Updates from: 12/28/2020 04:03:48
Service Microsoft Docs article Related commit history on GitHub Change details
active-directory https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-quick-start https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/hybrid/how-to-connect-pta-quick-start.md
@@ -46,7 +46,7 @@ Ensure that the following prerequisites are in place.
### In your on-premises environment
-1. Identify a server running Windows Server 2012 R2 or later to run Azure AD Connect. If not enabled already, [enable TLS 1.2 on the server](./how-to-connect-install-prerequisites.md#enable-tls-12-for-azure-ad-connect). Add the server to the same Active Directory forest as the users whose passwords you need to validate.
+1. Identify a server running Windows Server 2012 R2 or later to run Azure AD Connect. If not enabled already, [enable TLS 1.2 on the server](./how-to-connect-install-prerequisites.md#enable-tls-12-for-azure-ad-connect). Add the server to the same Active Directory forest as the users whose passwords you need to validate. It should be noted that installation of Pass-Through Authentication agent on Windows Server Core versions is not supported.
2. Install the [latest version of Azure AD Connect](https://www.microsoft.com/download/details.aspx?id=47594) on the server identified in the preceding step. If you already have Azure AD Connect running, ensure that the version is 1.1.750.0 or later. >[!NOTE]
active-directory https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/thousandeyes-provisioning-tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/thousandeyes-provisioning-tutorial.md
@@ -50,15 +50,22 @@ This section guides you through connecting your Azure AD to ThousandEyes's user
### Configure automatic user account provisioning to ThousandEyes in Azure AD
-1. In the [Azure portal](https://portal.azure.com), browse to the **Azure Active Directory > Enterprise Apps > All applications** section.
+1. Sign in to the [Azure portal](https://portal.azure.com). Select **Enterprise Applications**, then select **All applications**.
+
+ ![Enterprise applications blade](common/enterprise-applications.png)
2. If you have already configured ThousandEyes for single sign-on, search for your instance of ThousandEyes using the search field. Otherwise, select **Add** and search for **ThousandEyes** in the application gallery. Select ThousandEyes from the search results, and add it to your list of applications.
+ ![The ThousandEyes link in the Applications list](common/all-applications.png)
+
3. Select your instance of ThousandEyes, then select the **Provisioning** tab.
+ ![Provisioning tab](common/provisioning.png)
+ 4. Set the **Provisioning Mode** to **Automatic**.
- ![Screenshot shows the Provisioning tab for ThousandEyes with Automatic selected for Provisioning Mode.](./media/thousandeyes-provisioning-tutorial/ThousandEyes1.png)
+![Screenshot shows the Provisioning tab for ThousandEyes with Automatic selected for Provisioning Mode.](./media/thousandeyes-provisioning-tutorial/ThousandEyes1.png)
+
5. Under the **Admin Credentials** section, input the **OAuth Bearer Token** generated by your ThousandEyes's account (you can find and or generate a token under your ThousandEyes account **Profile** section).
@@ -67,27 +74,54 @@ generated by your ThousandEyes's account (you can find and or generate a token u
6. In the Azure portal, click **Test Connection** to ensure Azure AD can connect to your ThousandEyes app. If the connection fails, ensure your ThousandEyes account has Admin permissions and try step 5 again.
-7. Enter the email address of a person or group who should receive provisioning error notifications in the **Notification Email** field, and check the checkbox "Send an email notification when a failure occurs."
+7. In the **Notification Email** field, enter the email address of a person or group who should receive the provisioning error notifications and select the **Send an email notification when a failure occurs** check box.
+
+ ![Notification Email](common/provisioning-notification-email.png)
8. Click **Save**. 9. Under the Mappings section, select **Synchronize Azure Active Directory Users to ThousandEyes**.
-10. In the **Attribute Mappings** section, review the user attributes that are synchronized from Azure AD to ThousandEyes. The attributes selected as **Matching** properties are used to match the user accounts in ThousandEyes for update operations. Select the Save button to commit any changes.
+10. Review the user attributes that are synchronized from Azure AD to ThousandEyes in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in Parsable for update operations. If you choose to change the [matching target attribute](https://docs.microsoft.com/azure/active-directory/manage-apps/customize-application-attributes), you will need to ensure that the Parsable API supports filtering users based on that attribute. Select the **Save** button to commit any changes.
+
+ |Attribute|Type|Supported for filtering|
+ |---|---|---|
+ |externalId|String|✓|
+ |userName|String|✓|
+ |active|Boolean|
+ |displayName|String|
+ |emails[type eq "work"].value|String|
+ |name.formatted|String|
++
+11. To configure scoping filters, refer to the following instructions provided in the [Scoping filter tutorial](../manage-apps/define-conditional-rules-for-provisioning-user-accounts.md).
+
+12. To enable the Azure AD provisioning service for ThousandEyes, change the **Provisioning Status** to **On** in the **Settings** section.
+
+ ![Provisioning Status Toggled On](common/provisioning-toggle-on.png)
+
+13. Define the users and/or groups that you would like to provision to ThousandEyes by choosing the desired values in **Scope** in the **Settings** section.
+
+ ![Provisioning Scope](common/provisioning-scope.png)
+
+14. When you are ready to provision, click **Save**.
-11. To enable the Azure AD provisioning service for ThousandEyes, change the **Provisioning Status** to **On** in the **Settings** section
+ ![Saving Provisioning Configuration](common/provisioning-configuration-save.png)
-12. Click **Save**.
+This operation starts the initial synchronization cycle of all users and groups defined in **Scope** in the **Settings** section. The initial cycle takes longer to perform than subsequent cycles, which occur approximately every 40 minutes as long as the Azure AD provisioning service is running.
-This operation starts the initial synchronization of any users and/or groups assigned to ThousandEyes in the Users and Groups section. The initial sync takes longer to perform than subsequent syncs, which occur approximately every 40 minutes as long as the service is running. You can use the **Synchronization Details** section to monitor progress and follow links to provisioning activity logs, which describe all actions performed by the provisioning service.
+## Step 6. Monitor your deployment
+Once you've configured provisioning, use the following resources to monitor your deployment:
-For more information on how to read the Azure AD provisioning logs, see [Reporting on automatic user account provisioning](../app-provisioning/check-status-user-account-provisioning.md).
+1. Use the [provisioning logs](https://docs.microsoft.com/azure/active-directory/reports-monitoring/concept-provisioning-logs) to determine which users have been provisioned successfully or unsuccessfully
+2. Check the [progress bar](https://docs.microsoft.com/azure/active-directory/app-provisioning/application-provisioning-when-will-provisioning-finish-specific-user) to see the status of the provisioning cycle and how close it is to completion
+3. If the provisioning configuration seems to be in an unhealthy state, the application will go into quarantine. Learn more about quarantine states [here](https://docs.microsoft.com/azure/active-directory/manage-apps/application-provisioning-quarantine-status).
## Additional resources
-* [Managing user account provisioning for Enterprise Apps](../app-provisioning/configure-automatic-user-provisioning-portal.md)
+* [Managing user account provisioning for Enterprise Apps](../manage-apps/configure-automatic-user-provisioning-portal.md)
* [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md) ## Next steps
-* [Learn how to review logs and get reports on provisioning activity](../app-provisioning/check-status-user-account-provisioning.md)
+* [Learn how to review logs and get reports on provisioning activity](../manage-apps/check-status-user-account-provisioning.md)
azure-monitor https://docs.microsoft.com/en-us/azure/azure-monitor/learn/quick-monitor-azure-vm https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/learn/quick-monitor-azure-vm.md
@@ -68,7 +68,7 @@ When you create a new Log Analytics workspace, it needs to be configured to coll
### Data collection from Linux VM
-1. Select **Syslog**.
+1. Select **Data**, and then select **Syslog**.
2. Add an event log by typing in the name of the log. Type **Syslog** and then select the plus sign **+**.
azure-sql https://docs.microsoft.com/en-us/azure/azure-sql/database/auto-failover-group-overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/auto-failover-group-overview.md
@@ -11,7 +11,7 @@ ms.topic: conceptual
author: anosov1960 ms.author: sashan ms.reviewer: mathoma, sstein
-ms.date: 11/16/2020
+ms.date: 12/26/2020
--- # Use auto-failover groups to enable transparent and coordinated failover of multiple databases
@@ -224,7 +224,7 @@ If your application uses SQL Managed Instance as the data tier, follow these gen
### Creating the secondary instance
-To ensure non-interrupted connectivity to the primary SQL Managed Instance after failover both the primary and secondary instances must be in the same DNS zone. It will guarantee that the same multi-domain (SAN) certificate can be used to authenticate the client connections to either of the two instances in the failover group. When your application is ready for production deployment, create a secondary SQL Managed Instance in a different region and make sure it shares the DNS zone with the primary SQL Managed Instance. You can do it by specifying the optional `DNS Zone Partner` parameter using the Azure portal, PowerShell, or the REST API.
+To ensure non-interrupted connectivity to the primary SQL Managed Instance after failover both the primary and secondary instances must be in the same DNS zone. It will guarantee that the same multi-domain (SAN) certificate can be used to authenticate the client connections to either of the two instances in the failover group. When your application is ready for production deployment, create a secondary SQL Managed Instance in a different region and make sure it shares the DNS zone with the primary SQL Managed Instance. You can do it by specifying the optional parameter during creation. If you are using PowerShell or the REST API, the name of the optional parameter is `DNS Zone Partner`, and the name of the corresponding optional field in the Azure portal is Primary Managed Instance.
> [!IMPORTANT] > The first managed instance created in the subnet determines DNS zone for all subsequent instances in the same subnet. This means that two instances from the same subnet cannot belong to different DNS zones.
azure-sql https://docs.microsoft.com/en-us/azure/azure-sql/database/features-comparison https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/features-comparison.md
@@ -11,7 +11,7 @@ ms.topic: conceptual
author: jovanpop-msft ms.author: jovanpop ms.reviewer: bonova, sstein, danil
-ms.date: 12/24/2020
+ms.date: 12/25/2020
--- # Features comparison: Azure SQL Database and Azure SQL Managed Instance
@@ -123,6 +123,7 @@ The Azure platform provides a number of PaaS capabilities that are added as an a
| [Azure Resource Health](../../service-health/resource-health-overview.md) | Yes | No | | Backup retention | Yes. 7 days default, max 35 days. | Yes. 7 days default, max 35 days. | | [Data Migration Service (DMS)](/sql/dma/dma-overview) | Yes | Yes |
+| [Elastic jobs](elastic-jobs-overview.md) | Yes - see [Elastic jobs (preview)](elastic-jobs-overview.md) | No ([SQL Agent](../managed-instance/transact-sql-tsql-differences-sql-server.md#sql-server-agent) can be used instead). |
| File system access | No. Use [BULK INSERT](/sql/t-sql/statements/bulk-insert-transact-sql#f-importing-data-from-a-file-in-azure-blob-storage) or [OPENROWSET](/sql/t-sql/functions/openrowset-transact-sql#i-accessing-data-from-a-file-stored-on-azure-blob-storage) to access and load data from Azure Blob Storage as an alternative. | No. Use [BULK INSERT](/sql/t-sql/statements/bulk-insert-transact-sql#f-importing-data-from-a-file-in-azure-blob-storage) or [OPENROWSET](/sql/t-sql/functions/openrowset-transact-sql#i-accessing-data-from-a-file-stored-on-azure-blob-storage) to access and load data from Azure Blob Storage as an alternative. | | [Geo-restore](recovery-using-backups.md#geo-restore) | Yes | Yes | | [Hyperscale architecture](service-tier-hyperscale.md) | Yes | No |
@@ -142,8 +143,7 @@ The Azure platform provides a number of PaaS capabilities that are added as an a
| [Query Performance Insights (QPI)](query-performance-insight-use.md) | Yes | No. Use built-in reports in SQL Server Management Studio and Azure Data Studio. | | [VNet](../../virtual-network/virtual-networks-overview.md) | Partial, it enables restricted access using [VNet Endpoints](vnet-service-endpoint-rule-overview.md) | Yes, SQL Managed Instance is injected in customer's VNet. See [subnet](../managed-instance/transact-sql-tsql-differences-sql-server.md#subnet) and [VNet](../managed-instance/transact-sql-tsql-differences-sql-server.md#vnet) | | VNet Service endpoint | [Yes](vnet-service-endpoint-rule-overview.md) | No |
-| VNet Global peering | Yes, using [Private IP and service endpoints](vnet-service-endpoint-rule-overview.md) | No, [SQL Managed Instance is not supported](../../virtual-network/virtual-networks-faq.md#what-are-the-constraints-related-to-global-vnet-peering-and-load-balancers) due to [load balancer constraint in VNet global peering](../../virtual-network/virtual-network-manage-peering.md#requirements-and-constraints). |
-| [Elastic jobs](elastic-jobs-overview.md) | Yes - see [Elastic jobs (preview)](elastic-jobs-overview.md) | No ([SQL Agent](../managed-instance/transact-sql-tsql-differences-sql-server.md#sql-server-agent) can be used instead). |
+| VNet Global peering | Yes, using [Private IP and service endpoints](vnet-service-endpoint-rule-overview.md) | Yes, using [Virtual network peering](https://techcommunity.microsoft.com/t5/azure-sql/new-feature-global-vnet-peering-support-for-azure-sql-managed/ba-p/1746913). |
## Tools
azure-sql https://docs.microsoft.com/en-us/azure/azure-sql/database/recovery-using-backups https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/recovery-using-backups.md
@@ -89,7 +89,7 @@ To recover a managed instance database to a point in time by using the Azure por
![Screenshot of database restore options for SQL managed instance.](./media/recovery-using-backups/pitr-backup-managed-instance-annotated.png) > [!TIP]
-> To programmatically restore a database from a backup, see [Programmatically performing recovery using automated backups](recovery-using-backups.md).
+> To programmatically restore a database from a backup, see [Programmatic recovery using automated backups](recovery-using-backups.md).
## Deleted database restore
cognitive-services https://docs.microsoft.com/en-us/azure/cognitive-services/personalizer/how-to-manage-model https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/personalizer/how-to-manage-model.md
@@ -50,4 +50,4 @@ The [learning policy](concept-active-learning.md#understand-learning-policy-sett
## Next steps
-[Learn how to manage a learning policy](how-to-manage-model.md)
+[Analyze your learning loop with an offline evaluation](how-to-offline-evaluation.md)
security-center https://docs.microsoft.com/en-us/azure/security-center/security-center-services https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/security-center/security-center-services.md
@@ -11,7 +11,7 @@ ms.devlang: na
ms.topic: overview ms.tgt_pltfrm: na ms.workload: na
-ms.date: 12/22/2020
+ms.date: 12/24/2020
ms.author: memildin ---
@@ -103,6 +103,12 @@ For information about when recommendations are generated for each of these prote
## Feature support in government clouds
+We strive for feature parity between our government clouds and our commercial cloud. When there are gaps, it's usually for one of these reasons:
+
+- **Preview feature** - Features typically donΓÇÖt reach parity before they're offered in general availability.
+- **Irrelevant to gov cloud** - Some features, such as adaptive network hardening, aren't relevant to a gov cloud.
++ | Service / Feature | US Gov | China Gov | |------|:----:|:----:| |[Just-in-time VM access](security-center-just-in-time.md) (1)|Γ£ö|Γ£ö|
virtual-desktop https://docs.microsoft.com/en-us/azure/virtual-desktop/fslogix-containers-azure-files https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/virtual-desktop/fslogix-containers-azure-files.md
@@ -82,7 +82,7 @@ To ensure your Windows Virtual Desktop environment follows best practices:
- Azure Files storage account must be in the same region as the session host VMs. - Azure Files permissions should match permissions described in [Requirements - Profile Containers](/fslogix/fslogix-storage-config-ht).-- Each host pool must be built of the same type and size VM based on the same master image.
+- Each host pool VM must be built of the same type and size VM based on the same master image.
- Each host pool VM must be in the same resource group to aid management, scaling and updating. - For optimal performance, the storage solution and the FSLogix profile container should be in the same data center location. - The storage account containing the master image must be in the same region and subscription where the VMs are being provisioned.