a secondary database in the same region as the primary. You can use this secondary to load-balance a read-only workloads in the same region. However, a secondary database in the same region does not provide additional fault resilience and therefore is not a suitable failover target for disaster recovery. It will also not guarantee availability zone isolation. Use Business critical or Premium service tier with [zone redundant configuration](sql-database-high-availability.md#zone-redundant-configuration) to achieve availability zone isolation.   
 >
 
 - **Planned failover**
diff --git a/articles/virtual-desktop/set-up-scaling-script.md b/articles/virtual-desktop/set-up-scaling-script.md
@@ -60,7 +60,7 @@ Next, you'll need to create the securely stored credentials:
     Install-Module Microsoft.RdInfra.RdPowershell
     ```
     
-3. Open the edit pane and load the **Function-PSStoredCredentials.ps1** file.
+3. Open the edit pane and load the **Function-PSStoredCredentials.ps1** file, then run the whole script (F5)
 4. Run the following cmdlet:
     
     ```powershell
@@ -106,7 +106,7 @@ After configuring the configuration .xml file, you'll need to configure the Task
 4. Go to the **Triggers** tab, then select **New…**
 5. In the **New Trigger** dialog, under **Advanced settings**, check **Repeat task every** and select the appropriate period and duration (for example, **15 minutes** or **Indefinitely**).
 6. Select the **Actions** tab and **New…**
-7. In the **New Action** dialog, enter **powershell.exe** into the **Program/script** field, then enter **C:\\scaling\\RDSScaler.ps1** into the **Add arguments (optional)** field.
+7. In the **New Action** dialog, enter **powershell.exe** into the **Program/script** field, then enter **C:\\scaling\\basicScale.ps1** into the **Add arguments (optional)** field.
 8. Go to the **Conditions** and **Settings** tabs and select **OK** to accept the default settings for each.
 9. Enter the password for the administrative account where you plan to run the scaling script.
 
diff --git a/articles/virtual-network/troubleshoot-outbound-smtp-connectivity.md b/articles/virtual-network/troubleshoot-outbound-smtp-connectivity.md
@@ -33,7 +33,7 @@ For Enterprise Agreement Azure users, there's no change in the technical ability
 ## Pay-As-You-Go
 If you signed up before November 15, 2017 for the Pay-As-You-Go or Microsoft Partner Network subscription offers, there will be no change in the technical ability to try outbound email delivery. You'll continue to be able to try outbound email delivery from Azure VMs within these subscriptions directly to external email providers without any restrictions from the Azure platform. Again, it's not guaranteed that email providers will accept incoming email from any given user, and users will have to work directly with email providers to fix any message delivery or SPAM filtering issues that involve specific providers.
 
-For Pay-As-You-Go or Microsoft Partner Network subscriptions that were created after November 15, 2017, there will be technical restrictions that block email that’s sent directly from VMs within these subscriptions. If you want the ability to send email from Azure VMs directly to external email providers (not using an authenticated SMTP relay), you can make a request to remove the restriction. Requests will be reviewed and approved at Microsoft’s discretion, and they'll be granted only after additional anti-fraud checks are made. To make a request, open a support case by using the following issue type: **Subscription Management** Problem type: **Request to enable Port 25 email flow**. Make sure that you add details about why your deployment has to send mail directly to mail providers instead of using an authenticated relay.
+For Pay-As-You-Go or Microsoft Partner Network subscriptions that were created after November 15, 2017, there will be technical restrictions that block email that’s sent directly from VMs within these subscriptions. If you want the ability to send email from Azure VMs directly to external email providers (not using an authenticated SMTP relay), you can make a request to remove the restriction. Requests will be reviewed and approved at Microsoft’s discretion, and they'll be granted only after additional anti-fraud checks are made. To make a request, open a support case by using the following issue type: **Technical** > **Virtual Network** > **Connectivity** > **Cannot send email (SMTP/Port 25)**. Make sure that you add details about why your deployment has to send mail directly to mail providers instead of using an authenticated relay.
 
 After a Pay-As-You-Go or Microsoft Partner Network subscription is exempted and the VMs have been 'Stopped' & 'Started' from the Azure portal, all VMs within that subscription will be exempted going forward. The exemption is only applicable to the subscription requested.
 
diff --git a/includes/vpn-gateway-faq-bgp-include.md b/includes/vpn-gateway-faq-bgp-include.md
@@ -34,6 +34,13 @@ Yes, the following ASNs are [reserved by IANA](http://www.iana.org/assignments/i
 
 23456, 64496-64511, 65535-65551 and 429496729
 
+### What Private ASNs can I use?
+The useable range of Private ASNs that can be used are:
+
+* 64512-65514, 65521-65534
+
+These ASNs are not reserved by IANA or Azure for use and therefore can be used to assign to your Azure VPN Gateway.
+
 ### Can I use the same ASN for both on-premises VPN networks and Azure VNets?
 No, you must assign different ASNs between your on-premises networks and your Azure VNets if you are connecting them together with BGP. Azure VPN Gateways have a default ASN of 65515 assigned, whether BGP is enabled or not for your cross-premises connectivity. You can override this default by assigning a different ASN when creating the VPN gateway, or change the ASN after the gateway is created. You will need to assign your on-premises ASNs to the corresponding Azure Local Network Gateways.
 

Original file line number	Diff line number	Diff line change
`@@ -389,7 +389,7 @@ Based on the user's first name, middle name and last name, you need to generate`
`389`	`389`
`390`	`390`	`SelectUniqueValue(`
`391`	`391`	`Join("@", NormalizeDiacritics(StripSpaces(Join(".", [PreferredFirstName], [PreferredLastName]))), "contoso.com"),`
`392`		`- Join("@", NormalizeDiacritics(StripSpaces(Join(".", Mid([PreferredFirstName], 1, 1), [PreferredLastName]))), "contoso.com")`
	`392`	`+ Join("@", NormalizeDiacritics(StripSpaces(Join(".", Mid([PreferredFirstName], 1, 1), [PreferredLastName]))), "contoso.com"),`
`393`	`393`	`Join("@", NormalizeDiacritics(StripSpaces(Join(".", Mid([PreferredFirstName], 1, 2), [PreferredLastName]))), "contoso.com")`
`394`	`394`	`)`
`395`	`395`