Merge pull request #73299 from MicrosoftDocs/repo_sync_working_branch

rmca14 · web-flow · commit e63f98c2fccd · 2019-04-17T10:00:43.000-07:00
Resolve syncing conflicts from repo_sync_working_branch to master
diff --git a/articles/active-directory/hybrid/how-to-connect-install-prerequisites.md b/articles/active-directory/hybrid/how-to-connect-install-prerequisites.md
@@ -56,6 +56,19 @@ Before you install Azure AD Connect, there are a few things that you need.
 * If Active Directory Federation Services is being deployed, you need [SSL Certificates](#ssl-certificate-requirements).
 * If Active Directory Federation Services is being deployed, then you need to configure [name resolution](#name-resolution-for-federation-servers).
 * If your global administrators have MFA enabled, then the URL **https://secure.aadcdn.microsoftonline-p.com** must be in the trusted sites list. You are prompted to add this site to the trusted sites list when you are prompted for an MFA challenge and it has not added before. You can use Internet Explorer to add it to your trusted sites.
+* Microsoft recommends hardening your Azure AD Connect server to decrease the security attack surface for this critical component of your IT environment.  Following the recommendations below will decrease the security risks to your organization.
+
+* Deploy Azure AD Connect on a domain joined server and restrict administrative access to domain administrators or other tightly controlled security groups.
+
+To learn more, see: 
+
+* [Securing administrators groups](https://docs.microsoft.com/windows-server/identity/ad-ds/plan/security-best-practices/appendix-g--securing-administrators-groups-in-active-directory)
+
+* [Securing built-in administrator accounts](https://docs.microsoft.com/windows-server/identity/ad-ds/plan/security-best-practices/appendix-d--securing-built-in-administrator-accounts-in-active-directory)
+
+* [Security improvement and sustainment by reducing attack surfaces](https://docs.microsoft.com/windows-server/identity/securing-privileged-access/securing-privileged-access#2-reduce-attack-surfaces )
+
+* [Reducing the Active Directory attack surface](https://docs.microsoft.com/windows-server/identity/ad-ds/plan/security-best-practices/reducing-the-active-directory-attack-surface)
 
 ### SQL Server used by Azure AD Connect
 * Azure AD Connect requires a SQL Server database to store identity data. By default a SQL Server 2012 Express LocalDB (a light version of SQL Server Express) is installed. SQL Server Express has a 10GB size limit that enables you to manage approximately 100,000 objects. If you need to manage a higher volume of directory objects, you need to point the installation wizard to a different installation of SQL Server.
diff --git a/articles/aks/virtual-nodes-cli.md b/articles/aks/virtual-nodes-cli.md
@@ -98,7 +98,7 @@ az network vnet subnet create \
     --resource-group myResourceGroup \
     --vnet-name myVnet \
     --name myVirtualNodeSubnet \
-    --address-prefix 10.241.0.0/16
+    --address-prefixes 10.241.0.0/16
 ```
 
 ## Create a service principal
@@ -343,7 +343,7 @@ Virtual nodes are often one component of a scaling solution in AKS. For more inf
 [kubectl-apply]: https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#apply
 [node-selector]:https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
 [toleration]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
-[aks-github]: https://github.com/azure/aks/issues]
+[aks-github]: https://github.com/azure/aks/issues
 [virtual-node-autoscale]: https://github.com/Azure-Samples/virtual-node-autoscale
 [virtual-kubelet-repo]: https://github.com/virtual-kubelet/virtual-kubelet
 
diff --git a/articles/api-management/add-api-manually.md b/articles/api-management/add-api-manually.md
@@ -23,7 +23,7 @@ The steps in this article show how to use the Azure portal to add an API manuall
 
 If you want to import an existing API, see [related topics](#related-topics) section.
 
-In this article, we create a blank API and specify [httpbin.org](http://httpbin.org) (a public testing service) as a back-end API.
+In this article, we create a blank API and specify [httpbin.org](https://httpbin.org) (a public testing service) as a back-end API.
 
 ## Prerequisites
 
@@ -45,7 +45,7 @@ Complete the following quickstart: [Create an Azure API Management instance](get
     |**Name**|**Value**|**Description**|
     |---|---|---|
     |**Display name**|"*Blank API*" |This name is displayed in the Developer portal.|
-    |**Web Service URL** (optional)| "*http://httpbin.org*"| If you want to mock an API, you might not enter anything. <br/>In this case, we enter [http://httpbin.org](http://httpbin.org). This is a public testing service. <br/>If you want to import an API that is mapped to a back end automatically, see one of the topics in the [related topics](#related-topics) section.|
+    |**Web Service URL** (optional)| "*https://httpbin.org*"| If you want to mock an API, you might not enter anything. <br/>In this case, we enter [https://httpbin.org](https://httpbin.org). This is a public testing service. <br/>If you want to import an API that is mapped to a back end automatically, see one of the topics in the [related topics](#related-topics) section.|
     |**URL scheme**|"*HTTPS*"|In this case, even though the back end has non-secure HTTP access, we specify a secure HTTPS APIM access to the back end. <br/>This kind of scenario (HTTPS to HTTP) is called HTTPS termination. You might do it if your API exists within a virtual network (where you know the access is secure even if HTTPS is not used). <br/>You might want to use "HTTPS termination" to save on some CPU cycles.|
     |**URL suffix**|"*hbin*"| The suffix is a name that identifies this specific API in this APIM instance. It has to be unique in this APIM instance.|
     |**Products**|"*Unlimited*" |Publish the API by associating the API with a product. If you want for the API to be published and be available to developers, add it to a product. You can do it during API creation or set it later.<br/><br/>Products are associations of one or more APIs. You can include a number of APIs and offer them to developers through the developer portal. <br/>Developers must first subscribe to a product to get access to the API. When they subscribe, they get a subscription key that is good for any API in that product. If you created the APIM instance, you are an administrator already, so you are subscribed to every product by default.<br/><br/> By default, each API Management instance comes with two sample products: **Starter** and **Unlimited**.| 
diff --git a/articles/app-service/app-service-web-tutorial-php-mysql.md b/articles/app-service/app-service-web-tutorial-php-mysql.md
@@ -358,7 +358,7 @@ The following command configures the app settings `DB_HOST`, `DB_DATABASE`, `DB_
 az webapp config appsettings set --name <app_name> --resource-group myResourceGroup --settings DB_HOST="<mysql_server_name>.mysql.database.azure.com" DB_DATABASE="sampledb" DB_USERNAME="phpappuser@<mysql_server_name>" DB_PASSWORD="MySQLAzure2017" MYSQL_SSL="true"
 ```
 
-You can use the PHP [getenv](http://www.php.net/manual/en/function.getenv.php) method to access the settings. the Laravel code uses an [env](https://laravel.com/docs/5.4/helpers#method-env) wrapper over the PHP `getenv`. For example, the MySQL configuration in _config/database.php_ looks like the following code:
+You can use the PHP [getenv](https://www.php.net/manual/en/function.getenv.php) method to access the settings. the Laravel code uses an [env](https://laravel.com/docs/5.4/helpers#method-env) wrapper over the PHP `getenv`. For example, the MySQL configuration in _config/database.php_ looks like the following code:
 
 ```php
 'mysql' => [
diff --git a/articles/app-service/web-sites-traffic-manager.md b/articles/app-service/web-sites-traffic-manager.md
@@ -39,7 +39,7 @@ Azure Traffic Manager uses four different routing methods. These methods are des
 For more information, see [Traffic Manager routing methods](../traffic-manager/traffic-manager-routing-methods.md).
 
 ## App Service and Traffic Manager Profiles
-To configure the control of App Service app traffic, you create a profile in Azure Traffic Manager that uses one of the three load balancing methods described previously, and then add the endpoints (in this case, App Service) for which you want to control traffic to the profile. Your app status (running, stopped, or deleted) is regularly communicated to the profile so that Azure Traffic Manager can direct traffic accordingly.
+To configure the control of App Service app traffic, you create a profile in Azure Traffic Manager that uses one of the four load balancing methods described previously, and then add the endpoints (in this case, App Service) for which you want to control traffic to the profile. Your app status (running, stopped, or deleted) is regularly communicated to the profile so that Azure Traffic Manager can direct traffic accordingly.
 
 When using Azure Traffic Manager with Azure, keep in mind the following points:
 
diff --git a/articles/application-gateway/how-to-troubleshoot-application-gateway-session-affinity-issues.md b/articles/application-gateway/how-to-troubleshoot-application-gateway-session-affinity-issues.md
@@ -91,7 +91,7 @@ This issue occurs because Internet Explorer and other browsers may not store or
 
 #### Resolution
 
-To fix this issue, you should access the Application Gateway by using a FQDN. For example, use [http://website.com](http://website.com/) or [http://appgw.website.com](http://appgw.website.com/) .
+To fix this issue, you should access the Application Gateway by using a FQDN. For example, use [http://website.com](https://website.com/) or [http://appgw.website.com](http://appgw.website.com/) .
 
 ## Additional logs to troubleshoot
 
@@ -202,4 +202,4 @@ Use the web debugger of your choice. In this sample we will use Fiddler to captu
 
 ## Next steps
 
-If the preceding steps do not resolve the issue, open a [support ticket](https://azure.microsoft.com/support/options/).
+If the preceding steps do not resolve the issue, open a [support ticket](https://azure.microsoft.com/support/options/).
diff --git a/articles/application-gateway/rewrite-http-headers.md b/articles/application-gateway/rewrite-http-headers.md
@@ -32,7 +32,7 @@ Using the rewrite conditions you can evaluate the content of the HTTP(S) request
 - HTTP headers in the response
 - Application gateway server variables
 
-A condition can be used to evaluate whether the specified variable is present, whether the specified variable exactly matches a specific value, or whether the specified variable exactly matches a specific pattern. [Perl Compatible Regular Expressions (PCRE) library](https://www.pcre.org/) is used to implement regular expression pattern matching in the conditions. To learn about the regular expression syntax, see the [Perl regular expressions man page](http://perldoc.perl.org/perlre.html).
+A condition can be used to evaluate whether the specified variable is present, whether the specified variable exactly matches a specific value, or whether the specified variable exactly matches a specific pattern. [Perl Compatible Regular Expressions (PCRE) library](https://www.pcre.org/) is used to implement regular expression pattern matching in the conditions. To learn about the regular expression syntax, see the [Perl regular expressions man page](https://perldoc.perl.org/perlre.html).
 
 ## Rewrite actions
 
@@ -149,4 +149,4 @@ Contact us at [AGHeaderRewriteHelp@microsoft.com](mailto:AGHeaderRewriteHelp@mic
 To learn how to rewrite HTTP headers, see:
 
 -  [Rewrite HTTP headers using Azure portal](https://docs.microsoft.com/azure/application-gateway/rewrite-http-headers-portal)
--  [Rewrite HTTP headers using Azure PowerShell](add-http-header-rewrite-rule-powershell.md)
+-  [Rewrite HTTP headers using Azure PowerShell](add-http-header-rewrite-rule-powershell.md)
diff --git a/articles/container-registry/container-registry-get-started-azure-cli.md b/articles/container-registry/container-registry-get-started-azure-cli.md
@@ -90,13 +90,13 @@ Output:
 ```
 Result
 ----------------
-busybox
+hello-world
 ```
 
-The following example lists the tags on the **busybox** repository.
+The following example lists the tags on the **hello-world** repository.
 
 ```azurecli
-az acr repository show-tags --name <acrName> --repository busybox --output table
+az acr repository show-tags --name <acrName> --repository hello-world --output table
 ```
 
 Output:
diff --git a/articles/container-registry/container-registry-get-started-portal.md b/articles/container-registry/container-registry-get-started-portal.md
@@ -56,7 +56,7 @@ The command returns `Login Succeeded` once completed.
 
 To list the images in your registry, navigate to your registry in the portal and select **Repositories**, then select the repository you created with `docker push`.
 
-In this example, we select the **busybox** repository, and we can see the `v1`-tagged image under **TAGS**.
+In this example, we select the **hello-world** repository, and we can see the `v1`-tagged image under **TAGS**.
 
 ![List container images in the Azure portal][qs-portal-09]
 
diff --git a/articles/container-registry/media/container-registry-get-started-portal/qs-portal-09.png b/articles/container-registry/media/container-registry-get-started-portal/qs-portal-09.png
diff --git a/articles/cosmos-db/sql-api-get-started.md b/articles/cosmos-db/sql-api-get-started.md
@@ -86,7 +86,10 @@ Follow these instructions to create an Azure Cosmos DB account in the Azure port
 1. Find and select **Microsoft.Azure.DocumentDB**, and select **Install** if it's not already installed.
    
    The package ID for the Azure Cosmos DB SQL API Client Library is [Microsoft Azure Cosmos DB Client Library](https://www.nuget.org/packages/Microsoft.Azure.DocumentDB/).
-   
+
+   > [!NOTE]
+   > If you are using .NET Core, please see [the .NET Core docs](./sql-api-dotnetcore-get-started.md).
+
    ![Screenshot of the NuGet Menu for finding Azure Cosmos DB Client SDK](./media/sql-api-get-started/nosql-tutorial-manage-nuget-pacakges-2.png)
    
    If you get a message about previewing changes to the solution, select **OK**. If you get a message about license acceptance, select **I accept**.
diff --git a/articles/cost-management/tutorial-export-acm-data.md b/articles/cost-management/tutorial-export-acm-data.md
@@ -40,7 +40,13 @@ Sign in to the Azure portal at [https://portal.azure.com](https://portal.azure.c
 
 ## Create a daily export
 
-To create or view a data export or to schedule an export, open the desired scope in the Azure portal and select **Cost analysis** in the menu. For example, navigate to **Subscriptions**, select a subscription from the list, and then select **Cost analysis** in the menu. At the top of the Cost analysis page, click **Export** and then choose an export option. For example, click **Schedule export**. For more information about scopes, see [Understand and work with scopes](understand-work-scopes.md).
+To create or view a data export or to schedule an export, open the desired scope in the Azure portal and select **Cost analysis** in the menu. For example, navigate to **Subscriptions**, select a subscription from the list, and then select **Cost analysis** in the menu. At the top of the Cost analysis page, click **Export** and then choose an export option. For example, click **Schedule export**.  
+
+> [!NOTE]
+> Besides subscriptions, you can create exports on resource groups, accounts, departments, and enrollments. For more information about scopes, see [Understand and work with scopes](understand-work-scopes.md).
+> 
+> 
+
 
 Click **Add**, type a name for the export, and then select the **Daily export of month-to-date costs** option. Click **Next**.
 
diff --git a/articles/dns/dns-alerts-metrics.md b/articles/dns/dns-alerts-metrics.md
@@ -22,7 +22,7 @@ Azure DNS is a hosting service for DNS domains that provides name resolution usi
 
 ## Azure DNS metrics
 
-Azure DNS provides metrics for customers to enable them to monitor specific aspects of their DNS ones hosted in the service. In addition, with Azure DNS metrics, you can configure and receive alerts based on conditions of interest. The metrics are provided via the [Azure Monitor service](../azure-monitor/index.yml). 
+Azure DNS provides metrics for customers to enable them to monitor specific aspects of their DNS zones hosted in the service. In addition, with Azure DNS metrics, you can configure and receive alerts based on conditions of interest. The metrics are provided via the [Azure Monitor service](../azure-monitor/index.yml). 
 Azure DNS provides the following metrics via Azure Monitor for your DNS zones:
 
 -	QueryVolume
@@ -38,6 +38,7 @@ The granular level of dimension for these metrics is DNS Zone.
 ### Query volume
 
 The *Query Volume* metric in Azure DNS shows the volume of DNS queries (query traffic) that is received by Azure DNS for your DNS zone. The unit of measurement is Count and the aggregation is the total of all the queries received over a period of time. 
+
 To view this metric, select Metrics (preview) explorer experience from the Monitor tab in the Azure portal. Select your DNS zone from the Resource drop-down, select the Query Volume metric, and select Sum as the Aggregation. Below screenshot shows an example.  For more information on the Metrics Explorer experience and charting, see [Azure Monitor Metrics Explorer](../azure-monitor/platform/metrics-charts.md).
 
 ![Query volume](./media/dns-alerts-metrics/dns-metrics-query-volume.png)
diff --git a/articles/dns/media/dns-alerts-metrics/dns-metrics-query-volume.png b/articles/dns/media/dns-alerts-metrics/dns-metrics-query-volume.png
diff --git a/articles/dns/media/dns-alerts-metrics/dns-metrics-record-set-capacity-uitlization.png b/articles/dns/media/dns-alerts-metrics/dns-metrics-record-set-capacity-uitlization.png
diff --git a/articles/dns/media/dns-alerts-metrics/dns-metrics-record-set-count.png b/articles/dns/media/dns-alerts-metrics/dns-metrics-record-set-count.png
diff --git a/articles/sql-database/sql-database-copy.md b/articles/sql-database/sql-database-copy.md
@@ -19,7 +19,7 @@ Azure SQL Database provides several methods for creating a transactionally consi
 
 ## Overview
 
-A database copy is a snapshot of the source database as of the time of the copy request. You can select the same server or a different server, its service tier and compute size, or a different compute size within the same service tier (edition). After the copy is complete, it becomes a fully functional, independent database. At this point, you can upgrade or downgrade it to any edition. The logins, users, and permissions can be managed independently.  
+A database copy is a snapshot of the source database as of the time of the copy request. You can select the same server or a different server. Also you can choose to keep its service tier and compute size, or use a different compute size within the same service tier (edition). After the copy is complete, it becomes a fully functional, independent database. At this point, you can upgrade or downgrade it to any edition. The logins, users, and permissions can be managed independently.  
 
 > [!NOTE]
 > [Automated database backups](sql-database-automated-backups.md) are used when you create a database copy.
