diff --git a/articles/active-directory/active-directory-accessmanagement-group-saasapps.md b/articles/active-directory/active-directory-accessmanagement-group-saasapps.md
index a901332b4cc20..a1abbebdcab88 100644
--- a/articles/active-directory/active-directory-accessmanagement-group-saasapps.md
+++ b/articles/active-directory/active-directory-accessmanagement-group-saasapps.md
@@ -13,13 +13,18 @@ ms.workload: identity
ms.tgt_pltfrm: na
ms.devlang: na
ms.topic: article
-ms.date: 05/08/2017
+ms.date: 08/04/2017
ms.author: curtand
+ms.reviewer: piotrci
+ms.custom: it-pro;oldportal
---
# Using a group to manage access to SaaS applications
Using Azure Active Directory (Azure AD) with an Azure AD Premium or Azure AD Basic license, you can use groups to assign access to a SaaS application that's integrated with Azure AD. For example, if you want to assign access for the marketing department to use five different SaaS applications, you can create a group that contains the users in the marketing department, and then assign that group to these five SaaS applications that are needed by the marketing department. This way you can save time by managing the membership of the marketing department in one place. Users then are assigned to the application when they are added as members of the marketing group, and have their assignments removed from the application when they are removed from the marketing group.
+> [!IMPORTANT]
+> Microsoft recommends that you manage Azure AD using the [Azure AD admin center](https://aad.portal.azure.com) in the Azure portal instead of using the Azure classic portal referenced in this article.
+
This capability can be used with hundreds of applications that you can add from within the Azure AD Application Gallery.
**To assign access for a group to a SaaS application**
diff --git a/articles/active-directory/active-directory-application-proxy-claims-aware-apps.md b/articles/active-directory/active-directory-application-proxy-claims-aware-apps.md
index 9ed27a543895b..f8fb2a107735e 100644
--- a/articles/active-directory/active-directory-application-proxy-claims-aware-apps.md
+++ b/articles/active-directory/active-directory-application-proxy-claims-aware-apps.md
@@ -13,36 +13,44 @@ ms.workload: identity
ms.tgt_pltfrm: na
ms.devlang: na
ms.topic: article
-ms.date: 05/03/2017
+ms.date: 08/04/2017
ms.author: kgremban
---
-# Working with claims aware apps in Application Proxy
-Claims aware apps perform a redirection to the Security Token Service (STS), which in turn requests credentials from the user in exchange for a token before redirecting the user to the application. To enable Application Proxy to work with these redirects, the following steps need to be taken.
+# Working with claims-aware apps in Application Proxy
+[Claims-aware apps](https://msdn.microsoft.com/library/windows/desktop/bb736227.aspx) perform a redirection to the Security Token Service (STS). The STS requests credentials from the user in exchange for a token and then redirects the user to the application. There are a few ways to enable Application Proxy to work with these redirects. Use this article to configure your deployment for claims-aware apps.
## Prerequisites
-Before performing this procedure, make sure that the STS the claims aware app redirects to is available outside of your on-premises network.
+Make sure that the STS that the claims-aware app redirects to is available outside of your on-premises network. You can make the STS available by exposing it through a proxy or by allowing outside connections.
-## Azure classic portal configuration
-1. Publish your application according to the instructions described in [Publish applications with Application Proxy](active-directory-application-proxy-publish.md).
-2. In the list of applications, select the claims aware app and click **Configure**.
-3. If you chose **Passthrough** as your **Preauthentication Method**, make sure to select **HTTPS** as your **External URL** scheme.
-4. If you chose **Azure Active Directory** as your **Preauthentication Method**, select **None** as your **Internal Authentication Method**.
+## Publish your application
+
+1. Publish your application according to the instructions described in [Publish applications with Application Proxy](application-proxy-publish-azure-portal.md).
+2. Navigate to the application page in the portal and select **Single sign-on**.
+3. If you chose **Azure Active Directory** as your **Preauthentication Method**, select **Azure AD single sign-on disabled** as your **Internal Authentication Method**. If you chose **Passthrough** as your **Preauthentication Method**, you don't need to change anything.
+
+## Configure ADFS
+
+You can configure ADFS for claims-aware apps in one of two ways. The first is by using custom domains. The second is with WS-Federation.
+
+### Option 1: Custom domains
+
+If all the internal URLs for your applications are fully qualified domain names (FQDNs), then you can configure [custom domains](active-directory-application-proxy-custom-domains.md) for your applications. Use the custom domains to create external URLs that are the same as the internal URLs. With this configuration, the redirects that the STS creates work the same whether your users are on-premises or remote.
+
+### Option 2: WS-Federation
-## ADFS configuration
1. Open ADFS Management.
2. Go to **Relying Party Trusts**, right-click on the app you are publishing with Application Proxy, and choose **Properties**.
3. On the **Endpoints** tab, under **Endpoint type**, select **WS-Federation**.
-4. Under **Trusted URL** enter the URL you entered in the Application Proxy under **External URL** and click **OK**.
+4. Under **Trusted URL**, enter the URL you entered in the Application Proxy under **External URL** and click **OK**.
## Next steps
-* [Enable single-sign on](active-directory-application-proxy-sso-using-kcd.md)
-* [Troubleshoot issues you're having with Application Proxy](active-directory-application-proxy-troubleshoot.md)
+* [Enable single-sign on](application-proxy-sso-overview.md) for applications that aren't claims-aware
* [Enable native client apps to interact with proxy applications](active-directory-application-proxy-native-client.md)
diff --git a/articles/active-directory/active-directory-application-proxy-connectors-azure-portal.md b/articles/active-directory/active-directory-application-proxy-connectors-azure-portal.md
index 0ef76243f37c2..3d184badfa648 100644
--- a/articles/active-directory/active-directory-application-proxy-connectors-azure-portal.md
+++ b/articles/active-directory/active-directory-application-proxy-connectors-azure-portal.md
@@ -12,10 +12,10 @@ ms.workload: identity
ms.tgt_pltfrm: na
ms.devlang: na
ms.topic: article
-ms.date: 05/04/2017
+ms.date: 08/04/2017
ms.author: kgremban
-
-ms.custom: H1Hack27Feb2017
+ms.reviewer: harshja
+ms.custom: H1Hack27Feb2017; it-pro
---
# Publish applications on separate networks and locations using connector groups
@@ -24,50 +24,50 @@ ms.custom: H1Hack27Feb2017
> * [Azure classic portal](active-directory-application-proxy-connectors.md)
>
-## Azure AD Application Proxy and connector groups
+Customers utilize Azure AD's Application Proxy for more and more scenarios and applications. So we've made App Proxy even more flexible by enabling more topologies. You can create Application Proxy connector groups so that you can assign specific connectors to serve specific applications. This capability gives you more control and ways to optimize your Application Proxy deployment.
-Customers utilize Azure AD's Application Proxy for more and more scenarios and applications. So we've made App Proxy even more flexible by enabling more topologies. You can create Application Proxy connector groups – a new capability to assign specific connectors to serve specific applications. This capability generates many use cases for Application Proxy that were not possible before.
+Each Application Proxy connector is assigned to a connector group. All the connectors that belong to the same connector group act as a separate unit for high-availability and load balancing. All connectors belong to a connector group. If you don't create groups, then all your connectors are in a default group. Your admin can create new groups and assign connectors to them in the Azure portal.
-The basic concept is that each Application Proxy connector is assigned to a connector group. All the connectors that belong to the same connector group act as a separate group for high-availability and load balancing. By default, all connectors belong to a default group. The admin can create new groups and change these assignments in the Azure portal.
+All applications are assigned to a connector group. If you don't create groups, then all your applications are assigned to a default group. But if you organize your connectors into groups, you can set each application to work with a specific connector group. In this case, only the connectors in that group serve the application upon request. This feature is useful if your applications are hosted in different locations. You can create connector groups based on location, so that applications are always served by connectors that are physically close to them.
-By default, all applications are assigned to a default connector group. If your admin doesn’t change anything, the system continues to behave like it did before. If you change nothing, all the applications assigned to the default connector group include all the connectors. But if you organize your connectors into groups, you can set each application to work with a specific connector group. In this case, only the connectors in that group will serve the application upon request.
+>[!TIP]
+>If you have a large Application Proxy deployment, don't assign any applications to the default connector group. That way, new connectors don't receive any live traffic until you assign them to an active connector group. This configuration also enables you to put connectors in an idle mode by moving them back to the default group, so that you can perform maintenance without impacting your users.
+## Prerequisites
+To group your connectors, you have to make sure you [installed multiple connectors](active-directory-application-proxy-enable.md). When you install a new connector, it automatically joins the **Default** connector group.
->[!NOTE]
->Because new connectors are automatically assigned to a default connector group, for large deployments we recommend that you do not have applications assigned to the default group. Therefore once installed, new connectors will not receive any live traffic. Only after you assign the connector to one of the active groups, it can start serving live traffic. This also enables you to put connectors in an idle mode in order to enable maintenance.
->
+## Create connector groups
+Use these steps to create as many connector groups as you want.
-## Prerequisite: Create your connector groups
-To group your connectors, you have to make sure you [installed multiple connectors](active-directory-application-proxy-enable.md). When you install a new connector, it automatically joins the **Default** connector group.
+1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Select **Azure Active Directory** > **Enterprise applications** > **Application proxy**.
+2. Select **New connector group**. The New Connector Group blade appears.
-## Step 1: Create connector groups
-You can create as many connector groups as you want. Connector group creation is accomplished in the [Azure portal](https://portal.azure.com).
+ 
-1. Select **Azure Active Directory** to go to the management dashboard for your directory. From there, select **Enterprise applications** > **Application proxy**.
-2. Select the **Connector Groups** button. The New Connector Group blade appears.
3. Give your new connector group a name, then use the dropdown menu to select which connectors belong in this group.
-4. Select **Save** when your connector Group is complete.
+4. Select **Save**.
-## Step 2: Assign applications to your connector groups
-The last step is to set each application to the connector group that will serve it.
+## Assign applications to your connector groups
+Use these steps for each application that you've published with Application Proxy. You can assign an application to a connector group when you first publish it, or you can use these steps to change the assignment whenever you want.
1. From the management dashboard for your directory, select **Enterprise applications** > **All applications** > the application you want to assign to a connector group > **Application Proxy**.
-2. Under **Connector group**, use the dropdown menu to select the group you want the application to use.
+2. Use the **Connector Group** dropdown menu to select the group you want the application to use.
3. Select **Save** to apply the change.
## Use cases for connector groups
Connector groups are useful for various scenarios, including:
-###Sites with multiple interconnected datacenters
+### Sites with multiple interconnected datacenters
Many organizations have a number of interconnected datacenters. In this case, you want to keep as much traffic within the datacenter as possible because cross-datacenter links are expensive and slow. You can deploy connectors in each datacenter to serve only the applications that reside within the datacenter. This approach minimizes cross-datacenter links and provides an entirely transparent experience to your users.
### Applications installed on isolated networks
-Applications can be hosted in networks that are not part of the main corporate network. You can use connector groups to install dedicated connectors on isolated networks to also isolate applications to the network. This usually happens when a third party vendor maintains a specific application for your organization.
+Applications can be hosted in networks that are not part of the main corporate network. You can use connector groups to install dedicated connectors on isolated networks to also isolate applications to the network. This usually happens when a third-party vendor maintains a specific application for your organization.
-Connector groups allow you to install dedicated connectors for those networks that publish only specific applications, making it easier and more secure to outsource application management to third party vendors.
+Connector groups allow you to install dedicated connectors for those networks that publish only specific applications, making it easier and more secure to outsource application management to third-party vendors.
### Applications installed on IaaS
@@ -83,16 +83,16 @@ This can become an issue as many organizations use multiple cloud vendors, as th
### Multi-forest – different connector groups for each forest
-Most customers who have deployed Application Proxy are using its single-sign-on (SSO) capabilities by performing Kerberos Constrained Delegation (KCD). To acheive this, the connector’s machines need to be joined to a domain that can delegate the users toward the application. KCD supports cross-forest capabilities. But for companies who have distinct multi-forest environments with no trust between them, a single connector cannot be used for all forests.
+Most customers who have deployed Application Proxy are using its single-sign-on (SSO) capabilities by performing Kerberos Constrained Delegation (KCD). To achieve this, the connector’s machines need to be joined to a domain that can delegate the users toward the application. KCD supports cross-forest capabilities. But for companies who have distinct multi-forest environments with no trust between them, a single connector cannot be used for all forests.
-In this case, specific connectors can be deployed per forest, and set to serve applications that were published to serve only the users of that specific forest. Each connector group represents a different forest. While the tenant and most of the experience will be unified for all forests, users can be assigned to their forest applications using Azure AD groups.
+In this case, specific connectors can be deployed per forest, and set to serve applications that were published to serve only the users of that specific forest. Each connector group represents a different forest. While the tenant and most of the experience is unified for all forests, users can be assigned to their forest applications using Azure AD groups.
### Disaster Recovery sites
There are two different approaches you can take with a disaster recovery (DR) site, depending on how your sites are implemented:
* If your DR site is built in active-active mode where it is exactly like the main site and has the same networking and AD settings, you can create the connectors on the DR site in the same connector group as the main site. This enables Azure AD to detect failovers for you.
-* If your DR site is separate from the main site, you can create a different connector group in the DR site, and have either 1) additional applications or 2) manually divert the existing application to the DR connector group as needed.
+* If your DR site is separate from the main site, you can create a different connector group in the DR site, and either 1) have backup applications or 2) manually divert the existing application to the DR connector group as needed.
### Serve multiple companies from a single tenant
@@ -100,7 +100,7 @@ There are many different ways to implement a model in which a single service pro
## Sample configurations
-Some examples that you can implement, include the followiong connector groups.
+Some examples that you can implement, include the following connector groups.
### Default configuration – no use for connector groups
@@ -125,8 +125,8 @@ In the example below, the company has two datacenters, A and B, with two connect
## Next steps
-* [Enable Application Proxy](active-directory-application-proxy-enable.md)
-* [Enable single-sign on](active-directory-application-proxy-sso-using-kcd.md)
-* [Enable conditional access](active-directory-application-proxy-conditional-access.md)
-* [Troubleshoot issues you're having with Application Proxy](active-directory-application-proxy-troubleshoot.md)
+
+* [Understand Azure AD Application Proxy connectors](application-proxy-understand-connectors.md)
+* [Enable single-sign on](application-proxy-sso-overview.md)
+
diff --git a/articles/active-directory/active-directory-branding-custom-signon-azure-portal.md b/articles/active-directory/active-directory-branding-custom-signon-azure-portal.md
index 368dcfdeb131b..91350c88aaba9 100644
--- a/articles/active-directory/active-directory-branding-custom-signon-azure-portal.md
+++ b/articles/active-directory/active-directory-branding-custom-signon-azure-portal.md
@@ -13,57 +13,75 @@ ms.workload: identity
ms.tgt_pltfrm: na
ms.devlang: na
ms.topic: article
-ms.date: 05/04/2017
+ms.date: 08/04/2017
ms.author: curtand
---
# Add company branding to your sign-in page in the Azure Active Directory
To avoid confusion, many companies want to apply a consistent look and feel across all the websites and services they manage. Azure Active Directory provides this capability by allowing you to customize the appearance of the sign-in page with your company logo and custom color schemes. The sign-in page is the page that appears when you sign in to Office 365 or other web-based applications that are using Azure AD as your identity provider. You interact with this page to enter your credentials.
-If you want to show your company brand, colors and other customizable elements on this page, see the following images to understand the difference between the two experiences.
-
-The following screenshot shows and example for the Office 365 sign-in page on a desktop computer **before** a customization:
-
-
-
-The following screenshot shows and example for the Office 365 sign-in page on a desktop computer **after** a customization:
-
-
+> [!NOTE]
+> * Company branding is available only if you upgraded to the Premium or Basic edition of Azure AD, or have an Office 365 license. For more information, see [Azure Active Directory editions](active-directory-editions.md).
+>
+> * Azure Active Directory Premium and Basic editions are available for customers in China using the worldwide instance of Azure Active Directory. Azure Active Directory Premium and Basic editions are not currently supported in the Microsoft Azure service operated by 21Vianet in China. For more information, contact us at the [Azure Active Directory Forum](https://feedback.azure.com/forums/169401-azure-active-directory/).
## Customizing the sign-in page
-Typically, if you need browser-based access to your cloud apps and services that your organization subscribes to, you use the sign-in page.
-If you have applied changes to your sign-in page, it can take up to an hour for the changes to appear.
+
-A branded sign-in page only appears when you visit a service with a tenant-specific URL such as https://outlook.com/**contoso**.com, or https://mail.**contoso**.com.
+Company branding customizations appear on the Azure AD sign-in page when users access a tenant-specific URL such as
+[*https://outlook.com/contoso.com*](https://outlook.com/contoso.com).
-When you visit a service with non-tenant specific URLs (e.g.: https://mail.office365.com), a non-branded sign-in page appears. in this case, your branding appears once you have entered your user ID or you have selected a user tile.
+When users visit a generic URL such as www.office.com, the sign-in page
+does not contain company branding customizations because the system
+doesn’t know who the user is. Company branding will show after users
+enter their user ID or select a user tile.
> [!NOTE]
+> * A new sign-in page design is currently being rolled out. This article describes how to customize the new design. If you are looking for help with the old design, see [Add company branding to sign-in and Access Panel pages](active-directory-add-company-branding.md).
> * Your domain name must appear as “Active" in the **Domains** portion of the Azure portal in which you have configured branding. For more information, see [Add custom domain names](active-directory-domains-add-azure-portal.md).
-> * Sign-in page branding doesn’t carry over to the consumer sign in page of Microsoft. If you sign in with a Microsoft account, you may see a branded list of user tiles rendered by Azure AD, but the branding of your organization does not apply to the Microsoft account sign-in page.
->
->
-
-On your sign-in page, the **Keep me signed in** checkbox allows a user to remain signed in when they close and re-open their browser.
-
- 
-
-It does not effect session lifetime. You can hide the checkbox on the Azure Active Directory sign-in page.
-Whether the checkbox is displayed depends on the setting of **Keep me signed in disabled**.
-
- 
-
-To hide the checkbox, configure this setting to **Yes**.
+> * Sign-in page branding doesn’t carry over to the sign-in page for personal Microsoft accounts. If your employees or business guests sign in with a personal Microsoft account, their sign-in page does not reflect the branding of your organization.
+
+## Customizable elements
+The constraints for each element also appear on the **Users and groups - Company branding** blade.
+
+### Banner logo
+
+Description | Constraints | Recommendations
+------- | ------- | ----------
+The banner logo is displayed on the sign-in and the Access panel pages.
On the sign-in page, this shows once the user’s organization is determined, usually after the username is entered. | Transparent JPG or PNG
Max height: 36 px
Max width: 245 px | Use your organization’s logo here.
Use a transparent image. Don’t assume that the background will be white.
Do not add padding around your logo in the image. If you do this, your logo will look disproportionately small.
+
+### Username hint
+Description | Constraints | Recommendations
+------- | ------- | ----------
+This customizes the hint text in the username field. | Unicode text up to 64 characters
Plain text only | We recommend that you do not set this if you expect guest users outside your organization to sign in to your app.
+
+### Sign-in page text
+Description | Constraints | Recommendations
+------- | ------- | ----------
+This appears at the bottom of the sign-in form and can be used to communicate additional information such as the phone number to your help desk, or a legal statement. | Unicode text up to 256 characters
Plain text only (no links or HTML tags)
+
+### Sign-in page image
+Description | Constraints | Recommendations
+------- | ------- | ----------
+This appears in the background of the sign-in page, is anchored to the center of the viewable space, and will scale and crop to fill the browser window.
On narrow screens such as mobile phones, this image is not shown.
A black mask with 0.55 opacity will be applied over this image by our code when the page is loaded. | JPG or PNG
Image dimensions: 1920x1080 px
File size: > 300 KB |
Use images where there isn't a strong subject focus. The opaque sign-in form appears over the center of this image and can cover any part of the image depending on the size of the browser window.
Keep the file size as small as possible to ensure quick load times.
+
+### Background Color
+Description | Constraints | Recommendations
+------- | ------- | ----------
+This color is used in place of the background image on low-bandwidth connections. | RGB color in hexadecimal (example: #FFFFFF | We suggest using the primary color of the banner logo or your organization color.
+
+### Show option to remain signed in
+Description | Constraints | Recommendations
+------- | ------- | ----------
+Azure AD sign in gives the user the option to remain signed in when they close and re-open their browser. Use this to hide that option.
Set this to “No” to hide this option from your users. | | This does not affect session lifetime.
Some features of SharePoint Online and Office 2010 depend on users being able to choose to remain signed in. If you set this to be hidden, your users may see additional and unexpected prompts to sign-in.
> [!NOTE]
-> Some features of SharePoint Online and Office 2010 depend on users being able to check this box. If you configure this setting to hidden, your users may see additional and unexpected prompts to sign-in.
->
->
+> All elements are optional. For example, if you specify a banner logo with no background image, the sign-in page will show your logo and the background image for the destination site (for example, Office 365).
-**To add company branding to your directory:**
+## To add company branding to your directory
-1. Sign in to the [Azure portal](https://portal.azure.com) with an account that's a global admin for the directory.
+1. Sign in to [the Azure portal](https://portal.azure.com) with an account that's a global admin for the directory.
2. Select **More services**, enter **Users and groups** in the text box, and then select **Enter**.
diff --git a/articles/active-directory/active-directory-branding-localize-azure-portal.md b/articles/active-directory/active-directory-branding-localize-azure-portal.md
index eca6dfd89c9cb..5caf3baa98d19 100644
--- a/articles/active-directory/active-directory-branding-localize-azure-portal.md
+++ b/articles/active-directory/active-directory-branding-localize-azure-portal.md
@@ -13,25 +13,27 @@ ms.workload: identity
ms.tgt_pltfrm: na
ms.devlang: na
ms.topic: article
-ms.date: 05/04/2017
+ms.date: 08/04/2017
ms.author: curtand
---
# Add language-specific company branding to your sign-in page in the Azure Active Directory
-To avoid confusion, many companies want to apply a consistent look and feel across all the websites and services they manage. Azure Active Directory provides this capability by allowing you to customize the appearance of the sign-in page with your company logo and custom color schemes. The sign-in page is the page that appears when you sign in to Office 365 or other web-based applications that are using Azure AD as your identity provider. You interact with this page to enter your credentials.
-## Customizing the sign-in page for another language
-You can add language-specific elements to your custom sign-in page only if you have already created a custom sign-in page as described in [Add company branding to your sign-in page](active-directory-branding-custom-signon-azure-portal.md). You can configure one sign-in page per directory with a default set of customizable elements. After you’ve configured the default set of page elements, you can configure more versions for different locales. You can also mix and match various elements. For example, you could:
+You can add language-specific elements to your custom sign-in page only if you have already created a custom sign-in page as described in [Add company branding to your sign-in page](active-directory-branding-custom-signon-azure-portal.md). You can configure one sign-in page per directory with a default set of customizable elements. After you’ve configured the default set of page elements, you can configure more versions for different locales.
-* Create a default **Sign-in page image** that works for all cultures, then create specific versions for English and French. When you set your browsers to one of these two languages, the language-specific image appears, while the default illustration appears for all other languages.
-* Configure different logos for your organization (for example, Japanese or Hebrew versions).
+## Example of this branding
-We recommend that you keep the number of language variations low, for maintenance and performance reasons.
+You can also mix and match various elements across the default and locale-specific branding set. Imagine the following configuration:
-**To add company branding to your directory:**
+* A default background image and banner logo
+* A language-specific banner logo for German
-1. Sign in to the [Azure portal](https://portal.azure.com) with an account that's a global admin for the directory.
-2. Select **More services**, enter **Users and groups** in the text box, and then select **Enter**.
+When the sign-in page is loaded in German, the default background image shows with the German logo.
+
+## To add language-specific company branding to your directory
+
+1. Sign in to the [Azure AD admin center](https://aad.portal.azure.com) with an account that's a global admin for the directory.
+2. Select **Users and groups** in the text box, and then select **Enter**.
3. On the **Users and groups** blade, select **Company branding**.
diff --git a/articles/active-directory/active-directory-reporting-api-prerequisites-azure-portal.md b/articles/active-directory/active-directory-reporting-api-prerequisites-azure-portal.md
index 477e839c8c344..dc990f007f8b9 100644
--- a/articles/active-directory/active-directory-reporting-api-prerequisites-azure-portal.md
+++ b/articles/active-directory/active-directory-reporting-api-prerequisites-azure-portal.md
@@ -70,7 +70,7 @@ To configure your directory to access the Azure AD reporting API, you must sign
a. In the **Name** textbox, type `Reporting API application`.
- b. As **Application type**, select `Web app / API`.
+ b. As **Application type**, select **Web app / API**.
c. In the **Sign-on URL** textbox, type `https://localhost`.
diff --git a/articles/active-directory/application-proxy-working-with-proxy-servers.md b/articles/active-directory/application-proxy-working-with-proxy-servers.md
index d2cce21a3a89c..2ffcb1e0bebf2 100644
--- a/articles/active-directory/application-proxy-working-with-proxy-servers.md
+++ b/articles/active-directory/application-proxy-working-with-proxy-servers.md
@@ -12,7 +12,7 @@ ms.workload: identity
ms.tgt_pltfrm: na
ms.devlang: na
ms.topic: article
-ms.date: 05/22/2017
+ms.date: 08/04/2017
ms.author: kgremban
---
@@ -71,7 +71,7 @@ Be sure to make copies of the original files, in case you need to revert to the
Some environments require all outbound traffic to go through an outbound proxy, without exception. As a result, bypassing the proxy is not an option.
-You can configure the connector traffic to go through the outbound proxy, as shown in the following diagram.
+You can configure the connector traffic to go through the outbound proxy, as shown in the following diagram:
@@ -121,14 +121,10 @@ For initial registration, allow access to the following endpoints:
* login.windows.net
* login.microsoftonline.com
-The underlying Service Bus control channels that the connector service uses also require connectivity to specific IP addresses. Until Service Bus moves to an FQDN instead, there are two options:
+If you can't allow connectivity by FQDN and need to specify IP ranges instead, use these options:
* Allow the connector outbound access to all destinations.
-* Allow the connector outbound access to [Azure datacenter IP ranges](https://www.microsoft.com/en-gb/download/details.aspx?id=41653).
-
->[!NOTE]
->The challenge with using the list of Azure datacenter IP ranges is that it's updated weekly. You will need to put a process in place to ensure that your access rules are updated accordingly.
->
+* Allow the connector outbound access to [Azure datacenter IP ranges](https://www.microsoft.com/en-gb/download/details.aspx?id=41653). The challenge with using the list of Azure datacenter IP ranges is that it's updated weekly. You need to put a process in place to ensure that your access rules are updated accordingly.
#### Proxy authentication
@@ -136,18 +132,15 @@ Proxy authentication is not currently supported. Our current recommendation is t
#### Proxy ports
-The connector makes outbound SSL-based connections by using the CONNECT method. This method essentially sets up a tunnel through the outbound proxy. Some proxy servers, by default, allow outbound tunneling to only standard SSL ports such as 443. If this is the case, the proxy server must be configured to allow tunneling to additional ports.
-
-Configure the proxy server to allow tunneling to nonstandard SSL ports 8080, 9090, 9091, and 10100-10120.
+The connector makes outbound SSL-based connections by using the CONNECT method. This method essentially sets up a tunnel through the outbound proxy. Configure the proxy server to allow tunneling to ports 443 and 80.
>[!NOTE]
>When Service Bus runs over HTTPS, it uses port 443. However, by default, Service Bus attempts direct TCP connections and falls back to HTTPS only if direct connectivity fails.
->
To ensure that the Service Bus traffic is also sent through the outbound proxy server, ensure that the connector cannot directly connect to the Azure services for ports 9350, 9352, and 5671.
#### SSL inspection
-Do not use SSL inspection for the connector traffic, because it will cause problems for the connector traffic.
+Do not use SSL inspection for the connector traffic, because it causes problems for the connector traffic.
## Troubleshoot connector proxy problems and service connectivity issues
Now you should see all traffic flowing through the proxy. If you have problems, the following troubleshooting information should help.
@@ -188,13 +181,13 @@ One filter is as follows (where 8080 is the proxy service port):
**(http.Request or http.Response) and tcp.port==8080**
-If you enter this filter in the **Display Filter** window and select **Apply**, it will filter the captured traffic based on the filter.
+If you enter this filter in the **Display Filter** window and select **Apply**, it filters the captured traffic based on the filter.
-The preceding filter will show just the HTTP requests and responses to/from the proxy port. For a connector startup where the connector is configured to use a proxy server, the filter would show something like this:
+The preceding filter shows just the HTTP requests and responses to/from the proxy port. For a connector startup where the connector is configured to use a proxy server, the filter would show something like this:
-You're now specifically looking for the CONNECT requests that show communication with the proxy server. Upon success, you'll get an HTTP OK (200) response.
+You're now specifically looking for the CONNECT requests that show communication with the proxy server. Upon success, you get an HTTP OK (200) response.
If you see other response codes, such as 407 or 502, the proxy is requiring authentication or not allowing the traffic for some other reason. At this point, you engage your proxy server support team.
@@ -220,7 +213,7 @@ If you see something like the preceding response, the connector is trying to com
Network trace analysis is not for everyone. But it can be a valuable tool to get quick information about what's going on with your network.
-If you continue to struggle with connector connectivity issues, please create a ticket with our support team. The team can assist you with further troubleshooting.
+If you continue to struggle with connector connectivity issues, create a ticket with our support team. The team can assist you with further troubleshooting.
For information about resolving errors with Application Proxy Connector, see [Troubleshoot Application Proxy](https://azure.microsoft.com/documentation/articles/active-directory-application-proxy-troubleshoot).
diff --git a/articles/active-directory/connect/active-directory-aadconnect-pass-through-authentication-quick-start.md b/articles/active-directory/connect/active-directory-aadconnect-pass-through-authentication-quick-start.md
index 19136167b8177..f0c41612b8412 100644
--- a/articles/active-directory/connect/active-directory-aadconnect-pass-through-authentication-quick-start.md
+++ b/articles/active-directory/connect/active-directory-aadconnect-pass-through-authentication-quick-start.md
@@ -12,7 +12,7 @@ ms.workload: identity
ms.tgt_pltfrm: na
ms.devlang: na
ms.topic: article
-ms.date: 08/03/2017
+ms.date: 08/04/2017
ms.author: billmath
---
@@ -31,7 +31,7 @@ You need to follow these instructions to deploy Pass-through Authentication:
Ensure that the following prerequisites are in place:
-### On the Azure portal
+### On the Azure Active Directory admin center
1. Create a cloud-only Global Administrator account on your Azure AD tenant. This way, you can manage the configuration of your tenant should your on-premises services fail or become unavailable. Learn about [adding a cloud-only Global Administrator account](../active-directory-users-create-azure-portal.md). Doing this step is critical to ensure that you don't get locked out of your tenant.
2. Add one or more [custom domain name(s)](../active-directory-add-domain.md) to your Azure AD tenant. Your users sign in using one of these domain names.
@@ -53,7 +53,6 @@ Ensure that the following prerequisites are in place:
- If your firewall or proxy allows DNS whitelisting, whitelist connections to **\*.msappproxy.net** and **\*.servicebus.windows.net**. If not, allow access to [Azure DataCenter IP ranges](https://www.microsoft.com/download/details.aspx?id=41653), which are updated weekly.
- Your Authentication Agents need access to **login.windows.net** and **login.microsoftonline.com** for initial registration, so open your firewall for those URLs as well.
- For certificate validation, unblock the following URLs: **mscrl.microsoft.com:80**, **crl.microsoft.com:80**, **ocsp.msocsp.com:80** and **www.microsoft.com:80**. These URLs are used for certificate validation with other Microsoft products, so you may already have these URLs unblocked.
-
## Step 2: Enable Exchange ActiveSync support (optional)
@@ -95,15 +94,15 @@ If you have already installed Azure AD Connect (using the [express installation]
Follow these instructions to verify that you have enabled Pass-through Authentication correctly:
-1. Sign in to the [Azure portal](https://portal.azure.com) with the Global Administrator credentials for your tenant.
+1. Sign in to the [Azure Active Directory admin center](https://aad.portal.azure.com) with the Global Administrator credentials for your tenant.
2. Select **Azure Active Directory** on the left-hand navigation.
3. Select **Azure AD Connect**.
4. Verify that the **Pass-through Authentication** feature shows as **Enabled**.
5. Select **Pass-through Authentication**. This blade lists the servers where your Authentication Agents are installed.
-
+
-
+
At this stage, users from all managed domains in your tenant can sign in using Pass-through Authentication. However, users from federated domains continue to sign in using Active Directory Federation Services (AD FS) or another federation provider that you have previously configured. If you convert a domain from federated to managed, all users from that domain automatically start signing in using Pass-through Authentication. Cloud-only users are not impacted by the Pass-through Authentication feature.
@@ -111,15 +110,15 @@ At this stage, users from all managed domains in your tenant can sign in using P
If you plan to deploy Pass-through Authentication in a production environment, you should install a standalone Authentication Agent. Install this second Authentication Agent on a server _other_ than the one running Azure AD Connect and the first Authentication Agent. This setup provides you high availability of sign-in requests. Follow these instructions to deploy a standalone Authentication Agent:
-1. **Download the latest version of the Authentication Agent (versions 1.5.193.0 or later)**: Sign in to the [Azure portal](https://portal.azure.com) with your tenant's Global Administrator credentials.
+1. **Download the latest version of the Authentication Agent (versions 1.5.193.0 or later)**: Sign in to the [Azure Active Directory admin center](https://aad.portal.azure.com) with your tenant's Global Administrator credentials.
2. Select **Azure Active Directory** on the left-hand navigation.
3. Select **Azure AD Connect** and then **Pass-through Authentication**. And select **Download agent**.
4. Click the **Accept terms & download** button.
5. **Install the latest version of the Authentication Agent**: Run the executable downloaded in the preceding step. Provide your tenant's Global Administrator credentials when prompted.
-
+
-
+
## Next steps
- [**Current limitations**](active-directory-aadconnect-pass-through-authentication-current-limitations.md) - This feature is currently in preview. Learn which scenarios are supported and which ones are not.
diff --git a/articles/active-directory/connect/active-directory-aadconnect-pass-through-authentication-upgrade-preview-authentication-agents.md b/articles/active-directory/connect/active-directory-aadconnect-pass-through-authentication-upgrade-preview-authentication-agents.md
index 82524e4ee0a56..72344b9570378 100644
--- a/articles/active-directory/connect/active-directory-aadconnect-pass-through-authentication-upgrade-preview-authentication-agents.md
+++ b/articles/active-directory/connect/active-directory-aadconnect-pass-through-authentication-upgrade-preview-authentication-agents.md
@@ -12,7 +12,7 @@ ms.workload: identity
ms.tgt_pltfrm: na
ms.devlang: na
ms.topic: article
-ms.date: 07/27/2017
+ms.date: 08/04/2017
ms.author: billmath
---
@@ -31,12 +31,12 @@ This article is for customers using Azure AD Pass-through Authentication through
Follow these steps to check where your Authentication Agents are installed:
-1. Sign in to the [Azure portal](https://portal.azure.com) with the Global Administrator credentials for your tenant.
+1. Sign in to the [Azure Active Directory admin center](https://aad.portal.azure.com) with the Global Administrator credentials for your tenant.
2. Select **Azure Active Directory** on the left-hand navigation.
3. Select **Azure AD Connect**.
4. Select **Pass-through Authentication**. This blade lists the servers where your Authentication Agents are installed.
-
+
### Step 2: Check the versions of your Authentication Agents
@@ -53,7 +53,7 @@ To check the versions of your Authentication Agents, on each server identified i
Before upgrading, ensure that you have the following items in place:
1. **Create cloud-only Global Administrator account**: Don’t upgrade without having a cloud-only Global Administrator account to use in emergency situations where your Pass-through Authentication Agents are not working properly. Learn about [adding a cloud-only Global Administrator account](../active-directory-users-create-azure-portal.md). Doing this step is critical and ensures that you don't get locked out of your tenant.
-2. **Ensure high availability**: If not completed previously, install a second standalone Authentication Agent to provide high availability for sign-in requests, using these [instructions](active-directory-aadconnect-pass-through-authentication-quick-start.md#step-4-ensure-high-availability).
+2. **Ensure high availability**: If not completed previously, install a second standalone Authentication Agent to provide high availability for sign-in requests, using these [instructions](active-directory-aadconnect-pass-through-authentication-quick-start.md#step-5-ensure-high-availability).
## Upgrading the Authentication Agent on your Azure AD Connect server
@@ -61,18 +61,24 @@ You need upgrade Azure AD Connect before upgrading the Authentication Agent on t
1. **Upgrade Azure AD Connect**: Follow this [article](./active-directory-aadconnect-upgrade-previous-version.md) and upgrade to the latest Azure AD Connect version.
2. **Uninstall the preview version of the Authentication Agent**: Download [this PowerShell script](https://aka.ms/rmpreviewagent) and run it as an Administrator on the server.
-3. **Download the latest version of the Authentication Agent (versions 1.5.193.0 or later)**: Sign in to the [Azure portal](https://portal.azure.com) with your tenant's Global Administrator credentials. Select **Azure Active Directory -> Azure AD Connect -> Pass-through Authentication -> Download agent**. Accept the terms of service and download the latest version of the Authentication Agent.
+3. **Download the latest version of the Authentication Agent (versions 1.5.193.0 or later)**: Sign in to the [Azure Active Directory admin center](https://aad.portal.azure.com) with your tenant's Global Administrator credentials. Select **Azure Active Directory -> Azure AD Connect -> Pass-through Authentication -> Download agent**. Accept the terms of service and download the latest version of the Authentication Agent.
4. **Install the latest version of the Authentication Agent**: Run the executable downloaded in Step 3. Provide your tenant's Global Administrator credentials when prompted.
5. **Verify that the latest version has been installed**: As shown before, go to **Control Panel -> Programs -> Programs and Features** and verify that there is an entry for "**Microsoft Azure AD Connect Authentication Agent**".
+>[!NOTE]
+>If you check the Pass-through Authentication blade on the [Azure Active Directory admin center](https://aad.portal.azure.com) after completing the preceding steps, you'll see two Authentication Agent entries per server - one entry showing the Authentication Agent as **Active** and the other as **Inactive**. This is _expected_. The **Inactive** entry is automatically dropped after a few days.
+
## Upgrading the Authentication Agent on other servers
Follow these steps to upgrade Authentication Agents on other servers (where Azure AD Connect is not installed):
1. **Uninstall the preview version of the Authentication Agent**: Download [this PowerShell script](https://aka.ms/rmpreviewagent) and run it as an Administrator on the server.
-2. **Download the latest version of the Authentication Agent (versions 1.5.193.0 or later)**: Sign in to the [Azure portal](https://portal.azure.com) with your tenant's Global Administrator credentials. Select **Azure Active Directory -> Azure AD Connect -> Pass-through Authentication -> Download agent**. Accept the terms of service and download the latest version.
+2. **Download the latest version of the Authentication Agent (versions 1.5.193.0 or later)**: Sign in to the [Azure Active Directory admin center](https://aad.portal.azure.com) with your tenant's Global Administrator credentials. Select **Azure Active Directory -> Azure AD Connect -> Pass-through Authentication -> Download agent**. Accept the terms of service and download the latest version.
3. **Install the latest version of the Authentication Agent**: Run the executable downloaded in Step 2. Provide your tenant's Global Administrator credentials when prompted.
4. **Verify that the latest version has been installed**: As shown before, go to **Control Panel -> Programs -> Programs and Features** and verify that there is an entry called **Microsoft Azure AD Connect Authentication Agent**.
+>[!NOTE]
+>If you check the Pass-through Authentication blade on the [Azure Active Directory admin center](https://aad.portal.azure.com) after completing the preceding steps, you'll see two Authentication Agent entries per server - one entry showing the Authentication Agent as **Active** and the other as **Inactive**. This is _expected_. The **Inactive** entry is automatically dropped after a few days.
+
## Next steps
- [**Troubleshoot**](active-directory-aadconnect-troubleshoot-pass-through-authentication.md) - Learn how to resolve common issues with the feature.
diff --git a/articles/active-directory/connect/active-directory-aadconnect-sso-quick-start.md b/articles/active-directory/connect/active-directory-aadconnect-sso-quick-start.md
index 0198e31d4a614..5781a250aba3d 100644
--- a/articles/active-directory/connect/active-directory-aadconnect-sso-quick-start.md
+++ b/articles/active-directory/connect/active-directory-aadconnect-sso-quick-start.md
@@ -12,7 +12,7 @@ ms.workload: identity
ms.tgt_pltfrm: na
ms.devlang: na
ms.topic: article
-ms.date: 08/03/2017
+ms.date: 08/04/2017
ms.author: billmath
---
@@ -58,7 +58,7 @@ After completion of the wizard, Seamless SSO is enabled on your tenant.
Follow these instructions to verify that you have enabled Seamless SSO correctly:
-1. Sign in to the [Azure portal](https://portal.azure.com) with the Global Administrator credentials for your tenant.
+1. Sign in to the [Azure Active Directory admin center](https://aad.portal.azure.com) with the Global Administrator credentials for your tenant.
2. Select **Azure Active Directory** on the left-hand navigation.
3. Select **Azure AD Connect**.
4. Verify that the **Seamless Single Sign-On** feature shows as **Enabled**.
@@ -120,6 +120,9 @@ Using third-party Active Directory Group Policy extensions to roll out the Azure
Seamless SSO doesn't work in private browsing mode on Firefox and Edge browsers. It also doesn't work on Internet Explorer if the browser is running in Enhanced Protection mode.
+>[!IMPORTANT]
+>We recently rolled back support for Edge to investigate customer-reported issues.
+
## Step 4: Test the feature
To test the feature for a specific user, ensure that _all_ the following conditions are in place:
diff --git a/articles/active-directory/connect/active-directory-aadconnect-sso.md b/articles/active-directory/connect/active-directory-aadconnect-sso.md
index 6c572218cd8a9..c2abb15e23944 100644
--- a/articles/active-directory/connect/active-directory-aadconnect-sso.md
+++ b/articles/active-directory/connect/active-directory-aadconnect-sso.md
@@ -12,7 +12,7 @@ ms.workload: identity
ms.tgt_pltfrm: na
ms.devlang: na
ms.topic: article
-ms.date: 08/02/2017
+ms.date: 08/04/2017
ms.author: billmath
---
@@ -51,7 +51,7 @@ Seamless SSO can be combined with either the [Password Hash Synchronization](act
| OS\Browser |Internet Explorer|Edge|Google Chrome|Mozilla Firefox|Safari|
| --- | --- |--- | --- | --- | --
-|Windows 10|Yes|Yes|Yes|Yes\*|N/A
+|Windows 10|Yes|No|Yes|Yes\*|N/A
|Windows 8.1|Yes|N/A|Yes|Yes\*|N/A
|Windows 8|Yes|N/A|Yes|Yes\*|N/A
|Windows 7|Yes|N/A|Yes|Yes\*|N/A
@@ -59,6 +59,9 @@ Seamless SSO can be combined with either the [Password Hash Synchronization](act
\*Requires [additional configuration](active-directory-aadconnect-sso-quick-start.md#browser-considerations)
+>[!IMPORTANT]
+>We recently rolled back support for Edge to investigate customer-reported issues.
+
>[!NOTE]
>For Windows 10, the recommendation is to use [Azure AD Join](../active-directory-azureadjoin-overview.md) for the optimal single sign-on experience with Azure AD.
diff --git a/articles/active-directory/connect/active-directory-aadconnect-troubleshoot-pass-through-authentication.md b/articles/active-directory/connect/active-directory-aadconnect-troubleshoot-pass-through-authentication.md
index fc0a5bc2b8074..57ace5d7bd81e 100644
--- a/articles/active-directory/connect/active-directory-aadconnect-troubleshoot-pass-through-authentication.md
+++ b/articles/active-directory/connect/active-directory-aadconnect-troubleshoot-pass-through-authentication.md
@@ -12,7 +12,7 @@ ms.workload: identity
ms.tgt_pltfrm: na
ms.devlang: na
ms.topic: article
-ms.date: 08/03/2017
+ms.date: 08/04/2017
ms.author: billmath
---
@@ -27,11 +27,11 @@ This article helps you find troubleshooting information about common issues rega
### Check status of the feature and Authentication Agents
-Ensure that the Pass-through Authentication feature is still **Enabled** on your tenant and the status of Authentication Agents shows **Active**, and not **Inactive**. You can check status by going to the **Azure AD Connect** blade on the [Azure portal](https://portal.azure.com/).
+Ensure that the Pass-through Authentication feature is still **Enabled** on your tenant and the status of Authentication Agents shows **Active**, and not **Inactive**. You can check status by going to the **Azure AD Connect** blade on the [Azure Active Directory admin center](https://aad.portal.azure.com/).
-
+
-
+
### User-facing sign-in error messages
@@ -45,13 +45,13 @@ If the user is unable to sign into using Pass-through Authentication, they may s
|AADSTS80005|Validation encountered unpredictable WebException|A transient error. Retry the request. If it continues to fail, contact Microsoft support.
|AADSTS80007|An error occurred communicating with Active Directory|Check the agent logs for more information and verify that Active Directory is operating as expected.
-### Sign-in failure reasons on the Azure portal
+### Sign-in failure reasons on the Azure Active Directory admin center
-Start troubleshooting user sign-in issues by looking at the [sign-in activity report](../active-directory-reporting-activity-sign-ins.md) on the [Azure portal](https://portal.azure.com/).
+Start troubleshooting user sign-in issues by looking at the [sign-in activity report](../active-directory-reporting-activity-sign-ins.md) on the [Azure Active Directory admin center](https://aad.portal.azure.com/).
-
+
-Navigate to **Azure Active Directory** -> **Sign-ins** on the [Azure portal](https://portal.azure.com/) and click a specific user's sign-in activity. Look for the **SIGN-IN ERROR CODE** field. Map the value of that field to a failure reason and resolution using the following table:
+Navigate to **Azure Active Directory** -> **Sign-ins** on the [Azure Active Directory admin center](https://aad.portal.azure.com/) and click a specific user's sign-in activity. Look for the **SIGN-IN ERROR CODE** field. Map the value of that field to a failure reason and resolution using the following table:
|Sign-in error code|Sign-in failure reason|Resolution
| --- | --- | ---
diff --git a/articles/active-directory/connect/active-directory-aadconnect-troubleshoot-sso.md b/articles/active-directory/connect/active-directory-aadconnect-troubleshoot-sso.md
index 8128ec0e8ead0..756771a66996c 100644
--- a/articles/active-directory/connect/active-directory-aadconnect-troubleshoot-sso.md
+++ b/articles/active-directory/connect/active-directory-aadconnect-troubleshoot-sso.md
@@ -12,7 +12,7 @@ ms.workload: identity
ms.tgt_pltfrm: na
ms.devlang: na
ms.topic: article
-ms.date: 08/02/2017
+ms.date: 08/04/2017
ms.author: billmath
---
@@ -26,19 +26,22 @@ This article helps you find troubleshooting information about common issues rega
- Adding Azure AD service URLs (https://autologon.microsoftazuread-sso.com, https://aadg.windows.net.nsatc.net) to the "Trusted sites" zone instead of the "Local intranet" zone **blocks users from signing in**.
- Seamless SSO doesn't work in private browsing mode on Firefox and Edge. And also on Internet Explorer when Enhanced Protection mode is turned on.
+>[!IMPORTANT]
+>We recently rolled back support for Edge to investigate customer-reported issues.
+
## Check status of the feature
-Ensure that the Seamless SSO feature is still **Enabled** on your tenant. You can check status by going to the **Azure AD Connect** blade on the [Azure portal](https://portal.azure.com/).
+Ensure that the Seamless SSO feature is still **Enabled** on your tenant. You can check status by going to the **Azure AD Connect** blade on the [Azure Active Directory admin center](https://aad.portal.azure.com/).
-
+
-## Sign-in failure reasons on the Azure portal
+## Sign-in failure reasons on the Azure Active Directory admin center
-A good place to start troubleshooting user sign-in issues with Seamless SSO is to look at the [sign-in activity report](../active-directory-reporting-activity-sign-ins.md) on the [Azure portal](https://portal.azure.com/).
+A good place to start troubleshooting user sign-in issues with Seamless SSO is to look at the [sign-in activity report](../active-directory-reporting-activity-sign-ins.md) on the [Azure Active Directory admin center](https://aad.portal.azure.com/).
-
+
-Navigate to **Azure Active Directory** -> **Sign-ins** on the [Azure portal](https://portal.azure.com/) and click a specific user's sign-in activity. Look for the **SIGN-IN ERROR CODE** field. Map the value of that field to a failure reason and resolution using the following table:
+Navigate to **Azure Active Directory** -> **Sign-ins** on the [Azure Active Directory admin center](https://aad.portal.azure.com/) and click a specific user's sign-in activity. Look for the **SIGN-IN ERROR CODE** field. Map the value of that field to a failure reason and resolution using the following table:
|Sign-in error code|Sign-in failure reason|Resolution
| --- | --- | ---
diff --git a/articles/active-directory/connect/media/active-directory-aadconnect-pass-through-authentication/pta10.png b/articles/active-directory/connect/media/active-directory-aadconnect-pass-through-authentication/pta10.png
index c3ba10f7fac5e..23958517b65de 100644
Binary files a/articles/active-directory/connect/media/active-directory-aadconnect-pass-through-authentication/pta10.png and b/articles/active-directory/connect/media/active-directory-aadconnect-pass-through-authentication/pta10.png differ
diff --git a/articles/active-directory/connect/media/active-directory-aadconnect-pass-through-authentication/pta11.png b/articles/active-directory/connect/media/active-directory-aadconnect-pass-through-authentication/pta11.png
index a4a763d3c697a..476f0e9fb460d 100644
Binary files a/articles/active-directory/connect/media/active-directory-aadconnect-pass-through-authentication/pta11.png and b/articles/active-directory/connect/media/active-directory-aadconnect-pass-through-authentication/pta11.png differ
diff --git a/articles/active-directory/connect/media/active-directory-aadconnect-pass-through-authentication/pta4.png b/articles/active-directory/connect/media/active-directory-aadconnect-pass-through-authentication/pta4.png
index 8ef805b8c2441..a25d08d1efd8a 100644
Binary files a/articles/active-directory/connect/media/active-directory-aadconnect-pass-through-authentication/pta4.png and b/articles/active-directory/connect/media/active-directory-aadconnect-pass-through-authentication/pta4.png differ
diff --git a/articles/active-directory/connect/media/active-directory-aadconnect-pass-through-authentication/pta7.png b/articles/active-directory/connect/media/active-directory-aadconnect-pass-through-authentication/pta7.png
index b15ca5801ecb0..ae560ec7096cd 100644
Binary files a/articles/active-directory/connect/media/active-directory-aadconnect-pass-through-authentication/pta7.png and b/articles/active-directory/connect/media/active-directory-aadconnect-pass-through-authentication/pta7.png differ
diff --git a/articles/active-directory/connect/media/active-directory-aadconnect-pass-through-authentication/pta8.png b/articles/active-directory/connect/media/active-directory-aadconnect-pass-through-authentication/pta8.png
index c889ba017153e..d7ce4eded4cea 100644
Binary files a/articles/active-directory/connect/media/active-directory-aadconnect-pass-through-authentication/pta8.png and b/articles/active-directory/connect/media/active-directory-aadconnect-pass-through-authentication/pta8.png differ
diff --git a/articles/active-directory/connect/media/active-directory-aadconnect-pass-through-authentication/pta9.png b/articles/active-directory/connect/media/active-directory-aadconnect-pass-through-authentication/pta9.png
index 1a6e0b6a7b668..57b544975944f 100644
Binary files a/articles/active-directory/connect/media/active-directory-aadconnect-pass-through-authentication/pta9.png and b/articles/active-directory/connect/media/active-directory-aadconnect-pass-through-authentication/pta9.png differ
diff --git a/articles/active-directory/connect/media/active-directory-aadconnect-sso/sso10.png b/articles/active-directory/connect/media/active-directory-aadconnect-sso/sso10.png
index 0192e21916822..4d17118faaffe 100644
Binary files a/articles/active-directory/connect/media/active-directory-aadconnect-sso/sso10.png and b/articles/active-directory/connect/media/active-directory-aadconnect-sso/sso10.png differ
diff --git a/articles/active-directory/connect/media/active-directory-aadconnect-sso/sso9.png b/articles/active-directory/connect/media/active-directory-aadconnect-sso/sso9.png
index d53299b8cad53..ab9374965cb0c 100644
Binary files a/articles/active-directory/connect/media/active-directory-aadconnect-sso/sso9.png and b/articles/active-directory/connect/media/active-directory-aadconnect-sso/sso9.png differ
diff --git a/articles/active-directory/media/active-directory-application-proxy-connectors-azure-portal/new-group.png b/articles/active-directory/media/active-directory-application-proxy-connectors-azure-portal/new-group.png
new file mode 100644
index 0000000000000..6314fec4e60d5
Binary files /dev/null and b/articles/active-directory/media/active-directory-application-proxy-connectors-azure-portal/new-group.png differ
diff --git a/articles/app-service-web/app-service-linux-faq.md b/articles/app-service-web/app-service-linux-faq.md
index b8463b1d37e46..223f84f7c2df7 100644
--- a/articles/app-service-web/app-service-linux-faq.md
+++ b/articles/app-service-web/app-service-linux-faq.md
@@ -51,7 +51,7 @@ If you have a question, comment on the article and we'll answer it as soon as po
**Q:** My web app still uses an old Docker container image after I've updated the image on Docker Hub. Do you support continuous integration/deployment of custom containers?
-**A:** To set up continuous integration/deployment for DockerHub images by check the following article [Docker Hub Continuous Deployment with Web App on Linux](./app-service-linux-ci-cd.md). For private registries, you can refresh the container by stopping and then starting your web app. Or you can change or add a dummy application setting to force a refresh of your container.
+**A:** To set up continuous integration/deployment for Azure Container Registry or DockerHub images by check the following article [Continuous Deployment with Azure Web App on Linux](./app-service-linux-ci-cd.md). For private registries, you can refresh the container by stopping and then starting your web app. Or you can change or add a dummy application setting to force a refresh of your container.
**Q:** Do you support staging environments?
@@ -59,7 +59,7 @@ If you have a question, comment on the article and we'll answer it as soon as po
**Q:** Can I use **web deploy** to deploy my web app?
-**A:** Yes, you need to set an app setting called `UseWebDeployScm` to `false`.
+**A:** Yes, you need to set an app setting called `WEBSITE_WEBDEPLOY_USE_SCM` to `false`.
## Language support
@@ -99,7 +99,7 @@ If you have a question, comment on the article and we'll answer it as soon as po
**Q:** My custom container listens to a port other than port 80. How can I configure my app to route the requests to that port?
-**A:** We have auto port detection, also you can specify an application setting called **PORT**, and give it the value of the expected port number.
+**A:** We have auto port detection, also you can specify an application setting called **WEBSITES_PORT**, and give it the value of the expected port number. Previously the platform was using `PORT` app setting, we are planning to deprecate the use this app setting and move to using `WEBSITES_PORT` exclusively.
**Q:** Do I need to implement HTTPS in my custom container.
@@ -126,4 +126,4 @@ If you have a question, comment on the article and we'll answer it as soon as po
* [Creating web apps in Azure Web App on Linux](app-service-linux-how-to-create-web-app.md)
* [SSH support for Azure Web App on Linux](./app-service-linux-ssh-support.md)
* [Set up staging environments in Azure App Service](./web-sites-staged-publishing.md)
-* [Docker Hub Continuous Deployment with Azure Web App on Linux](./app-service-linux-ci-cd.md)
+* [Continuous Deployment with Azure Web App on Linux](./app-service-linux-ci-cd.md)
diff --git a/articles/app-service-web/app-service-linux-intro.md b/articles/app-service-web/app-service-linux-intro.md
index 8e2aab75b80df..ae9959455c225 100644
--- a/articles/app-service-web/app-service-linux-intro.md
+++ b/articles/app-service-web/app-service-linux-intro.md
@@ -65,8 +65,8 @@ For Kudu, some of the basic functionality:
For devops:
-* Staging environments
-* DockerHub CI/CD
+* Deployment Slots
+* ACR and DockerHub CI/CD
## Limitations
The Azure portal shows only features that currently work for Web App on Linux and hides the rest. As we enable more features, they will be visible on the portal.
@@ -79,6 +79,7 @@ This public preview is currently only available in the following regions:
* West Europe
* Southeast Asia
* Australia East
+* Japan East
Web Apps on Linux is only supported in the Dedicated app service plans and does not have a Free or Shared tier. Also, App Service plans for regular and Linux web apps are mutually exclusive, so you cannot create a Linux web app in a non-Linux app service plan.
diff --git a/articles/app-service-web/app-service-linux-ssh-support.md b/articles/app-service-web/app-service-linux-ssh-support.md
index ce9188e1fc652..4c9323686066e 100644
--- a/articles/app-service-web/app-service-linux-ssh-support.md
+++ b/articles/app-service-web/app-service-linux-ssh-support.md
@@ -51,7 +51,7 @@ If you are not already authenticated, you are required to authenticate with your
In order for a custom Docker image to support SSH communication between the container and the client in the Azure portal, perform the following steps for your Docker image.
-These steps are are shown in the Azure App Service repository as an example [here](https://github.com/Azure-App-Service/node/tree/master/4.4.7-1).
+These steps are are shown in the Azure App Service repository as an example [here](https://github.com/Azure-App-Service/node/blob/master/6.9.3/).
1. Include the `openssh-server` installation in [`RUN` instruction](https://docs.docker.com/engine/reference/builder/#run) in the Dockerfile for your image and set the password for the root account to `"Docker!"`.
diff --git a/articles/app-service-web/app-service-linux-using-custom-docker-image.md b/articles/app-service-web/app-service-linux-using-custom-docker-image.md
index ff58a7cc50957..ec66857ac3022 100644
--- a/articles/app-service-web/app-service-linux-using-custom-docker-image.md
+++ b/articles/app-service-web/app-service-linux-using-custom-docker-image.md
@@ -28,7 +28,7 @@ App Service provides pre-defined application stacks on Linux with support for sp
## How to: set a custom Docker image for a web app
-You can set the custom Docker image for both new and existing webs apps. When you create a web app on Linux in the [Azure portal](https://portal.azure.com), click **Configure container** to set a custom Docker image:
+You can set the custom Docker image for both new and existing webs apps. When you create a web app on Linux in the [Azure portal](https://portal.azure.com/#create/Microsoft.AppSvcLinux), click **Configure container** to set a custom Docker image:
![Custom Docker Image for a new web app on Linux][1]
@@ -60,18 +60,20 @@ To use a custom Docker image from a private image registry:
## How to: set the port used by your Docker image ##
-When you use a custom Docker image for your web app, you can use the `PORT` environment variable in your Dockerfile, which gets added to the generated container. Consider the following example of a docker file for a Ruby application:
+When you use a custom Docker image for your web app, you can use the `WEBSITES_PORT` environment variable in your Dockerfile, which gets added to the generated container. Consider the following example of a docker file for a Ruby application:
FROM ruby:2.2.0
RUN mkdir /app
WORKDIR /app
ADD . /app
RUN bundle install
- CMD bundle exec puma config.ru -p $PORT -e production
+ CMD bundle exec puma config.ru -p WEBSITES_PORT -e production
-On last line of the command, you can see that the PORT environment variable is passed at runtime. Remember that casing matters in commands.
+On last line of the command, you can see that the WEBSITES_PORT environment variable is passed at runtime. Remember that casing matters in commands.
-When you use an existing Docker image built by someone else, you may need to specify a port other than port 80 for the application. To configure the port, add an application setting named `PORT` with the value as shown below:
+Previously the platform was using `PORT` app setting, we are planning to deprecate the use this app setting and move to using `WEBSITES_PORT` exclusively.
+
+When you use an existing Docker image built by someone else, you may need to specify a port other than port 80 for the application. To configure the port, add an application setting named `WEBSITES_PORT` with the value as shown below:
![Configure PORT app setting for custom Docker image][6]
@@ -89,8 +91,8 @@ To switch from using a custom image to using a built-in image:
## Troubleshooting ##
-When your application fails to start with your custom Docker image, check the Docker logs in the LogFiles/docker directory. You can access this directory either through your SCM site or via FTP.
-To log the `stdout` and `stderr` from your container, you need to enable **Web server logging** under **Diagnostics Logs**.
+When your application fails to start with your custom Docker image, check the Docker logs in the LogFiles directory. You can access this directory either through your SCM site or via FTP.
+To log the `stdout` and `stderr` from your container, you need to enable **Docker Container logging** under **Diagnostics Logs**.
![Enabling Logging][8]
diff --git a/articles/app-service-web/media/app-service-linux-how-to-create-a-web-app/application-settings-change-stack.png b/articles/app-service-web/media/app-service-linux-how-to-create-a-web-app/application-settings-change-stack.png
index ffdd9dfac931a..ef5539f0d8657 100644
Binary files a/articles/app-service-web/media/app-service-linux-how-to-create-a-web-app/application-settings-change-stack.png and b/articles/app-service-web/media/app-service-linux-how-to-create-a-web-app/application-settings-change-stack.png differ
diff --git a/articles/app-service-web/media/app-service-linux-how-to-create-a-web-app/create-blade.png b/articles/app-service-web/media/app-service-linux-how-to-create-a-web-app/create-blade.png
index 722b95fc4643b..c6a7712607b84 100644
Binary files a/articles/app-service-web/media/app-service-linux-how-to-create-a-web-app/create-blade.png and b/articles/app-service-web/media/app-service-linux-how-to-create-a-web-app/create-blade.png differ
diff --git a/articles/app-service-web/media/app-service-linux-how-to-create-a-web-app/diagnostic-logs-ftp.png b/articles/app-service-web/media/app-service-linux-how-to-create-a-web-app/diagnostic-logs-ftp.png
index e25d51bde9d7b..8f42372baa80e 100644
Binary files a/articles/app-service-web/media/app-service-linux-how-to-create-a-web-app/diagnostic-logs-ftp.png and b/articles/app-service-web/media/app-service-linux-how-to-create-a-web-app/diagnostic-logs-ftp.png differ
diff --git a/articles/app-service-web/media/app-service-linux-how-to-create-a-web-app/top-level-create.png b/articles/app-service-web/media/app-service-linux-how-to-create-a-web-app/top-level-create.png
index 170cc02b3d633..e995b466ebd54 100644
Binary files a/articles/app-service-web/media/app-service-linux-how-to-create-a-web-app/top-level-create.png and b/articles/app-service-web/media/app-service-linux-how-to-create-a-web-app/top-level-create.png differ
diff --git a/articles/app-service-web/media/app-service-linux-ruby-get-started/create-blade.png b/articles/app-service-web/media/app-service-linux-ruby-get-started/create-blade.png
index cb6063b99445c..68b9e72857e93 100644
Binary files a/articles/app-service-web/media/app-service-linux-ruby-get-started/create-blade.png and b/articles/app-service-web/media/app-service-linux-ruby-get-started/create-blade.png differ
diff --git a/articles/app-service-web/media/app-service-linux-ruby-get-started/top-level-create.png b/articles/app-service-web/media/app-service-linux-ruby-get-started/top-level-create.png
index 170cc02b3d633..e995b466ebd54 100644
Binary files a/articles/app-service-web/media/app-service-linux-ruby-get-started/top-level-create.png and b/articles/app-service-web/media/app-service-linux-ruby-get-started/top-level-create.png differ
diff --git a/articles/app-service-web/media/app-service-linux-using-custom-docker-image/kudu-docker-logs.png b/articles/app-service-web/media/app-service-linux-using-custom-docker-image/kudu-docker-logs.png
index c55cbe8dc2686..b5e3f9384b097 100644
Binary files a/articles/app-service-web/media/app-service-linux-using-custom-docker-image/kudu-docker-logs.png and b/articles/app-service-web/media/app-service-linux-using-custom-docker-image/kudu-docker-logs.png differ
diff --git a/articles/app-service-web/media/app-service-linux-using-custom-docker-image/logging.png b/articles/app-service-web/media/app-service-linux-using-custom-docker-image/logging.png
index f1f27174f54c8..5d2cc7a27fe71 100644
Binary files a/articles/app-service-web/media/app-service-linux-using-custom-docker-image/logging.png and b/articles/app-service-web/media/app-service-linux-using-custom-docker-image/logging.png differ
diff --git a/articles/app-service-web/media/app-service-linux-using-custom-docker-image/setting-port.png b/articles/app-service-web/media/app-service-linux-using-custom-docker-image/setting-port.png
index 1b27dfea68601..8fdcb1c6e03cc 100644
Binary files a/articles/app-service-web/media/app-service-linux-using-custom-docker-image/setting-port.png and b/articles/app-service-web/media/app-service-linux-using-custom-docker-image/setting-port.png differ
diff --git a/articles/azure-functions/functions-create-first-azure-function.md b/articles/azure-functions/functions-create-first-azure-function.md
index 99e3dffb34dc5..6650a14e837d0 100644
--- a/articles/azure-functions/functions-create-first-azure-function.md
+++ b/articles/azure-functions/functions-create-first-azure-function.md
@@ -14,7 +14,7 @@ ms.devlang: multiple
ms.topic: hero-article
ms.tgt_pltfrm: multiple
ms.workload: na
-ms.date: 07/19/2017
+ms.date: 08/07/2017
ms.author: glenga
ms.custom: mvc
@@ -47,7 +47,7 @@ Next, you create a function in the new function app.
1. Expand your new function app, then click the **+** button next to **Functions**.
-2. In the **Get started quickly** page, select **WebHook + API**, choose a language for your function, and click **Create this function**.
+2. In the **Get started quickly** page, select **WebHook + API**, **Choose a language** for your function, and click **Create this function**.
diff --git a/articles/azure-stack/azure-stack-kv-push-secret-into-vm.md b/articles/azure-stack/azure-stack-kv-push-secret-into-vm.md
index ff73e7886d0e1..479b50d4bb665 100644
--- a/articles/azure-stack/azure-stack-kv-push-secret-into-vm.md
+++ b/articles/azure-stack/azure-stack-kv-push-secret-into-vm.md
@@ -41,6 +41,8 @@ The following steps describe the process to push a certificate onto the virtual
3. Upload the certificate into the key vault.
4. Deploy a template to create a virtual machine and push the certificate onto it.
+**Create a secret in the key vault**
+
The following script creates a certificate in the .pfx format, creates a key vault, and stores the certificate in the key vault as a secret. You must use the `-EnabledForDeployment` parameter when you're creating the key vault. This parameter makes sure that the key vault can be referenced from Azure Resource Manager templates.
```powershell
@@ -108,6 +110,8 @@ When you run the previous script, the output includes the secret URI. Make a not
Modify the `azuredeploy.parameters.json` file according to your environment values. The parameters of special interest are the vault name, the vault resource group, and the secret URI (as generated by the previous script). The following file is an example of a parameter file:
+**azuredeploy.parameters.json:**
+
```json
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
@@ -141,6 +145,8 @@ Modify the `azuredeploy.parameters.json` file according to your environment valu
}
```
+**Template deployment:**
+
Now deploy the template by using the following PowerShell script:
```powershell
diff --git a/articles/batch/batch-diagnostics.md b/articles/batch/batch-diagnostics.md
index ec5627ad3ee2f..7ec968059e7b5 100644
--- a/articles/batch/batch-diagnostics.md
+++ b/articles/batch/batch-diagnostics.md
@@ -41,7 +41,7 @@ As with many Azure services, the Batch service emits log events for certain reso
## Enable diagnostic logging
Diagnostic logging is not enabled by default for your Batch account. You must explicitly enable diagnostic logging for each Batch account you want to monitor:
-[How to enable collection of Diagnostic Logs](../monitoring-and-diagnostics/monitoring-overview-of-diagnostic-logs.md#how-to-enable-collection-of-diagnostic-logs)
+[How to enable collection of Diagnostic Logs](../monitoring-and-diagnostics/monitoring-overview-of-diagnostic-logs.md#how-to-enable-collection-of-resource-diagnostic-logs)
We recommend that you read the full [Overview of Azure Diagnostic Logs](../monitoring-and-diagnostics/monitoring-overview-of-diagnostic-logs.md) article to gain an understanding of not only how to enable logging, but the log categories supported by the various Azure services. For example, Azure Batch currently supports one log category: **Service Logs**.
diff --git a/articles/billing/billing-enterprise-api-usage-detail.md b/articles/billing/billing-enterprise-api-usage-detail.md
index cacddd80e8964..fcc86dfc205c2 100644
--- a/articles/billing/billing-enterprise-api-usage-detail.md
+++ b/articles/billing/billing-enterprise-api-usage-detail.md
@@ -80,7 +80,7 @@ Common header properties that need to be added are specified [here](billing-ente
"unitOfMeasure": "string",
"resourceGroup": "string"
}
- ]
+ ],
"nextLink": "string"
}
diff --git a/articles/container-instances/container-instances-tutorial-deploy-app.md b/articles/container-instances/container-instances-tutorial-deploy-app.md
index 642a56e0c3fb6..da9875f4989ed 100644
--- a/articles/container-instances/container-instances-tutorial-deploy-app.md
+++ b/articles/container-instances/container-instances-tutorial-deploy-app.md
@@ -15,7 +15,7 @@ ms.devlang: azurecli
ms.topic: sample
ms.tgt_pltfrm: na
ms.workload: na
-ms.date: 07/19/2017
+ms.date: 08/04/2017
ms.author: seanmck
---
@@ -47,7 +47,7 @@ az acr credential show --name --query "passwords[0].value"
To deploy your container image from the container registry with a resource request of 1 CPU core and 1GB of memory, run the following command:
```azurecli-interactive
-az container create --name aci-tutorial-app --image /aci-tutorial-app:v1 --cpu 1 --memory 1 --registry-login-server --registry-username --registry-password --ip-address public -g myResourceGroup
+az container create --name aci-tutorial-app --image /aci-tutorial-app:v1 --cpu 1 --memory 1 --registry-password --ip-address public -g myResourceGroup
```
Within a few seconds, you will receive an initial response from Azure Resource Manager. To view the state of the deployment, use:
diff --git a/articles/container-instances/container-instances-tutorial-prepare-acr.md b/articles/container-instances/container-instances-tutorial-prepare-acr.md
index f963ba9301306..f30ed207454b0 100644
--- a/articles/container-instances/container-instances-tutorial-prepare-acr.md
+++ b/articles/container-instances/container-instances-tutorial-prepare-acr.md
@@ -56,7 +56,7 @@ Throughout the rest of this tutorial, we use `` as a placeholder for th
## Get Azure Container Registry information
-Once the container registry is created, you can query its login server and password. The following code returns these values. Note each value down, they are referenced throughout this tutorial.
+Once the container registry is created, you can query its login server and password. The following code returns these values. Note each value for login server and password, as they are referenced throughout this tutorial.
Container registry login server (update with your registry name):
@@ -69,14 +69,14 @@ Throughout the rest of this tutorial, we use `` as a placeholder
Container registry password:
```azurecli
-az acr credential show --name --query passwords[0].value
+az acr credential show --name --query "passwords[0].value"
```
Throughout the rest of this tutorial, we use `` as a placeholder for the container registry password value.
## Login to the container registry
-You must login to your container registry instance before pushing images to it. Use the [docker login](https://docs.docker.com/engine/reference/commandline/login/) command to complete the operation. When running docker login, you need to provide th registry login server name and credentials.
+You must login to your container registry instance before pushing images to it. Use the [docker login](https://docs.docker.com/engine/reference/commandline/login/) command to complete the operation. When running docker login, you need to provide the registry login server name and credentials.
```bash
docker login --username= --password=
@@ -86,7 +86,7 @@ The command returns a 'Login Succeeded’ message once completed.
## Tag container image
-In order to deploy a container image from a private registry, the image needs to be tagged with the `loginServer` name of the registry.
+To deploy a container image from a private registry, the image needs to be tagged with the `loginServer` name of the registry.
To see a list of current images, use the `docker images` command.
@@ -173,4 +173,4 @@ In this tutorial, an Azure Container Registry was prepared for use with Azure Co
Advance to the next tutorial to learn about deploying the container to Azure using Azure Container Instances.
> [!div class="nextstepaction"]
-> [Deploy containers to Azure Container Instances](./container-instances-tutorial-deploy-app.md)
\ No newline at end of file
+> [Deploy containers to Azure Container Instances](./container-instances-tutorial-deploy-app.md)
diff --git a/articles/container-service/kubernetes/container-service-kubernetes-walkthrough.md b/articles/container-service/kubernetes/container-service-kubernetes-walkthrough.md
index 6b8499810cb3a..5d08b38e496c2 100644
--- a/articles/container-service/kubernetes/container-service-kubernetes-walkthrough.md
+++ b/articles/container-service/kubernetes/container-service-kubernetes-walkthrough.md
@@ -22,7 +22,7 @@ ms.custom: H1Hack27Feb2017
# Deploy Kubernetes cluster for Linux containers
-In this quick start, a Kubernetes cluster is deployed using the Azure CLI. A multi-container application consisting of web front-end and a Redis instance is then deployed and run on the cluster. Once completed, the application is accessible over the internet.
+In this quick start, a Kubernetes cluster is deployed using the Azure CLI. A multi-container application consisting of web front end and a Redis instance is then deployed and run on the cluster. Once completed, the application is accessible over the internet.
@@ -64,7 +64,7 @@ Output:
Create a Kubernetes cluster in Azure Container Service with the [az acs create](/cli/azure/acs#create) command. The following example creates a cluster named *myK8sCluster* with one Linux master node and three Linux agent nodes.
```azurecli-interactive
-az acs create --orchestrator-type=kubernetes --resource-group myResourceGroup --name=myK8sCluster --generate-ssh-keys
+az acs create --orchestrator-type kubernetes --resource-group myResourceGroup --name myK8sCluster --generate-ssh-keys
```
After several minutes, the command completes and returns json formatted information about the cluster.
@@ -75,7 +75,7 @@ To manage a Kubernetes cluster, use [kubectl](https://kubernetes.io/docs/user-gu
If you're using Azure CloudShell, kubectl is already installed. If you want to install it locally, you can use the [az acs kubernetes install-cli](/cli/azure/acs/kubernetes#install-cli) command.
-To configure kubectl to connect to your Kubernetes cluster, run the [az acs kubernetes get-credentials](/cli/azure/acs/kubernetes#get-credentials) command. This steps downloads credentials and configures the Kubernetes CLI to use them.
+To configure kubectl to connect to your Kubernetes cluster, run the [az acs kubernetes get-credentials](/cli/azure/acs/kubernetes#get-credentials) command. This step downloads credentials and configures the Kubernetes CLI to use them.
```azurecli-interactive
az acs kubernetes get-credentials --resource-group=myResourceGroup --name=myK8sCluster
@@ -101,7 +101,7 @@ k8s-master-14ad53a1-0 Ready,SchedulingDisabled 10m v1.6.6
A Kubernetes manifest file defines a desired state for the cluster, including things like what container images should be running. For this example, a manifest is used to create all object needed to run the Azure Vote application.
-Create a file named `azure-vote.yaml` and copy into it the following YAML.
+Create a file named `azure-vote.yaml` and copy into it the following YAML. If you are working in Azure Cloud Shell, this file can be created using vi or Nano as if working on a virtual or physical system.
```yaml
apiVersion: apps/v1beta1
@@ -181,7 +181,7 @@ service "azure-vote-front" created
## Test the application
-As the application is run, a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) is created that exposes the application front-end to the internet. This process can take a few minutes to complete.
+As the application is run, a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) is created that exposes the application front end to the internet. This process can take a few minutes to complete.
To monitor progress, use the [kubectl get service](https://kubernetes.io/docs/user-guide/kubectl/v1.6/#get) command with the `--watch` argument.
diff --git a/articles/cosmos-db/create-documentdb-dotnet.md b/articles/cosmos-db/create-documentdb-dotnet.md
index 9cf6e3831e54d..0e5f023286c4e 100644
--- a/articles/cosmos-db/create-documentdb-dotnet.md
+++ b/articles/cosmos-db/create-documentdb-dotnet.md
@@ -51,7 +51,7 @@ You can now add data to your new collection using Data Explorer.
-2. Now add a few documents to the collection with the following structure, where you insert unique values for id in each document and change the other properties as you see fit. Your new documents can have any structure you want as Azure Cosmos DB doesn't impose any schema on your data.
+2. Now add a document to the collection with the following structure.
```json
{
@@ -67,13 +67,15 @@ You can now add data to your new collection using Data Explorer.
- You can now use queries in Data Explorer to retrieve your data. By default, Data Explorer uses `SELECT * FROM c` to retrieve all documents in the collection, but you can change that to `SELECT * FROM c ORDER BY c.name ASC`, to return all the documents in alphabetic ascending order of the name property.
+4. Create and save one more document where you insert a unique value for the `id` property, and change the other properties as you see fit. Your new documents can have any structure you want as Azure Cosmos DB doesn't impose any schema on your data.
+
+ You can now use queries in Data Explorer to retrieve your data. By default, Data Explorer uses `SELECT * FROM c` to retrieve all documents in the collection, but you can change that to a different [SQL query](documentdb-sql-query.md), such as `SELECT * FROM c ORDER BY c._ts DESC`, to return all the documents in descending order based on their timestamp.
You can also use Data Explorer to create stored procedures, UDFs, and triggers to perform server-side business logic as well as scale throughput. Data Explorer exposes all of the built-in programmatic data access available in the APIs, but provides easy access to your data in the Azure portal.
## Clone the sample application
-Now let's clone a DocumentDB API app from github, set the connection string, and run it. You'll see how easy it is to work with data programmatically.
+Now let's switch to working with code. Let's clone a DocumentDB API app from GitHub, set the connection string, and run it. You'll see how easy it is to work with data programmatically.
1. Open a git terminal window, such as git bash, and `CD` to a working directory.
diff --git a/articles/cosmos-db/create-documentdb-java.md b/articles/cosmos-db/create-documentdb-java.md
index 1822022ea99ec..c6588db9053b6 100644
--- a/articles/cosmos-db/create-documentdb-java.md
+++ b/articles/cosmos-db/create-documentdb-java.md
@@ -1,5 +1,5 @@
---
-title: 'Azure Cosmos DB: Build an app with Java and the DocumentDB API | Microsoft Docs'
+title: Create an Azure Cosmos DB document database with Java | Microsoft Docs | Microsoft Docs'
description: Presents a Java code sample you can use to connect to and query the Azure Cosmos DB DocumentDB API
services: cosmos-db
documentationcenter: ''
@@ -14,35 +14,72 @@ ms.workload:
ms.tgt_pltfrm: na
ms.devlang: java
ms.topic: hero-article
-ms.date: 06/27/2017
+ms.date: 08/02/2017
ms.author: mimig
---
-# Azure Cosmos DB: Build a DocumentDB API app with Java and the Azure portal
+# Azure Cosmos DB: Create a document database using Java and the Azure portal
Azure Cosmos DB is Microsoft’s globally distributed multi-model database service. You can quickly create and query document, key/value, and graph databases, all of which benefit from the global distribution and horizontal scale capabilities at the core of Azure Cosmos DB.
-This quick start demonstrates how to create an Azure Cosmos DB account, document database, and collection using the Azure portal. You'll then build and run a console app built on the [DocumentDB Java API](documentdb-sdk-java.md).
+This quickstart creates a document database using the Azure portal tools for Azure Cosmos DB. This quickstart also shows you how to quickly create a Java console app using the [DocumentDB Java API](documentdb-sdk-java.md). The instructions in this quickstart can be followed on any operating system that is capable of running Java. By completing this quickstart you'll be familiar with creating and modifying document database resources in either the UI or programatically, whichever is your preference.
## Prerequisites
-* Before you can run this sample, you must have the following prerequisites:
- * JDK 1.7+ (Run `apt-get install default-jdk` if you don't have JDK)
- * Maven (Run `apt-get install maven` if you don't have Maven)
+* [Java Development Kit (JDK) 1.7+](http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html)
+ * On Ubuntu, run `apt-get install default-jdk` to install the JDK.
+ * Be sure to set the JAVA_HOME environment variable to point to the folder where the JDK is installed.
+* [Download](http://maven.apache.org/download.cgi) and [install](http://maven.apache.org/install.html) a [Maven](http://maven.apache.org/) binary archive
+ * On Ubuntu, you can run `apt-get install maven` to install Maven.
+* [Git](https://www.git-scm.com/)
+ * On Ubuntu, you can run `sudo apt-get install git` to install Git.
[!INCLUDE [quickstarts-free-trial-note](../../includes/quickstarts-free-trial-note.md)]
## Create a database account
+Before you can create a graph database, you need to create a SQL (DocumentDB) database account with Azure Cosmos DB.
+
[!INCLUDE [cosmos-db-create-dbaccount](../../includes/cosmos-db-create-dbaccount.md)]
## Add a collection
[!INCLUDE [cosmos-db-create-collection](../../includes/cosmos-db-create-collection.md)]
+
+## Add sample data
+
+You can now add data to your new collection using Data Explorer.
+
+1. In Data Explorer, the new database appears in the Collections pane. Expand the **Tasks** database, expand the **Items** collection, click **Documents**, and then click **New Documents**.
+
+ 
+
+2. Now add a document to the collection with the following structure.
+
+ ```json
+ {
+ "id": "1",
+ "category": "personal",
+ "name": "groceries",
+ "description": "Pick up apples and strawberries.",
+ "isComplete": false
+ }
+ ```
+
+3. Once you've added the json to the **Documents** tab, click **Save**.
+
+ 
+
+4. Create and save one more document where you insert a unique value for the `id` property, and change the other properties as you see fit. Your new documents can have any structure you want as Azure Cosmos DB doesn't impose any schema on your data.
+
+ You can now use queries in Data Explorer to retrieve your data by clicking the . By default, Data Explorer uses `SELECT * FROM c` to retrieve all documents in the collection, but you can change that to a different [SQL query](documentdb-sql-query.md), such as `SELECT * FROM c ORDER BY c._ts DESC`, to return all the documents in descending order based on their timestamp.
+
+ You can also use Data Explorer to create stored procedures, UDFs, and triggers to perform server-side business logic as well as scale throughput. Data Explorer exposes all of the built-in programmatic data access available in the APIs, but provides easy access to your data in the Azure portal.
+
## Clone the sample application
-Now let's clone a DocumentDB API app from github, set the connection string, and run it. You see how easy it is to work with data programmatically.
+Now let's switch to working with code. Let's clone a DocumentDB API app from GitHub, set the connection string, and run it. You see how easy it is to work with data programmatically.
1. Open a git terminal window, such as git bash, and `CD` to a working directory.
@@ -54,7 +91,7 @@ Now let's clone a DocumentDB API app from github, set the connection string, and
## Review the code
-Let's make a quick review of what's happening in the app. Open the `Program.java` file and find these lines of code that create the Azure Cosmos DB resources.
+Let's make a quick review of what's happening in the app. Open the `Program.java` file from the \src\GetStarted folder, and find these lines of code that create the Azure Cosmos DB resources.
* The `DocumentClient` is initialized.
@@ -80,12 +117,7 @@ Let's make a quick review of what's happening in the app. Open the `Program.java
DocumentCollection collectionInfo = new DocumentCollection();
collectionInfo.setId(collectionName);
- // DocumentDB collections can be reserved with throughput
- // specified in request units/second. 1 RU is a normalized
- // request equivalent to the read of a 1KB document. Here we
- // create a collection with 400 RU/s.
- RequestOptions requestOptions = new RequestOptions();
- requestOptions.setOfferThroughput(400);
+ ...
this.client.createCollection(databaseLink, collectionInfo, requestOptions);
```
@@ -123,27 +155,30 @@ Let's make a quick review of what's happening in the app. Open the `Program.java
## Update your connection string
-Now go back to the Azure portal to get your connection string information and copy it into the app.
+Now go back to the Azure portal to get your connection string information and copy it into the app. This will enable your app to communicate with your hosted database.
-1. In the [Azure portal](http://portal.azure.com/), in your Azure Cosmos DB account, in the left navigation click **Keys**, and then click **Read-write Keys**. You'll use the copy buttons on the right side of the screen to copy the URI and Primary Key into the `Program.java` file in the next step.
+1. In the [Azure portal](http://portal.azure.com/), in your Azure Cosmos DB account, in the left navigation click **Keys**, and then click **Read-write Keys**. You'll use the copy buttons on the right side of the screen to copy the URI and PRIMARY KEY into the `Program.java` file in the next step.
-2. In Open the `Program.java` file.
-
-3. Copy your URI value from the portal (using the copy button) and make it the value of the endpoint to the DocumentClient constructor in `Program.java`.
+2. In the open `Program.java` file, copy your URI value from the portal (using the copy button) and make it the value of the endpoint to the DocumentClient constructor in `Program.java`.
`"https://FILLME.documents.azure.com"`
-4. Then copy your PRIMARY KEY value from the portal and replace the second parameter “FILL ME” with the key in the DocumentClient constructor in `Program.java'. You've now updated your app with all the info it needs to communicate with Azure Cosmos DB.
+4. Then copy your PRIMARY KEY value from the portal and paste it over “FILLME”, making it the second parameter in the DocumentClient constructor. You've now updated your app with all the info it needs to communicate with Azure Cosmos DB.
## Run the app
-1. Run `mvn package` in a terminal to install the required Java packages.
+1. In the git terminal window, `cd` to the azure-cosmos-db-documentdb-java-getting-started folder.
+
+2. In the git terminal window, type `mvn package` to install the required Java packages.
+
+3. In the git terminal window, run `mvn exec:java -D exec.mainClass=GetStarted.Program` in the terminal window to start your Java application.
+
+ In the terminal window, you'll receive notification that the FamilyDB database was created, and to press a key to continue. Press a key to create the database, then switch to the Data Explorer and you'll see that it now contains a FamilyDB database. Continue to press keys to create the collection and the documents and then perform a query. When the project completes, the resources are deleted from your account.
-2. Run `mvn exec:java -D exec.mainClass=GetStarted.Program` in a terminal to start your Java application.
+ 
-You can now go back to Data Explorer and see query, modify, and work with this new data.
## Review SLAs in the Azure portal
@@ -158,7 +193,7 @@ If you're not going to continue to use this app, delete all resources created by
## Next steps
-In this quickstart, you've learned how to create an Azure Cosmos DB account, create a collection using the Data Explorer, and run an app. You can now import additional data to your Cosmos DB account.
+In this quickstart, you've learned how to create an Azure Cosmos DB account, document database, and collection using the Data Explorer, and run an app to do the same thing programmatically. You can now import additional data to your Cosmos DB account.
> [!div class="nextstepaction"]
> [Import data into Azure Cosmos DB](import-data.md)
diff --git a/articles/cosmos-db/create-graph-java.md b/articles/cosmos-db/create-graph-java.md
index 6f0ace7aa3711..9fb4213e5e080 100644
--- a/articles/cosmos-db/create-graph-java.md
+++ b/articles/cosmos-db/create-graph-java.md
@@ -1,5 +1,5 @@
---
-title: Build an Azure Cosmos DB Java application using the Graph API | Microsoft Docs
+title: Create an Azure Cosmos DB graph database with Java | Microsoft Docs
description: Presents a Java code sample you can use to connect to and query graph data in Azure Cosmos DB using Gremlin.
services: cosmos-db
documentationcenter: ''
@@ -14,35 +14,88 @@ ms.workload:
ms.tgt_pltfrm: na
ms.devlang: dotnet
ms.topic: hero-article
-ms.date: 07/14/2017
+ms.date: 08/04/2017
ms.author: denlee
---
-# Azure Cosmos DB: Build a Java application using the Graph API
+# Azure Cosmos DB: Create a graph database using Java and the Azure portal
Azure Cosmos DB is Microsoft’s globally distributed multi-model database service. You can quickly create and query document, key/value, and graph databases, all of which benefit from the global distribution and horizontal scale capabilities at the core of Azure Cosmos DB.
-This quick start demonstrates how to create an Azure Cosmos DB account for Graph API (preview), database, and graph using the Azure portal. You then build and run a console app using the OSS [Gremlin Java](https://mvnrepository.com/artifact/org.apache.tinkerpop/gremlin-driver) driver.
+This quickstart creates a graph database using the Azure portal tools for Azure Cosmos DB. This quickstart also shows you how to quickly create a Java console app using a graph database using the OSS [Gremlin Java](https://mvnrepository.com/artifact/org.apache.tinkerpop/gremlin-driver) driver. The instructions in this quickstart can be followed on any operating system that is capable of running Java. By completing this quickstart you'll be familiar with creating and modifying graph resources in either the UI or programmatically, whichever is your preference.
## Prerequisites
-* Before you can run this sample, you must have the following prerequisites:
- * JDK 1.7+ (Run `apt-get install default-jdk` if you don't have JDK), and set environment variables like `JAVA_HOME`
- * Maven (Run `apt-get install maven` if you don't have Maven)
+* [Java Development Kit (JDK) 1.7+](http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html)
+ * On Ubuntu, run `apt-get install default-jdk` to install the JDK.
+ * Be sure to set the JAVA_HOME environment variable to point to the folder where the JDK is installed.
+* [Download](http://maven.apache.org/download.cgi) and [install](http://maven.apache.org/install.html) a [Maven](http://maven.apache.org/) binary archive
+ * On Ubuntu, you can run `apt-get install maven` to install Maven.
+* [Git](https://www.git-scm.com/)
+ * On Ubuntu, you can run `sudo apt-get install git` to install Git.
[!INCLUDE [quickstarts-free-trial-note](../../includes/quickstarts-free-trial-note.md)]
## Create a database account
+Before you can create a graph database, you need to create a Gremlin (Graph) database account with Azure Cosmos DB.
+
[!INCLUDE [cosmos-db-create-dbaccount-graph](../../includes/cosmos-db-create-dbaccount-graph.md)]
## Add a graph
[!INCLUDE [cosmos-db-create-graph](../../includes/cosmos-db-create-graph.md)]
+
+## Add sample data
+
+You can now add data to your new graph database using Data Explorer.
+
+1. In Data Explorer, the new graph appears in the Graphs pane. Expand the **sample-database**/**sample-graph**, click **Graph**, and then click **Apply Filter**.
+
+ 
+
+2. Click the **New Vertex** button to add data to your graph.
+
+ 
+
+3. Enter a label of *ashley* then enter the following keys and values to create your first vertex in the graph:
+
+ key|value|Notes
+ ----|----|----
+ userid | ashley1986 |Because we created a partitioned graph, the partition key (userid in this tutorial) must be one of the properties set on a new vertex. If you do not set a key to the partition key value, the vertex does not save.
+ gender|female|
+ tech | java |
+ id|ashley|The unique identifier for the vertex. If you don't specify an id, one is generated for you.
+
+4. Click **New Vertex** again and add an additional new user. Enter a label of *rakesh* then enter the following keys and values:
+
+ key|value|Notes
+ ----|----|----
+ userid | rakesh1979 |Because we created a partitioned graph, the partition key (userid in this tutorial) must be one of the properties set on a new vertex. If you do not set a key to the partition key value, the vertex does not save.
+ gender|male|
+ school|MIT|
+ id|rakesh|The unique identifier for the vertex. If you don't specify an id, one is generated for you.
+
+5. Click **Apply Filter** with the default `g.V()` filter. All of the users now show in the **Results** list. As you add more data, you can use filters to limit your results. By default, Data Explorer uses `g.V()` to retrieve all vertices in a graph, but you can change that to a different [graph query](tutorial-query-graph.md), such as `g.V().count()`, to return a count of all the vertices in the graph in JSON format.
+
+6. Now we connect the users. Ensure **ashley** in selected in the **Results** list, then click the edit button next to **Targets** on lower right side. You may need to widen your window to see the **Properties** area.
+
+ 
+
+7. In the **Target** box type *rakesh*, and in the **Edge label** box type *knows*, and then click the check box.
+
+ 
+
+8. Now select **rakesh** from the results list and you'll see that ashley and rakesh are connected. You can move the vertices around on the graph viewer and zoom in and out.
+
+ 
+
+ You can also use Data Explorer to create stored procedures, UDFs, and triggers to perform server-side business logic as well as scale throughput. Data Explorer exposes all of the built-in programmatic data access available in the APIs, but provides easy access to your data in the Azure portal.
+
## Clone the sample application
-Now let's clone a Graph API (preview) app from github, set the connection string, and run it. You see how easy it is to work with data programmatically.
+Now let's clone a graph app from github, set the connection string, and run it. You see how easy it is to work with data programmatically.
1. Open a git terminal window, such as git bash, and `cd` to a working directory.
@@ -54,20 +107,20 @@ Now let's clone a Graph API (preview) app from github, set the connection string
## Review the code
-Let's make a quick review of what's happening in the app. Open the `Program.java` file and you find that these lines of code.
+Let's make a quick review of what's happening in the app. Open the `Program.java` file from the \src\GetStarted folder and find these lines of code.
* The Gremlin `Client` is initialized from the configuration in `src/remote.yaml`.
```java
- Cluster cluster = Cluster.build(new File("src/remote.yaml")).create();
-
- Client client = cluster.connect();
+ cluster = Cluster.build(new File("src/remote.yaml")).create();
+ ...
+ client = cluster.connect();
```
* A series of Gremlin steps are executed using the `client.submit` method.
```java
- ResultSet results = client.submit("g.V()");
+ ResultSet results = client.submit(gremlin);
CompletableFuture> completableFutureResults = results.all();
List resultList = completableFutureResults.get();
@@ -76,6 +129,7 @@ Let's make a quick review of what's happening in the app. Open the `Program.java
System.out.println(result.toString());
}
```
+
## Update your connection string
1. Open the src/remote.yaml file.
@@ -84,14 +138,14 @@ Let's make a quick review of what's happening in the app. Open the `Program.java
Setting|Suggested value|Description
---|---|---
- Hosts|[***.graphs.azure.com]|See screenshot below. This is the Gremlin URI value on the Overview page of the Azure portal, in square brackets, with the trailing :443/ removed.
This value can also be retrieved from the Keys tab, using the URI value by removing https://, changing documents to graphs, and removing the trailing :443/.
+ Hosts|[***.graphs.azure.com]|See the screenshot following this table. This value is the Gremlin URI value on the Overview page of the Azure portal, in square brackets, with the trailing :443/ removed.
This value can also be retrieved from the Keys tab, using the URI value by removing https://, changing documents to graphs, and removing the trailing :443/.
Port|443|Set to 443.
Username|*Your username*|The resource of the form `/dbs//colls/` where `` is your database name and `` is your collection name.
- Password|*Your primary master key*|See second screenshot below. This is your primary key, which you can retrieve from the Keys page of the Azure portal, in the Primary Key box. Use the copy button on the left side of the box to copy the value.
+ Password|*Your primary master key*|See the second screenshot following this table. This value is your primary key, which you can retrieve from the Keys page of the Azure portal, in the Primary Key box. Use the copy button on the left side of the box to copy the value.
ConnectionPool|{enableSsl: true}|Your connection pool setting for SSL.
Serializer|{ className: org.apache.tinkerpop.gremlin.
driver.ser.GraphSONMessageSerializerV1d0,
config: { serializeResultToString: true }}|Set to this value and delete any `\n` line breaks when pasting in the value.
- For the Hosts value, copy the **Gremlin URI** value from the **Overview** page:
+ For the Hosts value, copy the **Gremlin URI** value from the **Overview** page. If it's empty, see the instructions in the Hosts row above about creating the Gremlin URI from the Keys blade.
For the Password value, copy the **Primary key** from the **Keys** page:
@@ -99,19 +153,13 @@ Let's make a quick review of what's happening in the app. Open the `Program.java
## Run the console app
-1. Run `mvn package` in a terminal to install required Java packages.
-
-2. Run `mvn exec:java -D exec.mainClass=GetStarted.Program` in a terminal to start your Java application.
-
-You can now go back to Data Explorer and see query, modify, and work with this new data.
-
-## Browse using the Data Explorer
+1. In the git terminal window, `cd` to the azure-cosmos-db-graph-java-getting-started folder.
-You can now go back to Data Explorer in the Azure portal and browse and query your new graph data.
+2. In the git terminal window, type `mvn package` to install the required Java packages.
-* In Data Explorer, the new database appears in the Collections pane. Expand **graphdb**, **graphcoll**, and then click **Graph**.
+3. In the git terminal window, run `mvn exec:java -D exec.mainClass=GetStarted.Program` in the terminal window to start your Java application.
- The data generated by the sample app is displayed in the Graphs pane.
+You can now go back to Data Explorer and see query, modify, and work with this new data.
## Review SLAs in the Azure portal
diff --git a/articles/cosmos-db/documentdb-dotnet-application.md b/articles/cosmos-db/documentdb-dotnet-application.md
index 017d703c2573d..770ff88775d1b 100644
--- a/articles/cosmos-db/documentdb-dotnet-application.md
+++ b/articles/cosmos-db/documentdb-dotnet-application.md
@@ -14,9 +14,10 @@ ms.workload: data-services
ms.tgt_pltfrm: na
ms.devlang: dotnet
ms.topic: article
-ms.date: 12/25/2016
+ms.date: 08/03/2017
ms.author: mimig
+
---
# ASP.NET MVC Tutorial: Web application development with Azure Cosmos DB
> [!div class="op_single_selector"]
@@ -29,9 +30,9 @@ ms.author: mimig
To highlight how you can efficiently leverage Azure Cosmos DB to store and query JSON documents, this article provides an end-to-end walk-through showing you how to build a todo app using Azure Cosmos DB. The tasks will be stored as JSON documents in Azure Cosmos DB.
-
+
-This walk-through shows you how to use the Azure Cosmos DB service provided by Azure to store and access data from an ASP.NET MVC web application hosted on Azure. If you're looking for a tutorial that focuses only on Azure Cosmos DB, and not the ASP.NET MVC components, see [Build an Azure Cosmos DB C# console application](documentdb-get-started.md).
+This walk-through shows you how to use the Azure Cosmos DB service to store and access data from an ASP.NET MVC web application hosted on Azure. If you're looking for a tutorial that focuses only on Azure Cosmos DB, and not the ASP.NET MVC components, see [Build an Azure Cosmos DB C# console application](documentdb-get-started.md).
> [!TIP]
> This tutorial assumes that you have prior experience using ASP.NET MVC and Azure Websites. If you are new to ASP.NET or the [prerequisite tools](#_Toc395637760), we recommend downloading the complete sample project from [GitHub][GitHub] and following the instructions in this sample. Once you have it built, you can review this article to gain insight on the code in the context of the project.
@@ -41,18 +42,18 @@ This walk-through shows you how to use the Azure Cosmos DB service provided by A
## Prerequisites for this database tutorial
Before following the instructions in this article, you should ensure that you have the following:
-* An active Azure account. If you don't have an account, you can create a free trial account in just a couple of minutes. For details, see [Azure Free Trial](https://azure.microsoft.com/pricing/free-trial/)
+* An active Azure account. If you don't have an account, you can create a free trial account in just a couple of minutes. For details, see [Azure Free Trial](https://azure.microsoft.com/pricing/free-trial/).
OR
A local installation of the [Azure Cosmos DB Emulator](local-emulator.md).
-* [Visual Studio 2015](http://www.visualstudio.com/) or Visual Studio 2013 Update 4 or higher. If using Visual Studio 2013, you will need to install the [Microsoft.Net.Compilers nuget package](https://www.nuget.org/packages/Microsoft.Net.Compilers/) to add support for C# 6.0.
-* Azure SDK for .NET version 2.5.1 or higher, available through the [Microsoft Web Platform Installer][Microsoft Web Platform Installer].
+* [Visual Studio 2017](http://www.visualstudio.com/).
+* Microsoft Azure SDK for .NET for Visual Studio 2017, available through the Visual Studio Installer.
-All the screen shots in this article have been taken using Visual Studio 2013 with Update 4 applied and the Azure SDK for .NET version 2.5.1. If your system is configured with different versions it is possible that your screens and options won't match entirely, but if you meet the above prerequisites this solution should work.
+All the screen shots in this article have been taken using Microsoft Visual Studio Community 2017. If your system is configured with a different version it is possible that your screens and options won't match entirely, but if you meet the above prerequisites this solution should work.
## Step 1: Create an Azure Cosmos DB database account
-Let's start by creating an Azure Cosmos DB account. If you already have an account or if you are using the Azure Cosmos DB Emulator for this tutorial, you can skip to [Create a new ASP.NET MVC application](#_Toc395637762).
+Let's start by creating an Azure Cosmos DB account. If you already have a SQL (DocumentDB) account for Azure Cosmos DB or if you are using the Azure Cosmos DB Emulator for this tutorial, you can skip to [Create a new ASP.NET MVC application](#_Toc395637762).
[!INCLUDE [create-dbaccount](../../includes/cosmos-db-create-dbaccount.md)]
@@ -62,34 +63,24 @@ Let's start by creating an Azure Cosmos DB account. If you already have an accou
We will now walk through how to create a new ASP.NET MVC application from the ground-up.
## Step 2: Create a new ASP.NET MVC application
-Now that you have an account, let's create our new ASP.NET project.
-1. In Visual Studio, on the **File** menu, point to **New**, and then click **Project**.
-
- The **New Project** dialog box appears.
+1. In Visual Studio, on the **File** menu, point to **New**, and then click **Project**. The **New Project** dialog box appears.
+
2. In the **Project types** pane, expand **Templates**, **Visual C#**, **Web**, and then select **ASP.NET Web Application**.
- 
+ 
3. In the **Name** box, type the name of the project. This tutorial uses the name "todo". If you choose to use something other than this, then wherever this tutorial talks about the todo namespace, you need to adjust the provided code samples to use whatever you named your application.
4. Click **Browse** to navigate to the folder where you would like to create the project, and then click **OK**.
- The **New ASP.NET Project** dialog box appears.
+ The **New ASP.NET Web Application** dialog box appears.
- 
+ 
5. In the templates pane, select **MVC**.
-6. If you plan on hosting your application in Azure then select **Host in the cloud** on the lower right to have Azure host the application. We've selected to host in the cloud, and to run the application hosted in an Azure Website. Selecting this option will preprovision an Azure Website for you and make life a lot easier when it comes time to deploy the final working application. If you want to host this elsewhere or don't want to configure Azure upfront, then just clear **Host in the Cloud**.
-7. Click **OK** and let Visual Studio do its thing around scaffolding the empty ASP.NET MVC template.
- If you receive the error "An error occurred while processing your request" see the [Troubleshooting](#troubleshooting) section.
+6. Click **OK** and let Visual Studio do its thing around scaffolding the empty ASP.NET MVC template.
-8. If you chose to host this in the cloud you will see at least one additional screen asking you to login to your Azure account and provide some values for your new website. Supply all the additional values and continue.
-
- I haven't chosen a "Database server" here because we're not using an Azure SQL Database Server here, we're going to be creating a new Azure Cosmos DB account later on in the Azure Portal.
-
- For more information about choosing an **App Service plan** and **Resource group**, see [Azure App Service plans in-depth overview](../app-service/azure-web-sites-web-hosting-plans-in-depth-overview.md).
-
- 
-9. Once Visual Studio has finished creating the boilerplate MVC application you have an empty ASP.NET application that you can run locally.
+
+7. Once Visual Studio has finished creating the boilerplate MVC application you have an empty ASP.NET application that you can run locally.
We'll skip running the project locally because I'm sure we've all seen the ASP.NET "Hello World" application. Let's go straight to adding Azure Cosmos DB to this project and building our application.
@@ -99,21 +90,22 @@ this solution, let's get to the real purpose of this tutorial, adding Azure Cosm
1. The Azure Cosmos DB .NET SDK is packaged and distributed as a NuGet package. To get the NuGet package in Visual Studio, use the NuGet package manager in Visual Studio by right-clicking on the project in **Solution Explorer** and then clicking **Manage NuGet Packages**.
- 
+ 
The **Manage NuGet Packages** dialog box appears.
-2. In the NuGet **Browse** box, type ***Azure Cosmos DB***.
+2. In the NuGet **Browse** box, type ***Azure DocumentDB***. (The package name has not been updated to Azure Cosmos DB.)
- From the results, install the **Microsoft Azure Cosmos DB Client Library** package. This will download and install the Azure Cosmos DB package as well as all dependencies, like Newtonsoft.Json. Click **OK** in the **Preview** window, and **I Accept** in the **License Acceptance** window to complete the install.
+ From the results, install the **Microsoft.Azure.DocumentDB by Microsoft** package. This will download and install the Azure Cosmos DB package as well as all dependencies, such as Newtonsoft.Json. Click **OK** in the **Preview** window, and **I Accept** in the **License Acceptance** window to complete the install.
- 
+ 
Alternatively you can use the Package Manager Console to install the package. To do so, on the **Tools** menu, click **NuGet Package Manager**, and then click **Package Manager Console**. At the prompt, type the following.
Install-Package Microsoft.Azure.DocumentDB
+
3. Once the package is installed, your Visual Studio solution should resemble the following with two new references added, Microsoft.Azure.Documents.Client and Newtonsoft.Json.
- 
+ 
## Step 4: Set up the ASP.NET MVC application
Now let's add the models, views, and controllers to this MVC application:
@@ -167,14 +159,14 @@ That takes care of the **M**, now let's create the **C** in MVC, a controller cl
The **Add Scaffold** dialog box appears.
2. Select **MVC 5 Controller - Empty** and then click **Add**.
- 
+ 
3. Name your new Controller, **ItemController.**
- 
+ 
Once the file is created, your Visual Studio solution should resemble the following with the new ItemController.cs file in **Solution Explorer**. The new Item.cs file created earlier is also shown.
- 
+ 
You can close ItemController.cs, we'll come back to it later.
@@ -188,16 +180,15 @@ Now, let's create the **V** in MVC, the views:
#### Add an Item Index view
1. In **Solution Explorer**, expand the **Views** folder, right-click the empty **Item** folder that Visual Studio created for you when you added the **ItemController** earlier, click **Add**, and then click **View**.
- 
+ 
2. In the **Add View** dialog box, do the following:
* In the **View name** box, type ***Index***.
* In the **Template** box, select ***List***.
* In the **Model class** box, select ***Item (todo.Models)***.
- * Leave the **Data context class** box empty.
* In the layout page box, type ***~/Views/Shared/_Layout.cshtml***.
- 
+ 
3. Once all these values are set, click **Add** and let Visual Studio create a new template view. Once it is done, it will open the cshtml file that was created. We can close that file in Visual Studio as we will come back to it later.
#### Add a New Item view
@@ -209,10 +200,9 @@ Similar to how we created an **Item Index** view, we will now create a new view
* In the **View name** box, type ***Create***.
* In the **Template** box, select ***Create***.
* In the **Model class** box, select ***Item (todo.Models)***.
- * Leave the **Data context class** box empty.
* In the layout page box, type ***~/Views/Shared/_Layout.cshtml***.
* Click **Add**.
-
+
#### Add an Edit Item view
And finally, add one last view for editing an **Item** in the same way as before.
@@ -222,7 +212,6 @@ And finally, add one last view for editing an **Item** in the same way as before
* In the **View name** box, type ***Edit***.
* In the **Template** box, select ***Edit***.
* In the **Model class** box, select ***Item (todo.Models)***.
- * Leave the **Data context class** box empty.
* In the layout page box, type ***~/Views/Shared/_Layout.cshtml***.
* Click **Add**.
@@ -249,7 +238,8 @@ The first thing to do here is add a class that contains all the logic to connect
using System.Configuration;
using System.Linq.Expressions;
using System.Threading.Tasks;
-
+ using System.Net
+
Now replace this code
public class DocumentDBRepository
@@ -314,7 +304,7 @@ The first thing to do here is add a class that contains all the logic to connect
}
> [!TIP]
- > When creating a new DocumentCollection you can supply an optional RequestOptions parameter of OfferType, which allows you to specify the performance level of the new collection. If this parameter is not passed the default offer type will be used. For more on Azure Cosmos DB offer types please refer to [Azure Cosmos DB Performance Levels](performance-levels.md)
+ > When creating a new DocumentCollection you can supply an optional RequestOptions parameter of OfferType, which allows you to specify the performance level of the new collection. If this parameter is not passed the default offer type will be used. For more on Azure Cosmos DB offer types please refer to [Azure Cosmos DB Performance Levels](performance-levels.md).
>
>
3. We're reading some values from configuration, so open the **Web.config** file of your application and add the following lines under the `` section.
@@ -386,7 +376,7 @@ Now if you run the application, it will call into your **ItemController** which
If you build and run this project now, you should now see something that looks this.
-
+
### Adding Items
Let's put some items into our database so we have something more than an empty grid to look at.
@@ -513,55 +503,48 @@ To test the application on your local machine, do the following:
1. Hit F5 in Visual Studio to build the application in debug mode. It should build the application and launch a browser with the empty grid page we saw before:
- 
+ 
- If you are using Visual Studio 2013 and receive the error "Cannot await in the body of a catch clause." you need to install the [Microsoft.Net.Compilers nuget package](https://www.nuget.org/packages/Microsoft.Net.Compilers/). You can also compare your code against the sample project on [GitHub][GitHub].
+
2. Click the **Create New** link and add values to the **Name** and **Description** fields. Leave the **Completed** check box unselected otherwise the new **Item** will be added in a completed state and will not appear on the initial list.
- 
+ 
3. Click **Create** and you are redirected back to the **Index** view and your **Item** appears in the list.
- 
+ 
Feel free to add a few more **Items** to your todo list.
+
4. Click **Edit** next to an **Item** on the list and you are taken to the **Edit** view where you can update any property of your object, including the **Completed** flag. If you mark the **Complete** flag and click **Save**, the **Item** is removed from the list of incomplete tasks.
- 
+ 
5. Once you've tested the app, press Ctrl+F5 to stop debugging the app. You're ready to deploy!
-## Step 7: Deploy the application to Azure Websites
-Now that you have the complete application working correctly with Azure Cosmos DB we're going to deploy this web app to Azure Websites. If you selected **Host in the cloud** when you created the empty ASP.NET MVC project then Visual Studio makes this really easy and does most of the work for you.
+## Step 7: Deploy the application to Azure App Service
+Now that you have the complete application working correctly with Azure Cosmos DB we're going to deploy this web app to Azure App Service.
1. To publish this application all you need to do is right-click on the project in **Solution Explorer** and click **Publish**.
- 
-2. Everything should already be configured according to your credentials; in fact the website has already been created in Azure for you at the **Destination URL** shown, all you need to do is click **Publish**.
-
- 
+ 
+
+2. In the **Publish** dialog box, click **Microsoft Azure App Service**, then select **Create New** to create an App Service profile, or click **Select Existing** to use an existing profile.
-In a few seconds, Visual Studio will finish publishing your web application and launch a browser where you can see your handy work running in Azure!
+ 
-## Troubleshooting
+3. If you have an existing Azure App Service profile, enter your subscription name. Use the **View** filter to sort by resource group or resource type, then select your Azure App Service.
+
+ 
-If you receive the "An error occurred while processing your request" while trying to deploy the web app, do the following:
+4. To create a new Azure App Service profile, click **Create New** in the **Publish** dialog box. In the **Create App Service** dialog, enter your Web App name and appropriate subscription, resource group, and App Service plan, then click **Create**.
-1. Cancel out of the error message and then select **Microsoft Azure Web Apps** again.
-2. Login and then select **New** to create a new web app.
-3. On the **Create a Web App on Microsoft Azure** screen, do the following:
-
- - Web App name: "todo-net-app"
- - App Service plan: Create new, named "todo-net-app"
- - Resource group: Create new, named "todo-net-app"
- - Region: Select the region closest to your app users
- - Database server: Click no database, then click **Create**.
+ 
+
+In a few seconds, Visual Studio will finish publishing your web application and launch a browser where you can see your handiwork running in Azure!
-4. In the "todo-net-app * screen", click **Validate Connection**. After the connection is verified, **Publish**.
-
- The app then gets displayed on your browser.
## Next steps
-Congratulations! You just built your first ASP.NET MVC web application using Azure Cosmos DB and published it to Azure Websites. The source code for the complete application, including the detail and delete functionality that were not included in this tutorial can be downloaded or cloned from [GitHub][GitHub]. So if you're interested in adding that to your app, grab the code and add it to this app.
+Congratulations! You just built your first ASP.NET MVC web application using Azure Cosmos DB and published it to Azure. The source code for the complete application, including the detail and delete functionality that were not included in this tutorial can be downloaded or cloned from [GitHub][GitHub]. So if you're interested in adding that to your app, grab the code and add it to this app.
To add additional functionality to your application, review the APIs available in the [Azure Cosmos DB .NET Library](/dotnet/api/overview/azure/cosmosdb?view=azure-dotnet) and feel free to contribute to the Azure Cosmos DB .NET Library on [GitHub][GitHub].
diff --git a/articles/cosmos-db/media/create-documentdb-java/console-output.png b/articles/cosmos-db/media/create-documentdb-java/console-output.png
new file mode 100644
index 0000000000000..5d554c3f35d17
Binary files /dev/null and b/articles/cosmos-db/media/create-documentdb-java/console-output.png differ
diff --git a/articles/cosmos-db/media/create-graph-java/azure-cosmosdb-data-explorer-edit-target.png b/articles/cosmos-db/media/create-graph-java/azure-cosmosdb-data-explorer-edit-target.png
new file mode 100644
index 0000000000000..a71ca2ee8f95a
Binary files /dev/null and b/articles/cosmos-db/media/create-graph-java/azure-cosmosdb-data-explorer-edit-target.png differ
diff --git a/articles/cosmos-db/media/create-graph-java/azure-cosmosdb-data-explorer-expanded.png b/articles/cosmos-db/media/create-graph-java/azure-cosmosdb-data-explorer-expanded.png
new file mode 100644
index 0000000000000..b9085a98f2695
Binary files /dev/null and b/articles/cosmos-db/media/create-graph-java/azure-cosmosdb-data-explorer-expanded.png differ
diff --git a/articles/cosmos-db/media/create-graph-java/azure-cosmosdb-data-explorer-new-vertex.png b/articles/cosmos-db/media/create-graph-java/azure-cosmosdb-data-explorer-new-vertex.png
new file mode 100644
index 0000000000000..142401a1b1999
Binary files /dev/null and b/articles/cosmos-db/media/create-graph-java/azure-cosmosdb-data-explorer-new-vertex.png differ
diff --git a/articles/cosmos-db/media/create-graph-java/azure-cosmosdb-data-explorer-set-target.png b/articles/cosmos-db/media/create-graph-java/azure-cosmosdb-data-explorer-set-target.png
new file mode 100644
index 0000000000000..5afc03310681d
Binary files /dev/null and b/articles/cosmos-db/media/create-graph-java/azure-cosmosdb-data-explorer-set-target.png differ
diff --git a/articles/cosmos-db/media/create-graph-java/azure-cosmosdb-graph-explorer.png b/articles/cosmos-db/media/create-graph-java/azure-cosmosdb-graph-explorer.png
new file mode 100644
index 0000000000000..28499762559f4
Binary files /dev/null and b/articles/cosmos-db/media/create-graph-java/azure-cosmosdb-graph-explorer.png differ
diff --git a/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-MVC.png b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-MVC.png
new file mode 100644
index 0000000000000..d6fd34acd78bc
Binary files /dev/null and b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-MVC.png differ
diff --git a/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-add-controller.png b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-add-controller.png
new file mode 100644
index 0000000000000..d1cfd71c418be
Binary files /dev/null and b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-add-controller.png differ
diff --git a/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-add-view-dialog.png b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-add-view-dialog.png
new file mode 100644
index 0000000000000..35c3ba308f617
Binary files /dev/null and b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-add-view-dialog.png differ
diff --git a/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-add-view.png b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-add-view.png
new file mode 100644
index 0000000000000..efa96e688682f
Binary files /dev/null and b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-add-view.png differ
diff --git a/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-added-references.png b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-added-references.png
new file mode 100644
index 0000000000000..d3879b1e39e44
Binary files /dev/null and b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-added-references.png differ
diff --git a/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-app-service.png b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-app-service.png
new file mode 100644
index 0000000000000..1c9fee9b72076
Binary files /dev/null and b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-app-service.png differ
diff --git a/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-completed-item.png b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-completed-item.png
new file mode 100644
index 0000000000000..8a795578ba823
Binary files /dev/null and b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-completed-item.png differ
diff --git a/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-controller-add-scaffold.png b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-controller-add-scaffold.png
new file mode 100644
index 0000000000000..db3743f9ab4d4
Binary files /dev/null and b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-controller-add-scaffold.png differ
diff --git a/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-create-an-item-a.png b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-create-an-item-a.png
new file mode 100644
index 0000000000000..0bb2a751ae58e
Binary files /dev/null and b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-create-an-item-a.png differ
diff --git a/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-create-an-item.png b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-create-an-item.png
new file mode 100644
index 0000000000000..75f23ecf24505
Binary files /dev/null and b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-create-an-item.png differ
diff --git a/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-create-app-service.png b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-create-app-service.png
new file mode 100644
index 0000000000000..3dff058888376
Binary files /dev/null and b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-create-app-service.png differ
diff --git a/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-create-new-item.png b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-create-new-item.png
new file mode 100644
index 0000000000000..51a4e39196bf9
Binary files /dev/null and b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-create-new-item.png differ
diff --git a/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-edit-view.png b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-edit-view.png
new file mode 100644
index 0000000000000..3866f2580895a
Binary files /dev/null and b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-edit-view.png differ
diff --git a/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-edit.png b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-edit.png
new file mode 100644
index 0000000000000..441d4f197f543
Binary files /dev/null and b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-edit.png differ
diff --git a/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-image01.png b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-image01.png
new file mode 100644
index 0000000000000..4e3ff9c5a301b
Binary files /dev/null and b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-image01.png differ
diff --git a/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-index.png b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-index.png
new file mode 100644
index 0000000000000..e81a70ac516ae
Binary files /dev/null and b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-index.png differ
diff --git a/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-install-nuget.png b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-install-nuget.png
new file mode 100644
index 0000000000000..a2b887f22e353
Binary files /dev/null and b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-install-nuget.png differ
diff --git a/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-manage-nuget.png b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-manage-nuget.png
new file mode 100644
index 0000000000000..070daf017cae1
Binary files /dev/null and b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-manage-nuget.png differ
diff --git a/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-new-item-solution-explorer.png b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-new-item-solution-explorer.png
new file mode 100644
index 0000000000000..46db741691586
Binary files /dev/null and b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-new-item-solution-explorer.png differ
diff --git a/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-new-project-dialog.png b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-new-project-dialog.png
new file mode 100644
index 0000000000000..e84466d983daf
Binary files /dev/null and b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-new-project-dialog.png differ
diff --git a/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-publish-to-existing.png b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-publish-to-existing.png
new file mode 100644
index 0000000000000..422c12c76c9e6
Binary files /dev/null and b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-publish-to-existing.png differ
diff --git a/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-publish.png b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-publish.png
new file mode 100644
index 0000000000000..ef0ee60f956da
Binary files /dev/null and b/articles/cosmos-db/media/documentdb-dotnet-application/asp-net-mvc-tutorial-publish.png differ
diff --git a/articles/cosmos-db/media/documentdb-dotnet-application/build-and-run-the-project-now.png b/articles/cosmos-db/media/documentdb-dotnet-application/build-and-run-the-project-now.png
new file mode 100644
index 0000000000000..3ddfe7cadfbdb
Binary files /dev/null and b/articles/cosmos-db/media/documentdb-dotnet-application/build-and-run-the-project-now.png differ
diff --git a/articles/cosmos-db/media/mobile-apps-with-xamarin/cosmos-db-quickstart.png b/articles/cosmos-db/media/mobile-apps-with-xamarin/cosmos-db-quickstart.png
new file mode 100644
index 0000000000000..95f34e270c570
Binary files /dev/null and b/articles/cosmos-db/media/mobile-apps-with-xamarin/cosmos-db-quickstart.png differ
diff --git a/articles/cosmos-db/media/mobile-apps-with-xamarin/cosmos-db-replicate-globally.png b/articles/cosmos-db/media/mobile-apps-with-xamarin/cosmos-db-replicate-globally.png
new file mode 100644
index 0000000000000..159230ea27ab0
Binary files /dev/null and b/articles/cosmos-db/media/mobile-apps-with-xamarin/cosmos-db-replicate-globally.png differ
diff --git a/articles/cosmos-db/tutorial-develop-table-dotnet.md b/articles/cosmos-db/tutorial-develop-table-dotnet.md
index 2d7431dba2435..7f8b207eee0e2 100644
--- a/articles/cosmos-db/tutorial-develop-table-dotnet.md
+++ b/articles/cosmos-db/tutorial-develop-table-dotnet.md
@@ -72,7 +72,8 @@ Let's start by creating an Azure Cosmos DB account in the Azure portal.
> [!TIP]
> * Already have an Azure Cosmos DB account? If so, skip ahead to [Set up your Visual Studio solution](#SetupVS).
> * Did you have an Azure DocumentDB account? If so, your account is now an Azure Cosmos DB account and you can skip ahead to [Set up your Visual Studio solution](#SetupVS).
-> * If you are using the Azure Cosmos DB Emulator, please follow the steps at [Azure Cosmos DB Emulator](local-emulator.md) to setup the emulator and skip ahead to [Set up your Visual Studio Solution](#SetupVS).
+> * If you are using the Azure Cosmos DB Emulator, please follow the steps at [Azure Cosmos DB Emulator](local-emulator.md) to setup the emulator and skip ahead to [Set up your Visual Studio Solution](#SetupVS).
+
>
>
diff --git a/articles/data-lake-store/data-lake-store-get-started-portal.md b/articles/data-lake-store/data-lake-store-get-started-portal.md
index 065feedf57f0e..d5511d1729f44 100644
--- a/articles/data-lake-store/data-lake-store-get-started-portal.md
+++ b/articles/data-lake-store/data-lake-store-get-started-portal.md
@@ -17,7 +17,7 @@ ms.date: 05/06/2017
ms.author: nitinme
---
-# Get started with Azure Data Lake Store using the Azure Portal
+# Get started with Azure Data Lake Store using the Azure portal
> [!div class="op_single_selector"]
> * [Portal](data-lake-store-get-started-portal.md)
> * [PowerShell](data-lake-store-get-started-powershell.md)
@@ -30,23 +30,23 @@ ms.author: nitinme
>
>
-Learn how to use the Azure Portal to create an Azure Data Lake Store account and perform basic operations such as create folders, upload and download data files, delete your account, etc. For more information about Data Lake Store, see [Overview of Azure Data Lake Store](data-lake-store-overview.md).
+Learn how to use the Azure portal to create an Azure Data Lake Store account and perform basic operations such as create folders, upload, and download data files, delete your account, etc. For more information, see [Overview of Azure Data Lake Store](data-lake-store-overview.md).
-## Prerequisites
-Before you begin this tutorial, you must have the following:
-
-* **An Azure subscription**. See [Get Azure free trial](https://azure.microsoft.com/pricing/free-trial/).
-
-## Do you learn faster with videos?
-Watch the following videos to get started with Data Lake Store.
+The following two videos contain the same information as described in this article:
* [Create a Data Lake Store account](https://mix.office.com/watch/1k1cycy4l4gen)
* [Manage data in Data Lake Store using the Data Explorer](https://mix.office.com/watch/icletrxrh6pc)
+## Prerequisites
+Before you begin this tutorial, you must have the following items:
+
+* **An Azure subscription**. See [Get Azure free trial](https://azure.microsoft.com/pricing/free-trial/).
+
## Create an Azure Data Lake Store account
-1. Sign on to the new [Azure Portal](https://portal.azure.com).
+
+1. Sign on to the new [Azure portal](https://portal.azure.com).
2. Click **NEW**, click **Data + Storage**, and then click **Azure Data Lake Store**. Read the information in the **Azure Data Lake Store** blade, and then click **Create** in the bottom left corner of the blade.
-3. In the **New Data Lake Store** blade, provide the values as shown in the screen capture below:
+3. In the **New Data Lake Store** blade, provide the values as shown in the following screenshot:
@@ -54,25 +54,27 @@ Watch the following videos to get started with Data Lake Store.
* **Subscription**. Select the subscription under which you want to create a new Data Lake Store account.
* **Resource Group**. Select an existing resource group, or select the **Create new** option to create one. A resource group is a container that holds related resources for an application. For more information, see [Resource Groups in Azure](../azure-resource-manager/resource-group-overview.md#resource-groups).
* **Location**: Select a location where you want to create the Data Lake Store account.
- * **Encryption Settings**. You can choose whether you want to encrypt your Data Lake Store account. If you choose to encrypt, you can also specify how to manage the master encryption key that you want to use for encrypting the data in your account.
+ * **Encryption Settings**. There are three options:
- * (Optional) Select **Do not enable encryption** from the drop-down to opt out of encryption.
- * (Default) Select **Use keys managed by Azure Data Lake** if you want Azure Data Lake Store to manage your encryption keys.
-
- 
- * (Optional) Select **Choose keys from Azure Key Vault** if you want to use your own keys present in your Azure Key Vault. With this option, you can also create a Key Vault account and keys if you do not already have one.
+ * **Do not enable encryption**.
+ * **Use keys managed by Azure Data Lake**. if you want Azure Data Lake Store to manage your encryption keys.
+ * **Choose keys from Azure Key Vault**. You can select an existing Azure Key Vault or create a new Key Vault. To use the keys from a Key Vault, you must assign permissions for the Azure Data Lake Store account to access the Azure Key Vault. For the instructions, see [Assign permissions to Azure Key Vault](#assign-permissions-to-azure-key-vault).
- 
+ 
- Click **OK** in the **Encryption Settings** blade.
-
- > [!NOTE]
- > If you use the keys from an Azure Key Vault to configure encryption for the Data Lake Store account, you must assign permissions for the Azure Data Lake Store account to access the Azure Key Vault. For instructions on how to do this, see [Assign permissions to the Azure Key Vault](#assign-permissions-to-the-azure-key-vault)
- >
- >
+ Click **OK** in the **Encryption Settings** blade.
+
+ For more information, see [Encryption of data in Azure Data Lake Store](./data-lake-store-encryption.md).
+
4. Click **Create**. If you chose to pin the account to the dashboard, you are taken back to the dashboard and you can see the progress of your Data Lake Store account provisioning. Once the Data Lake Store account is provisioned, the account blade shows up.
-## Assign permissions to the Azure Key Vault
+You can also create a Data Lake Store account using Azure Resource Manager templates. These templates are accessible from [Azure QuickStart Templates](https://azure.microsoft.com/resources/templates/?term=data+lake+store):
+
+- Without data encryption: [Deploy Azure Data Lake Store account with no data encryption](https://azure.microsoft.com/en-us/resources/templates/101-data-lake-store-no-encryption/).
+- With data encryption using Data Lake Store: [Deploy Data Lake Store account with encryption(Data Lake)](https://azure.microsoft.com/resources/templates/101-data-lake-store-encryption-adls/).
+- With data encryption using Azure Key Vault: [Deploy Data Lake Store account with encryption(Key Vault)](https://azure.microsoft.com/resources/templates/101-data-lake-store-encryption-key-vault/).
+
+### Assign permissions to Azure Key Vault
If you used keys from an Azure Key Vault to configure encryption on the Data Lake Store account, you must configure access between the Data Lake Store account and the Azure Key Vault account. Perform the following steps to do so.
1. If you used keys from the Azure Key Vault, the blade for the Data Lake Store account displays a warning at the top. Click the warning to open the **Configure Key Vault Permissions** blade.
@@ -86,7 +88,7 @@ If you used keys from an Azure Key Vault to configure encryption on the Data Lak
## Create folders in Azure Data Lake Store account
You can create folders under your Data Lake Store account to manage and store data.
-1. Open the Data Lake Store account that you just created. From the left pane, click **Browse**, click **Data Lake Store**, and then from the Data Lake Store blade, click the account name under which you want to create folders. If you pinned the account to the startboard, click that account tile.
+1. Open the Data Lake Store account that you created. From the left pane, click **Browse**, click **Data Lake Store**, and then from the Data Lake Store blade, click the account name under which you want to create folders. If you pinned the account to the startboard, click that account tile.
2. In your Data Lake Store account blade, click **Data Explorer**.
@@ -94,19 +96,19 @@ You can create folders under your Data Lake Store account to manage and store da
- The newly created folder will be listed in the **Data Explorer** blade. You can create nested folders upto any level.
+ The newly created folder is listed in the **Data Explorer** blade. You can create nested folders upto any level.
## Upload data to Azure Data Lake Store account
-You can upload your data to an Azure Data Lake Store account directly at the root level or to a folder that you created within the account. In the screen capture below, follow the steps to upload a file to a sub-folder from the **Data Explorer** blade. In this screen capture, the file is uploaded to a sub-folder shown in the breadcrumbs (marked in a red box).
+You can upload your data to an Azure Data Lake Store account directly at the root level or to a folder that you created within the account. In the following screenshot, follow the steps to upload a file to a subfolder from the **Data Explorer** blade. In this screen capture, the file is uploaded to a subfolder shown in the breadcrumbs (marked in a red box).
If you are looking for some sample data to upload, you can get the **Ambulance Data** folder from the [Azure Data Lake Git Repository](https://github.com/MicrosoftBigData/usql/tree/master/Examples/Samples/Data/AmbulanceData).
## Properties and actions available on the stored data
-Click the newly added file to open the **Properties** blade. The properties associated with the file and the actions you can perform on the file are available in this blade. You can also copy the full path to file in your Azure Data Lake Store account, highlighted in the red box in the screen capture below.
+Click the newly added file to open the **Properties** blade. The properties associated with the file and the actions you can perform on the file are available in this blade. You can also copy the full path to file in your Azure Data Lake Store account, highlighted in the red box in the following screenshot:
diff --git a/articles/expressroute/expressroute-locations.md b/articles/expressroute/expressroute-locations.md
index ce27f2435fffc..cfacff789f683 100644
--- a/articles/expressroute/expressroute-locations.md
+++ b/articles/expressroute/expressroute-locations.md
@@ -12,7 +12,7 @@ ms.devlang: na
ms.topic: get-started-article
ms.tgt_pltfrm: na
ms.workload: infrastructure-services
-ms.date: 07/26/2017
+ms.date: 08/01/2017
ms.author: kaanan
---
@@ -90,7 +90,7 @@ The following table shows locations by service provider. If you want to view ava
| **Jisc** |Supported |Supported |London |
| **KINX** |Supported |Supported |Seoul |
| **[KPN](http://www.kpn.com/cloudconnect)** | Supported | Supported | Amsterdam |
-| **[Level 3 Communications](http://your.level3.com/LP=882?WT.tsrc=02192014LP882AzureVanityAzureText)** |Supported |Supported |Amsterdam, Chicago, Dallas, Las Vegas+, London, Sao Paulo, Seattle, Silicon Valley, Singapore, Washington DC |
+| **[Level 3 Communications](http://your.level3.com/LP=882?WT.tsrc=02192014LP882AzureVanityAzureText)** |Supported |Supported |Amsterdam, Chicago, Dallas, Las Vegas, London, Sao Paulo, Seattle, Silicon Valley, Singapore, Washington DC |
| **LG CNS** |Supported |Supported |Busan |
| **[Megaport](https://www.megaport.com/services/microsoft-expressroute/)** |Supported |Supported |Amsterdam, Chicago, Dallas, Hong Kong, Las Vegas, London, Los Angeles, Melbourne, Miami, New York, Quebec City, San Antonio, Seattle, Silicon Valley, Singapore, Sydney, Toronto, Washington DC |
| **MTN** |Supported |Supported |London |
@@ -144,6 +144,7 @@ To learn more, see [ExpressRoute in China](http://www.windowsazure.cn/home/featu
| **[e-shelter](https://www.e-shelter.de/en/microsoft-expressroutetm)** |Supported |Not Supported |Berlin |
| **Interxion** |Supported |Not Supported |Frankfurt |
| **[Megaport](https://www.megaport.com/services/microsoft-expressroute/)** |Supported | Not Supported | Berlin |
+| **T-Systems** |Supported |Not Supported |Berlin |
## Connectivity Through Exchange Providers
diff --git a/articles/hdinsight/hdinsight-hadoop-create-linux-clusters-with-secure-transfer-storage.md b/articles/hdinsight/hdinsight-hadoop-create-linux-clusters-with-secure-transfer-storage.md
index e44f37942c434..85de26784b9d4 100644
--- a/articles/hdinsight/hdinsight-hadoop-create-linux-clusters-with-secure-transfer-storage.md
+++ b/articles/hdinsight/hdinsight-hadoop-create-linux-clusters-with-secure-transfer-storage.md
@@ -15,7 +15,7 @@ ms.devlang: na
ms.topic: hero-article
ms.tgt_pltfrm: na
ms.workload: big-data
-ms.date: 08/02/2017
+ms.date: 08/07/2017
ms.author: jgao
---
@@ -37,11 +37,11 @@ Before you begin this tutorial, you must have:
[!INCLUDE [delete-cluster-warning](../../includes/hdinsight-delete-cluster-warning.md)]
-In this section, you create a Hadoop cluster in HDInsight using an [Azure Resource Manager template](../azure-resource-manager/resource-group-template-deploy.md). The template is located in a [public container](https://hditutorialdata.blob.core.windows.net/securetransfer/azuredeploy-new.json). Resource Manager template experience is not required for following this tutorial. For other cluster creation methods and understanding the properties used in this tutorial, see [Create HDInsight clusters](hdinsight-hadoop-provision-linux-clusters.md).
+In this section, you create a Hadoop cluster in HDInsight using an [Azure Resource Manager template](../azure-resource-manager/resource-group-template-deploy.md). The template is located in [Gibhub](https://azure.microsoft.com/resources/templates/101-hdinsight-linux-with-existing-default-storage-account/). Resource Manager template experience is not required for following this tutorial. For other cluster creation methods and understanding the properties used in this tutorial, see [Create HDInsight clusters](hdinsight-hadoop-provision-linux-clusters.md).
1. Click the following image to sign in to Azure and open the Resource Manager template in the Azure portal.
- 
+
2. Follow the instructions to create the cluster with the following specifications:
diff --git a/articles/log-analytics/log-analytics-azure-storage.md b/articles/log-analytics/log-analytics-azure-storage.md
index f786ed9889594..697c51076fe06 100644
--- a/articles/log-analytics/log-analytics-azure-storage.md
+++ b/articles/log-analytics/log-analytics-azure-storage.md
@@ -66,7 +66,7 @@ Many Azure resources are able to write diagnostic logs and metrics directly to L
Azure resources that support [Azure monitor](../monitoring-and-diagnostics/monitoring-overview.md) can send their logs and metrics directly to Log Analytics.
* For the details of the available metrics, refer to [supported metrics with Azure Monitor](../monitoring-and-diagnostics/monitoring-supported-metrics.md).
-* For the details of the available logs, refer to [supported services and schema for diagnostic logs](../monitoring-and-diagnostics/monitoring-overview-of-diagnostic-logs.md#supported-services-and-schema-for-diagnostic-logs).
+* For the details of the available logs, refer to [supported services and schema for diagnostic logs](../monitoring-and-diagnostics/monitoring-overview-of-diagnostic-logs.md#supported-services-and-schema-for-resource-diagnostic-logs).
### Enable diagnostics with PowerShell
You need the November 2016 (v2.3.0) or later release of [Azure PowerShell](/powershell/azure/overview).
diff --git a/articles/log-analytics/log-analytics-manage-access.md b/articles/log-analytics/log-analytics-manage-access.md
index 55c0d8c031cda..53bb6ca495f53 100644
--- a/articles/log-analytics/log-analytics-manage-access.md
+++ b/articles/log-analytics/log-analytics-manage-access.md
@@ -12,7 +12,7 @@ ms.workload: na
ms.tgt_pltfrm: na
ms.devlang: na
ms.topic: get-started-article
-ms.date: 04/12/2017
+ms.date: 08/06/2017
ms.author: magoedte
---
@@ -102,7 +102,60 @@ The following activities also require Azure permissions:
### Managing access to Log Analytics using Azure permissions
To grant access to the Log Analytics workspace using Azure permissions, follow the steps in [use role assignments to manage access to your Azure subscription resources](../active-directory/role-based-access-control-configure.md).
-If you have at least Azure read permission on the Log Analytics workspace, you can open the OMS portal by clicking the **OMS Portal** task when viewing the Log Analytics workspace.
+Azure has two built-in user roles for Log Analytics:
+- Log Analytics Reader
+- Log Analytics Contributor
+
+Members of the *Log Analytics Reader* role can:
+- View and search all monitoring data
+- View monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.
+
+| Type | Permission | Description |
+| ------- | ---------- | ----------- |
+| Action | `*/read` | Ability to view all resources and resource configuration. Includes viewing:
Virtual machine extension status
Configuration of Azure diagnostics on resources
All properties and settings of all resources |
+| Action | `Microsoft.OperationalInsights/workspaces/analytics/query/action` | Ability to perform Log Search v2 queries |
+| Action | `Microsoft.OperationalInsights/workspaces/search/action` | Ability to perform Log Search v1 queries |
+| Action | `Microsoft.Support/*` | Ability to open support cases |
+|Not Action | `Microsoft.OperationalInsights/workspaces/sharedKeys/read` | Prevents reading of workspace key required to use the data collection API and to install agents |
+
+
+Members of the *Log Analytics Contributor* role can:
+- Read all monitoring data
+- Creating and configuring Automation accounts
+- Adding and removing management solutions
+- Reading storage account keys
+- Configure collection of logs from Azure Storage
+- Edit monitoring settings for Azure resources, including
+ - Adding the VM extension to VMs
+ - Configuring Azure diagnostics on all Azure resources
+
+> [!NOTE]
+> You can use the ability to add a virtual machine extension to a virtual machine to gain full control over a virtual machine.
+
+| Permission | Description |
+| ---------- | ----------- |
+| `*/read` | Ability to view all resources and resource configuration. Includes viewing:
Virtual machine extension status
Configuration of Azure diagnostics on resources
All properties and settings of all resources |
+| `Microsoft.Automation/automationAccounts/*` | Ability to create and configure Azure Automation accounts, including adding and editing runbooks |
+| `Microsoft.ClassicCompute/virtualMachines/extensions/*`
`Microsoft.Compute/virtualMachines/extensions/*` | Add, update and remove virtual machine extensions, including the Microsoft Monitoring Agent extension and the OMS Agent for Linux extension |
+| `Microsoft.ClassicStorage/storageAccounts/listKeys/action`
`Microsoft.Storage/storageAccounts/listKeys/action` | View the storage account key. Required to configure Log Analytics to read logs from Azure storage accounts |
+| `Microsoft.Insights/alertRules/*` | Add, update, and remove alert rules |
+| `Microsoft.Insights/diagnosticSettings/*` | Add, update, and remove diagnostics settings on Azure resources |
+| `Microsoft.OperationalInsights/*` | Add, update, and remove configuration for Log Analytics workspaces |
+| `Microsoft.OperationsManagement/*` | Add and remove management solutions |
+| `Microsoft.Resources/deployments/*` | Create and delete deployments. Required for adding and removing solutions, workspaces, and automation accounts |
+| `Microsoft.Resources/subscriptions/resourcegroups/deployments/*` | Create and delete deployments. Required for adding and removing solutions, workspaces, and automation accounts |
+
+To add and remove users to a user role, it is necessary to have `Microsoft.Authorization/*/Delete` and `Microsoft.Authorization/*/Write` permission.
+
+Use these roles to give users access at different scopes:
+- Subscription - Access to all workspaces in the subscription
+- Resource Group - Access to all workspace in the resource group
+- Resource - Access to only the specified workspace
+
+Use [custom roles](../active-directory/role-based-access-control-custom-roles.md) to create roles with the specific permissions needed.
+
+### Azure user roles and Log Analytics portal user roles
+If you have at least Azure read permission on the Log Analytics workspace, you can open the Log Analytics portal by clicking the **OMS Portal** task when viewing the Log Analytics workspace.
When opening the Log Analytics portal, you switch to using the legacy Log Analytics user roles. If you do not have a role assignment in the Log Analytics portal, the service [checks the Azure permissions you have on the workspace](https://docs.microsoft.com/rest/api/authorization/permissions#Permissions_ListForResource).
Your role assignment in the Log Analytics portal is determined using as follows:
@@ -190,7 +243,7 @@ Use the following steps to remove a user from a workspace. Removing the user doe
4. Select the group in the list results and then click **Add**.
## Link an existing workspace to an Azure subscription
-All workspaces created after September 26, 2016 must be linked to an Azure subscription at creation time. Workspaces created before this date must be linked to a workspace when you next sign in. When you create the workspace from the Azure portal, or when you link your workspace to an Azure subscription, your Azure Active Directory is linked as your organizational account.
+All workspaces created after September 26, 2016 must be linked to an Azure subscription at creation time. Workspaces created before this date must be linked to a workspace when you sign in. When you create the workspace from the Azure portal, or when you link your workspace to an Azure subscription, your Azure Active Directory is linked as your organizational account.
### To link a workspace to an Azure subscription in the OMS portal
diff --git a/articles/log-analytics/log-analytics-powershell-workspace-configuration.md b/articles/log-analytics/log-analytics-powershell-workspace-configuration.md
index acb14714e8c13..04da95b64bd7e 100644
--- a/articles/log-analytics/log-analytics-powershell-workspace-configuration.md
+++ b/articles/log-analytics/log-analytics-powershell-workspace-configuration.md
@@ -209,7 +209,7 @@ For agentless monitoring of Azure resources, the resources need to have Azure di
For the details of the available metrics, refer to [supported metrics with Azure Monitor](../monitoring-and-diagnostics/monitoring-supported-metrics.md).
-For the details of the available logs, refer to [supported services and schema for diagnostic logs](../monitoring-and-diagnostics/monitoring-overview-of-diagnostic-logs.md#supported-services-and-schema-for-diagnostic-logs).
+For the details of the available logs, refer to [supported services and schema for diagnostic logs](../monitoring-and-diagnostics/monitoring-overview-of-diagnostic-logs.md#supported-services-and-schema-for-resource-diagnostic-logs).
```
$workspaceId = "/subscriptions/d2e37fee-1234-40b2-5678-0b2199de3b50/resourcegroups/oi-default-east-us/providers/microsoft.operationalinsights/workspaces/rollingbaskets"
diff --git a/articles/marketplace/seller-guide/cloud-partner-portal-seller-guide.md b/articles/marketplace/seller-guide/cloud-partner-portal-seller-guide.md
index 39d111c6b7578..020a9d210714d 100644
--- a/articles/marketplace/seller-guide/cloud-partner-portal-seller-guide.md
+++ b/articles/marketplace/seller-guide/cloud-partner-portal-seller-guide.md
@@ -211,7 +211,7 @@ The Marketplace offers reports on your orders, usage, and customers that are acc
- Trending offers
- Marketplace license type
-Detailed reports show customer information, like company name and geographic location down to the postal code, so you can comp your sellers. The following list includes the specific attributes we provide about your customers:
+Detailed reports show customer information, like company name and geographic location down to the postal code, so you can compare your customers. The following list includes the specific attributes we provide about your customers:
- Reseller
- FirstName
diff --git a/articles/monitoring-and-diagnostics/monitoring-archive-activity-log.md b/articles/monitoring-and-diagnostics/monitoring-archive-activity-log.md
index 6ee1e515fac3a..c7ba684dc7b22 100644
--- a/articles/monitoring-and-diagnostics/monitoring-archive-activity-log.md
+++ b/articles/monitoring-and-diagnostics/monitoring-archive-activity-log.md
@@ -24,7 +24,7 @@ In this article, we show how you can use the Azure portal, PowerShell Cmdlets, o
Before you begin, you need to [create a storage account](../storage/storage-create-storage-account.md#create-a-storage-account) to which you can archive your Activity Log. We highly recommend that you do not use an existing storage account that has other, non-monitoring data stored in it so that you can better control access to monitoring data. However, if you are also archiving Diagnostic Logs and metrics to a storage account, it may make sense to use that storage account for your Activity Log as well to keep all monitoring data in a central location. The storage account you use must be a general purpose storage account, not a blob storage account. The storage account does not have to be in the same subscription as the subscription emitting logs as long as the user who configures the setting has appropriate RBAC access to both subscriptions.
## Log Profile
-To archive the Activity Log using any of the methods below, you set the **Log Profile** for a subscription. The Log Profile defines the type of events that are stored or streamed and the outputs—storage account and/or event hub. It also defines the retention policy (number of days to retain) for events stored in a storage account. If the retention policy is set to zero, events are stored indefinitely. Otherwise, this can be set to any value between 1 and 2147483647. Retention policies are applied per-day, so at the end of a day (UTC), logs from the day that is now beyond the retention policy will be deleted. For example, if you had a retention policy of one day, at the beginning of the day today the logs from the day before yesterday would be deleted. [You can read more about log profiles here](monitoring-overview-activity-logs.md#export-the-activity-log-with-log-profiles).
+To archive the Activity Log using any of the methods below, you set the **Log Profile** for a subscription. The Log Profile defines the type of events that are stored or streamed and the outputs—storage account and/or event hub. It also defines the retention policy (number of days to retain) for events stored in a storage account. If the retention policy is set to zero, events are stored indefinitely. Otherwise, this can be set to any value between 1 and 2147483647. Retention policies are applied per-day, so at the end of a day (UTC), logs from the day that is now beyond the retention policy will be deleted. For example, if you had a retention policy of one day, at the beginning of the day today the logs from the day before yesterday would be deleted. [You can read more about log profiles here](monitoring-overview-activity-logs.md#export-the-activity-log-with-a-log-profile).
## Archive the Activity Log using the portal
1. In the portal, click the **Activity Log** link on the left-side navigation. If you don’t see a link for the Activity Log, click the **More Services** link first.
diff --git a/articles/monitoring-and-diagnostics/monitoring-archive-diagnostic-logs.md b/articles/monitoring-and-diagnostics/monitoring-archive-diagnostic-logs.md
index 1ac6c21a85ce5..720f5bfabcf09 100644
--- a/articles/monitoring-and-diagnostics/monitoring-archive-diagnostic-logs.md
+++ b/articles/monitoring-and-diagnostics/monitoring-archive-diagnostic-logs.md
@@ -24,7 +24,7 @@ In this article, we show how you can use the Azure portal, PowerShell Cmdlets, C
Before you begin, you need to [create a storage account](../storage/storage-create-storage-account.md#create-a-storage-account) to which you can archive your Diagnostic Logs. We highly recommend that you do not use an existing storage account that has other, non-monitoring data stored in it so that you can better control access to monitoring data. However, if you are also archiving your Activity Log and diagnostic metrics to a storage account, it may make sense to use that storage account for your Diagnostic Logs as well to keep all monitoring data in a central location. The storage account you use must be a general purpose storage account, not a blob storage account.
## Diagnostic Settings
-To archive your Diagnostic Logs using any of the methods below, you set a **Diagnostic Setting** for a particular resource. A diagnostic setting for a resource defines the categories of logs that are that are stored or streamed and the outputs—storage account and/or event hub. It also defines the retention policy (number of days to retain) for events of each log category stored in a storage account. If a retention policy is set to zero, events for that log category are stored indefinitely (that is to say, forever). A retention policy can otherwise be any number of days between 1 and 2147483647. [You can read more about diagnostic settings here](monitoring-overview-of-diagnostic-logs.md#diagnostic-settings). Retention policies are applied per-day, so at the end of a day (UTC), logs from the day that is now beyond the retention policy will be deleted. For example, if you had a retention policy of one day, at the beginning of the day today the logs from the day before yesterday would be deleted
+To archive your Diagnostic Logs using any of the methods below, you set a **Diagnostic Setting** for a particular resource. A diagnostic setting for a resource defines the categories of logs that are that are stored or streamed and the outputs—storage account and/or event hub. It also defines the retention policy (number of days to retain) for events of each log category stored in a storage account. If a retention policy is set to zero, events for that log category are stored indefinitely (that is to say, forever). A retention policy can otherwise be any number of days between 1 and 2147483647. [You can read more about diagnostic settings here](monitoring-overview-of-diagnostic-logs.md#resource-diagnostic-settings). Retention policies are applied per-day, so at the end of a day (UTC), logs from the day that is now beyond the retention policy will be deleted. For example, if you had a retention policy of one day, at the beginning of the day today the logs from the day before yesterday would be deleted
## Archive Diagnostic Logs using the portal
1. In the portal, click into the resource blade for the resource on which you would like to enable archival of Diagnostic Logs.
diff --git a/articles/monitoring-and-diagnostics/monitoring-data-sources.md b/articles/monitoring-and-diagnostics/monitoring-data-sources.md
index 54a697f4f3ff1..41f36a55d6338 100644
--- a/articles/monitoring-and-diagnostics/monitoring-data-sources.md
+++ b/articles/monitoring-and-diagnostics/monitoring-data-sources.md
@@ -25,13 +25,13 @@ Across the Azure platform, we are bringing together monitoring data in a single
| Data type | Category | Supported Services | Methods of access |
| --- | --- | --- | --- |
-| Azure Monitor platform-level metrics | Metrics | [See list here](monitoring-supported-metrics.md) | - **REST API:** [Azure Monitor Metric API](https://docs.microsoft.com/rest/api/monitor/metrics)
- **Storage blob or event hub:** [Diagnostic Settings](monitoring-overview-of-diagnostic-logs.md#diagnostic-settings)
|
+| Azure Monitor platform-level metrics | Metrics | [See list here](monitoring-supported-metrics.md) | - **REST API:** [Azure Monitor Metric API](https://docs.microsoft.com/rest/api/monitor/metrics)
- **Storage blob or event hub:** [Diagnostic Settings](monitoring-overview-of-diagnostic-logs.md#resource-diagnostic-settings)
|
| Compute guest OS metrics (eg. perf counters) | Metrics | [Windows](../virtual-machines-dotnet-diagnostics.md) and Linux Virtual Machines (v2), [Cloud Services](../cloud-services/cloud-services-dotnet-diagnostics-trace-flow.md), [Service Fabric](../service-fabric/service-fabric-diagnostics-how-to-monitor-and-diagnose-services-locally.md) | - **Storage table or blob:** [Windows or Linux Azure diagnostics](../cloud-services/cloud-services-dotnet-diagnostics-storage.md)
- **Event hub:** [Windows Azure diagnostics](../event-hubs/event-hubs-streaming-azure-diags-data.md)
|
| Custom or application metrics | Metrics | Any application instrumented with Application Insights | - **REST API:** [Application Insights REST API](https://dev.applicationinsights.io/reference)
|
| Storage metrics | Metrics | Azure Storage | - **Storage table:** [Storage Analytics](https://docs.microsoft.com/rest/api/storageservices/storage-analytics)
|
| Billing data | Metrics | All Azure services | - **REST API:** [Azure Resource Usage and RateCard APIs](../billing/billing-usage-rate-card-overview.md)
|
-| Activity Log | Events | All Azure services | - **REST API:** [Azure Monitor Events API](https://docs.microsoft.com/rest/api/monitor/events)
- **Storage blob or event hub:** [Log Profile](monitoring-overview-activity-logs.md#export-the-activity-log-with-log-profiles)
|
-| Azure Monitor Diagnostic Logs | Events | [See list here](monitoring-overview-of-diagnostic-logs.md#supported-services-and-schema-for-diagnostic-logs) | - **Storage blob or event hub:** [Diagnostic Settings](monitoring-overview-of-diagnostic-logs.md#diagnostic-settings)
|
+| Activity Log | Events | All Azure services | - **REST API:** [Azure Monitor Events API](https://docs.microsoft.com/rest/api/monitor/events)
- **Storage blob or event hub:** [Log Profile](monitoring-overview-activity-logs.md#export-the-activity-log-with-a-log-profile)
|
+| Azure Monitor Diagnostic Logs | Events | [See list here](monitoring-overview-of-diagnostic-logs.md#supported-services-and-schema-for-resource-diagnostic-logs) | - **Storage blob or event hub:** [Diagnostic Settings](monitoring-overview-of-diagnostic-logs.md#resource-diagnostic-settings)
|
| Compute guest OS logs (eg. IIS, ETW, syslogs) | Events | [Windows](../virtual-machines-dotnet-diagnostics.md) and Linux Virtual Machines (v2), [Cloud Services](../cloud-services/cloud-services-dotnet-diagnostics-trace-flow.md), [Service Fabric](../service-fabric/service-fabric-diagnostics-how-to-monitor-and-diagnose-services-locally.md) | - **Storage table or blob:** [Windows or Linux Azure diagnostics](../cloud-services/cloud-services-dotnet-diagnostics-storage.md)
- **Event hub:** [Windows Azure diagnostics](../event-hubs/event-hubs-streaming-azure-diags-data.md)
|
| App Service logs | Events | App services | - **File, table, or blob storage:** [Web app diagnostics](../app-service-web/web-sites-enable-diagnostic-log.md)
|
| Storage logs | Events | Azure Storage | - **Storage table:** [Storage Analytics](https://docs.microsoft.com/rest/api/storageservices/storage-analytics)
|
diff --git a/articles/monitoring-and-diagnostics/monitoring-enable-diagnostic-logs-using-template.md b/articles/monitoring-and-diagnostics/monitoring-enable-diagnostic-logs-using-template.md
index c86ebec6601d0..057c4c9e1d332 100644
--- a/articles/monitoring-and-diagnostics/monitoring-enable-diagnostic-logs-using-template.md
+++ b/articles/monitoring-and-diagnostics/monitoring-enable-diagnostic-logs-using-template.md
@@ -22,7 +22,7 @@ In this article we show how you can use an [Azure Resource Manager template](../
The method for enabling Diagnostic Logs using a Resource Manager template depends on the resource type.
-* **Non-Compute** resources (for example, Network Security Groups, Logic Apps, Automation) use [Diagnostic Settings described in this article](monitoring-overview-of-diagnostic-logs.md#diagnostic-settings).
+* **Non-Compute** resources (for example, Network Security Groups, Logic Apps, Automation) use [Diagnostic Settings described in this article](monitoring-overview-of-diagnostic-logs.md#resource-diagnostic-settings).
* **Compute** (WAD/LAD-based) resources use the [WAD/LAD configuration file described in this article](../vs-azure-tools-diagnostics-for-cloud-services-and-virtual-machines.md).
In this article we describe how to configure diagnostics using either method.
diff --git a/articles/monitoring-and-diagnostics/monitoring-roles-permissions-security.md b/articles/monitoring-and-diagnostics/monitoring-roles-permissions-security.md
index b0059a5193e49..87a822672a652 100644
--- a/articles/monitoring-and-diagnostics/monitoring-roles-permissions-security.md
+++ b/articles/monitoring-and-diagnostics/monitoring-roles-permissions-security.md
@@ -29,8 +29,8 @@ People assigned the Monitoring Reader role can view all monitoring data in a sub
* View monitoring dashboards in the portal and create their own private monitoring dashboards.
* Query for metrics using the [Azure Monitor REST API](https://msdn.microsoft.com/library/azure/dn931930.aspx), [PowerShell cmdlets](insights-powershell-samples.md), or [cross-platform CLI](insights-cli-samples.md).
* Query the Activity Log using the portal, Azure Monitor REST API, PowerShell cmdlets, or cross-platform CLI.
-* View the [diagnostic settings](monitoring-overview-of-diagnostic-logs.md#diagnostic-settings) for a resource.
-* View the [log profile](monitoring-overview-activity-logs.md#export-the-activity-log-with-log-profiles) for a subscription.
+* View the [diagnostic settings](monitoring-overview-of-diagnostic-logs.md#resource-diagnostic-settings) for a resource.
+* View the [log profile](monitoring-overview-activity-logs.md#export-the-activity-log-with-a-log-profile) for a subscription.
* View autoscale settings.
* View alert activity and settings.
* Access Application Insights data and view data in AI Analytics.
@@ -50,8 +50,8 @@ People assigned the Monitoring Reader role can view all monitoring data in a sub
People assigned the Monitoring Contributor role can view all monitoring data in a subscription and create or modify monitoring settings, but cannot modify any other resources. This role is a superset of the Monitoring Reader role, and is appropriate for members of an organization’s monitoring team or managed service providers who, in addition to the permissions above, also need to be able to:
* Publish monitoring dashboards as a shared dashboard.
-* Set [diagnostic settings](monitoring-overview-of-diagnostic-logs.md#diagnostic-settings) for a resource.*
-* Set the [log profile](monitoring-overview-activity-logs.md#export-the-activity-log-with-log-profiles) for a subscription.*
+* Set [diagnostic settings](monitoring-overview-of-diagnostic-logs.md#resource-diagnostic-settings) for a resource.*
+* Set the [log profile](monitoring-overview-activity-logs.md#export-the-activity-log-with-a-log-profile) for a subscription.*
* Set alert activity and settings.
* Create Application Insights web tests and components.
* List Log Analytics (OMS) workspace shared keys.
diff --git a/articles/postgresql/quickstart-create-server-database-portal.md b/articles/postgresql/quickstart-create-server-database-portal.md
index cdd0ea1c1aa3d..5ee64f5314a17 100644
--- a/articles/postgresql/quickstart-create-server-database-portal.md
+++ b/articles/postgresql/quickstart-create-server-database-portal.md
@@ -9,7 +9,7 @@ editor: jasonwhowell
ms.service: postgresql-database
ms.custom: mvc
ms.topic: hero-article
-ms.date: 07/12/2017
+ms.date: 08/04/2017
---
# Create an Azure Database for PostgreSQL in the Azure portal
@@ -32,25 +32,27 @@ Follow these steps to create an Azure Database for PostgreSQL server:
3. Fill out the new server details form with the following information, as shown on the preceding image:
- - Server name: **mypgserver-20170401** (choose a globally unique server name, since this name maps to the DNS name)
- - Subscription: If you have multiple subscriptions, choose the appropriate subscription in which the resource exists or is billed for.
- - Resource group: **myresourcegroup**
- - Server admin login and password of your choice
- - Location: choose a location nearest you.
- - PostgreSQL Version: choose the latest version.
+
+ Setting|Suggested value|Description
+ ---|---|---
+ Server name |*mypgserver-20170401*|Choose a unique name that identifies your Azure Database for PostgreSQL server. The domain name *postgres.database.azure.com* is appended to the server name you provide for applications to connect to. The server name can contain only lowercase letters, numbers, and the hyphen (-) character, and it must contain from 3 through 63 characters.
+ Subscription|*Your subscription*|The Azure subscription that you want to use for your server. If you have multiple subscriptions, choose the appropriate subscription in which the resource is billed for.
+ Resource Group|*myresourcegroup*| You may make a new resource group name, or use an existing one from your subscription.
+ Server admin login |*mylogin*| Make your own login account that to be used when connecting to the server. The admin login name cannot be 'azure_superuser', 'azure_pg_admin', 'admin', 'administrator', 'root', 'guest', or 'public', and cannot start with 'pg_'.
+ Password |*Your choice* | Create a new password for the server admin account. Must contain from 8 to 128 characters. Your password must contain characters from three of the following categories – English uppercase letters, English lowercase letters, numbers (0-9), and non-alphanumeric characters (!, $, #, %, etc.).
+ Location|*The region closest to your users*| Choose the location that's closest to your users.
+ PostgreSQL Version|*Choose the latest version*| Choose the latest version unless you have specific requirements.
+ Pricing Tier | **Basic**, **50 Compute Units** **50 GB** | Click **Pricing tier** to specify the service tier and performance level for your new database. Choose Basic tier in the tab at the top. Click the left end of the Compute Units slider to adjust the value to the least amount available for this quickstart. Click **Ok** to save the pricing tier selection. See the following screenshot.
+ | Pin to dashboard | Check | Check the **Pin to dashboard** option to allow easy tracking of your server on the front dashboard page of your Azure portal.
> [!IMPORTANT]
> The server admin login and password that you specify here are required to log in to the server and its databases later in this quick start. Remember or record this information for later use.
-4. Click **Pricing tier** to specify the service tier and performance level for your new database. For this quick start, select **Basic** Tier, **50 Compute Units** and **50 GB** of included storage.
- 
-5. Click **Ok**.
-6. Click **Create** to provision the server. Provisioning takes a few minutes.
+ 
- > [!TIP]
- > Check the **Pin to dashboard** option to allow easy tracking of your deployments.
+4. Click **Create** to provision the server. Provisioning takes a few minutes, up to 20 minutes maximum.
-7. On the toolbar, click **Notifications** to monitor the deployment process.
+5. On the toolbar, click **Notifications** to monitor the deployment process.
By default, **postgres** database gets created under your server. The [postgres](https://www.postgresql.org/docs/9.6/static/app-initdb.html) database is a default database meant for use by users, utilities, and third-party applications.
@@ -59,64 +61,87 @@ Follow these steps to create an Azure Database for PostgreSQL server:
The Azure Database for PostgreSQL service creates a firewall at the server-level. This firewall prevents external applications and tools from connecting to the server and any databases on the server unless a firewall rule is created to open the firewall for specific IP addresses.
-1. After the deployment completes, click **All Resources** from the left-hand menu and type in the name **mypgserver-20170401** to search for your newly created server. Click the server name listed in the search result. The **Overview** page for your server opens and provides options for further configuration.
+1. Locate your server after the deployment completes. If needed you can search for it. For example, click **All Resources** from the left-hand menu and type in the server name (such as the example mypgserver-20170401) to search for your newly created server. Click on your server name listed in the search result. The Overview page for your server opens and provides options for further configuration.
- 
+ 
-2. In the server blade, select **Connection Security**.
-3. Click in the text box under **Rule Name,** and add a new firewall rule to whitelist the IP range for connectivity. For this quick start, let's allow all IPs by typing in **Rule Name = AllowAllIps**, **Start IP = 0.0.0.0** and **End IP = 255.255.255.255** and then click **Save**. You can set a firewall rule that covers an IP range to be able to connect from your network.
+2. On the server page, select **Connection Security**.
+ 
- 
+3. Under the **Firewall Rules** heading, click in the blank text box in the **Rule Name** column to begin creating the firewall rule.
-4. Click **Save** and then click the **X** to close the **Connections Security** page.
+ For this quick start, let's allow all IP addresses into the server by filling in the text box in each column with the following values:
- > [!NOTE]
- > Azure PostgreSQL server communicates over port 5432. If you are trying to connect from within a corporate network, outbound traffic over port 5432 may not be allowed by your network's firewall. If so, you will not be able to connect to your Azure SQL Database server unless your IT department opens port 5432.
- >
+ Rule Name | Start IP | End IP
+ ---|---|---
+ AllowAllIps | 0.0.0.0 | 255.255.255.255
-## Get the connection information
+4. On the upper toolbar of the Connection Security page, click **Save**. Then click the **X** to close the Connection Security page.
-When we created our Azure Database for PostgreSQL server, the default **postgres** database also gets created. To connect to your database server, you need to provide host information and access credentials.
+ > [!NOTE]
+ > Azure PostgreSQL server communicates over port 5432. If you are trying to connect from within a corporate network, outbound traffic over port 5432 may not be allowed by your network's firewall. If so, you will not be able to connect to your Azure SQL Database server unless your IT department opens port 5432.
+ >
-1. From the left-hand menu in Azure portal, click **All resources** and search for the server you just created **mypgserver-20170401**.
+## Get the connection information
- 
+When we created our Azure Database for PostgreSQL server, a default database named **postgres** gets created. To connect to your database server, you need to recall the full server name and admin login credentials. You may have noted those values earlier in the quick start article. In case you did not, easily find the server name and login information from the server Overview page in the Azure portal.
-2. Click the server name **mypgserver-20170401**.
-3. Select the server's **Overview** page. Make a note of the **Server name** and **Server admin login name**.
+1. Open your server's **Overview** page. Make a note of the **Server name** and **Server admin login name**.
+ Hover your cursor over each field, and the copy icon appears to the right of the text. Click the copy icon as needed to copy the values.
## Connect to PostgreSQL database using psql in Cloud Shell
-Let's now use the psql command-line utility to connect to the Azure Database for PostgreSQL server.
+There are a number of applications you can use to connect to your Azure Database for PostgreSQL server. Let's first use the psql command-line utility to illustrate how to connect to the server. You can use a web browser and the Azure Cloud Shell as described here without the need to install any additional software. If you have the psql utility installed locally on your own machine, you can connect from there as well.
+
1. Launch the Azure Cloud Shell via the terminal icon on the top navigation pane.
-2. The Azure Cloud Shell opens in your browser, enabling you to type bash commands.
+2. The Azure Cloud Shell opens in your browser, enabling you to type bash shell commands.
-3. At the Cloud Shell prompt, connect to your Azure Database for PostgreSQL server by typing the psql command line at the prompt. The following format is used to connect to an Azure Database for PostgreSQL server with the [psql](https://www.postgresql.org/docs/9.6/static/app-psql.html) utility:
- ```bash
- psql --host= --port= --username= --dbname=
- ```
+3. At the Cloud Shell prompt, connect to a database in your Azure Database for PostgreSQL server by typing the psql command line at the green prompt.
+
+ The following format is used to connect to an Azure Database for PostgreSQL server with the [psql](https://www.postgresql.org/docs/9.6/static/app-psql.html) utility:
+ ```bash
+ psql --host= --port= --username= --dbname=
+ ```
- For example, the following command connects to the default database called **postgres** on your PostgreSQL server **mypgserver-20170401.postgres.database.azure.com** using access credentials. Always use port **5432** when connecting. Enter your server admin password when prompted. Please use spaces between the --switches in the command as shown, but do not use spaces between the equal signs and the parameter values.
+ For example, the following command connects to an example server:
- ```bash
- psql --host=mypgserver-20170401.postgres.database.azure.com --port=5432 --username=mylogin@mypgserver-20170401 --dbname=postgres
- ```
-4. Once you're connected to the server, create a blank database at the prompt.
-```bash
-CREATE DATABASE mypgsqldb;
-```
+ ```bash
+ psql --host=mypgserver-20170401.postgres.database.azure.com --port=5432 --username=mylogin@mypgserver-20170401 --dbname=postgres
+ ```
+
+ psql parameter |Suggested value|Description
+ ---|---|---
+ --host | *server name* | Specify the server name value that was used when you created the Azure Database for PostgreSQL earlier. Our example server shown is mypgserver-20170401.postgres.database.azure.com. Use the fully qualified domain name (\*.postgres.database.azure.com) as shown in the example. Follow the previous section to get the connection information if you do not remember your server name.
+ --port | **5432** | Always use port 5432 when connecting to Azure Database for PostgreSQL.
+ --username | *server admin login name* |Type in the server admin login username supplied when you created the Azure Database for PostgreSQL earlier. Follow the previous section to get the connection information if you do not remember the username. The format is *username@servername*.
+ --dbname | **postgres** | Use the default system generated database name *postgres* for the first connection. Later you create your own database.
+
+ After running the psql command, with your own parameter values, you will be prompted to type the server admin password. This is the same password that you provided when you created the server.
+
+ psql parameter |Suggested value|Description
+ ---|---|---
+ password | *your admin password* | Note, the typed password characters will not be shown on the bash prompt. Press enter after you have typed all the characters to authenticate and connect.
+
+4. Once you're connected to the server, create a blank database at the prompt by typing the following command:
+ ```bash
+ CREATE DATABASE mypgsqldb;
+ ```
5. At the prompt, execute the following command to switch connection to the newly created database **mypgsqldb**.
-```bash
-\c mypgsqldb
-```
+ ```bash
+ \c mypgsqldb
+ ```
+
+6. Type \q and then press ENTER to quit psql. You can close the Azure Cloud Shell.
+
+Now you have connected to the Azure Database for PostgreSQL and created a blank user database. Continue to the next section to connect using another common tool pgAdmin.
## Connect to PostgreSQL database using pgAdmin
diff --git a/articles/search/TOC.md b/articles/search/TOC.md
index 8a21149079fc3..12aa923168214 100644
--- a/articles/search/TOC.md
+++ b/articles/search/TOC.md
@@ -28,10 +28,12 @@
### [Design patterns for multitenancy](search-modeling-multitenant-saas-applications.md)
## Develop
+### [API versions](search-api-versions.md)
### [Upgrade the SDK](search-dotnet-sdk-migration.md)
### [Upgrade the REST API](search-api-migration.md)
### [Model complex data types](search-howto-complex-data-types.md)
### [Handle concurrent updates](search-howto-concurrency.md)
+### [Code samples](https://azure.microsoft.com/resources/samples/?service=search)
## Manage
### Administer Azure Search
@@ -68,31 +70,33 @@
# Reference
-## [Code samples](https://azure.microsoft.com/en-us/resources/samples/?service=search)
## [.NET](/dotnet/api/?term=microsoft.azure.search)
## [.NET (Management)](/dotnet/api/?term=microsoft.azure.management.search)
## [Python (Management)](http://azure-sdk-for-python.readthedocs.io/en/latest/ref/azure.mgmt.search.html)
## [REST](/rest/api/searchservice)
## [REST (Management)](/rest/api/searchmanagement)
+## [Service REST (Preview)](search-api-2015-02-28-preview.md)
# Resources
-## [API versions](search-api-versions.md)
+
## [Azure Roadmap](https://azure.microsoft.com/roadmap/?category=web-mobile)
+## [FAQ - Frequently Asked Questions](search-faq-frequently-asked-questions.md)
## [Pricing](https://azure.microsoft.com/pricing/details/search/)
## [Pricing calculator](https://azure.microsoft.com/pricing/calculator/)
-## [Service REST (Preview)](search-api-2015-02-28-preview.md)
## [Service updates](https://azure.microsoft.com/updates/?product=search)
## Courseware & tutorials
+### [Videos and tutorials](search-video-demo-tutorial-list.md)
+### [Virtual academy](https://mva.microsoft.com/training-courses/using-windows-azure-search-10540?l=ADkxnd97_9304984382)
## Demo sites
+### [Search Analyzer Demo](http://alice.unearth.ai/)
+### [Live demo apps](https://searchsamples.azurewebsites.net/)
+### [Job listings app](http://aka.ms/azjobsdemo)
## Partner & community
### [Azure Search GitHub](https://github.com/Azure-Samples/?utf8=%E2%9C%93&query=search)
-### [Azure Search GitHub](https://github.com/Azure-Samples/?utf8=%E2%9C%93&query=search)
-### [Forum](https://social.msdn.microsoft.com/forums/azure/en-US/home?forum=AzureSearch)
-### [Job listings app](http://aka.ms/azjobsdemo)
-### [Live demo apps](https://searchsamples.azurewebsites.net/)
-### [Model relational data](http://blogs.technet.com/b/onsearch/archive/2015/09/08/modeling-the-adventureworks-inventory-database-for-azure-search.aspx)
-### [Multilevel faceting](http://blogs.technet.com/b/onsearch/archive/2015/09/09/multi-level-taxonomy-facets-in-azure-search.aspx)
-### [Search Analyzer Demo](http://alice.unearth.ai/)
+### [MSDN Forum](https://social.msdn.microsoft.com/forums/azure/home?forum=AzureSearch)
### [Stack Overflow](http://stackoverflow.com/questions/tagged/azure-search)
-### [Videos and tutorials](search-video-demo-tutorial-list.md)
-### [Virtual academy](https://mva.microsoft.com/training-courses/using-windows-azure-search-10540?l=ADkxnd97_9304984382)
+### [blog: Model relational data](http://blogs.technet.com/b/onsearch/archive/2015/09/08/modeling-the-adventureworks-inventory-database-for-azure-search.aspx)
+### [[blog: Multilevel faceting](http://blogs.technet.com/b/onsearch/archive/2015/09/09/multi-level-taxonomy-facets-in-azure-search.aspx)
+
+
+
diff --git a/articles/search/search-faq-frequently-asked-questions.md b/articles/search/search-faq-frequently-asked-questions.md
new file mode 100644
index 0000000000000..3bc35763feafc
--- /dev/null
+++ b/articles/search/search-faq-frequently-asked-questions.md
@@ -0,0 +1,89 @@
+---
+title: Frequently asked questions (FAQ) about Azure Search | Microsoft Docs
+description: Get answers to common questions about Microsoft Azure Search Service
+services: search
+author: HeidiSteen
+manager: jhubbard
+
+ms.service: search
+ms.technology: search
+ms.topic: article
+ms.date: 08/03/2017
+ms.author: heidist
+---
+
+# Azure Search - frequently asked questions (FAQ)
+
+ Find answers to commonly asked questions about concepts, code, and scenarios related to Azure Search.
+
+## Platform
+
+### How is Azure Search different from full text search in my DBMS?
+
+Azure Search supports multiple data sources, [linguistic analysis for many languages](https://docs.microsoft.com/rest/api/searchservice/language-support), [custom analysis for interesting and unusual data inputs](https://docs.microsoft.com/rest/api/searchservice/custom-analyzers-in-azure-search), search rank controls through [scoring profiles](https://docs.microsoft.com/rest/api/searchservice/add-scoring-profiles-to-a-search-index), and user-experience features such as typeahead, hit highlighting, and faceted navigation. It also includes other features, such as synonyms and rich query syntax, but those are generally not differentiating features.
+
+### What is the difference between Azure Search and Elasticsearch?
+
+When comparing search technologies, customers frequently ask for specifics on how Azure Search compares with Elasticsearch. Customers who choose Azure Search over Elasticsearch for their search application projects typically do so because we've made a key task easier or they need the built-in integration with other Microsoft technologies:
+
++ Azure Search is a fully-managed cloud service with 99.9% service level agreements (SLA) when provisioned with sufficient redundancy (2 replicas for read access, 3 replicas for read-write).
++ Microsoft's [Natural language processors](https://docs.microsoft.com/rest/api/searchservice/language-support) offer leading edge inguistic analysis.
++ [Azure Search indexers](search-indexer-overview.md) can crawl a variety of Azure data sources for initial and incremental indexing.
++ If you need rapid response to fluctuations in query or indexing volumes, you can use [slider controls](search-manage.md#scale-up-or-down) in the Azure portal, or run a [PowerShell script](search-manage-powershell.md), bypassing shard management directly.
++ [Scoring and tuning features](https://docs.microsoft.com/rest/api/searchservice/add-scoring-profiles-to-a-search-index) provide the means for influencing search rank scores beyond what the search engine alone can provide.
+
+### Can I pause Azure Search service and stop billing?
+
+You cannot pause the service. Computational and storage resources are allocated for your exclusive use when the service is created. It's not possible to release and reclaim those resources on-demand.
+
+## Indexing Operations
+
+### Backup and restore (or download and move) indexes or index snapshots?
+
+Although you can [get an index definition](https://docs.microsoft.com/rest/api/searchservice/get-index) at any time, there is no index extraction, snapshot, or backup-restore feature for downloading a *populated* index running in the cloud to a local system, or moving it to another Azure Search service.
+
+Indexes are built and populated from code that you write, and run only on Azure Search in the cloud. Typically, customers who want to move an index to another service do so by editing their code to use a new endpoint, and then rerun indexing. If you want the ability to take a snapshot or backup an index, cast a vote on [User Voice](https://feedback.azure.com/forums/263029-azure-search/suggestions/8021610-backup-snapshot-of-index).
+
+### Can I index from SQL database replicas (Applies to [Azure SQL Database indexers](https://docs.microsoft.com/azure/search/search-howto-connecting-azure-sql-database-to-azure-search-using-indexers))
+
+ There are no restrictions on the use of primary or secondary replicas as a data source when building an index from scratch. However, refreshing an index with incremental updates (based on changed records) requires the primary replica. This requirement comes from SQL Database, which guarantees change tracking on primary replicas only. If you try using secondary replicas for an index refresh workload, there is no guarantee you get all of the data.
+
+## Search Operations
+
+### Can I search across multiple indexes?
+
+No, this operation is not supported. Search is always scoped to a single index.
+
+### Can I restrict search corpus access by user identity?
+
+Azure Search does not have a role-based security model for per-user data access. Authentication is either full rights or read-only at the service level. Some customers have implemented solutions based on [`$filter` search parameter](https://docs.microsoft.com/rest/api/searchservice/search-documents), but it is a workaround at best. If you want this feature, cast a vote on [User Voice](https://feedback.azure.com/forums/263029-azure-search/category/86074-security).
+
+### Why are there zero matches on terms I know to be valid?
+
+The most common case is not knowing that each query type supports different search behaviors and levels of linguistic analyses. Full text search, which is the predominant workload, includes a language analysis phase that breaks terms down to root forms. This aspect of query parsing casts a broader net over possible matches, because the tokenized term matches a greater number of variants.
+
+If you invoke [other query types](https://docs.microsoft.com/rest/api/searchservice/lucene-query-syntax-in-azure-search) (wildcard search, fuzzy search, proximity search, suggestions, among others), there is no linguistic analysis. Terms are added to the query tree as-is.
+
+### Why is the search rank a constant or equal score of 1.0 for every hit?
+
+By default, search results are scored based on the [statistical properties of matching terms](search-lucene-query-architecture.md#stage-4-scoring), and ordered high to low in the result set. However, some query types (wildcard, prefix, regex) always contribute a constant score to the overall document score. This behavior is by design. Azure Search imposes a constant score to allow matches found through query expansion to be included in the results, without affecting the ranking.
+
+For example, suppose an input of "tour*" in a wildcard search produces matches on “tours”, “tourettes”, and “tourmaline”. Given the nature of these results, there is no way to reasonably infer which terms are more valuable than others. For this reason, we ignore term frequencies when scoring results in queries of types wildcard, prefix, and regex. Search results based on a partial input are given a constant score to avoid bias towards potentially unexpected matches.
+
+## Design patterns
+
+### What is the best approach for implementing localized search?
+
+Most customers choose dedicated fields over a collection when it comes to supporting different locales (languages) in the same index. Locale-specific fields make it possible to assign an appropriate analyzer. For example, assigning the Microsoft French Analyzer to a field containing French strings. It also simplifies filtering. If you know a query is initiated on a fr-fr page, you could limit search results to this field. Or, create a [scoring profile](https://docs.microsoft.com/rest/api/searchservice/add-scoring-profiles-to-a-search-index) to give the field more relative weight.
+
+## Next steps
+
+Is your question about a missing feature or functionality? Request the feature on the [User Voice web site](https://feedback.azure.com/forums/263029-azure-search).
+
+## See also
+
+ [StackOverflow: Azure Search](https://stackoverflow.com/questions/tagged/azure-search)
+ [How full text search works in Azure Search](search-lucene-query-architecture.md)
+ [What is Azure Search?](search-what-is-azure-search.md)
+
+
\ No newline at end of file
diff --git a/articles/storage/storage-faq-for-disks.md b/articles/storage/storage-faq-for-disks.md
index 467e9f002708d..14a2e362c9237 100644
--- a/articles/storage/storage-faq-for-disks.md
+++ b/articles/storage/storage-faq-for-disks.md
@@ -163,7 +163,7 @@ Yes. All managed snapshots and images created after June 9, 2017, are automatica
**Can I convert VMs with unmanaged disks that are located on storage accounts that are or were previously encrypted to managed disks?**
-No. This feature is not supported yet. It is expected to come out by the end of July.
+Yes
**Will an exported VHD from a managed disk or a snapshot also be encrypted?**
diff --git a/articles/storage/storage-how-to-use-files-linux.md b/articles/storage/storage-how-to-use-files-linux.md
index 54f552047513a..2fb981d126341 100644
--- a/articles/storage/storage-how-to-use-files-linux.md
+++ b/articles/storage/storage-how-to-use-files-linux.md
@@ -20,7 +20,7 @@ ms.author: renash
[Azure File storage](storage-dotnet-how-to-use-files.md) is Microsoft's easy to use cloud file system. Azure File shares can be mounted in Linux distributions using the [cifs-utils package](https://wiki.samba.org/index.php/LinuxCIFS_utils) from the [Samba project](https://www.samba.org/). This article shows two ways to mount an Azure File share: on-demand with the `mount` command and on-boot by creating an entry in `/etc/fstab`.
> [!NOTE]
-> In order to mount an Azure File share outside of the Azure region it is hosted in, such as on-premises or in a different Azure region, the OS must support the encryption functionality of SMB 3.0. Encryption feature for SMB 3.0 for Linux was introduced in 4.11 kernel. This feature enables mounting of Azure File share from on-premises or a different Azure region. At the time of publishing, this functionality has been backported to Ubuntu 17.04 and Ubuntu 16.10.
+> In order to mount an Azure File share outside of the Azure region it is hosted in, such as on-premises or in a different Azure region, the OS must support the encryption functionality of SMB 3.0. Encryption feature for SMB 3.0 for Linux was introduced in 4.11 kernel. This feature enables mounting of Azure File share from on-premises or a different Azure region. At the time of publishing, this functionality has been backported to Ubuntu from 16.04 and above.
## Prerequisities for mounting an Azure File share with Linux and the cifs-utils package
diff --git a/articles/storage/storage-require-secure-transfer.md b/articles/storage/storage-require-secure-transfer.md
index 80e31be3b27ac..7245bfde361e7 100644
--- a/articles/storage/storage-require-secure-transfer.md
+++ b/articles/storage/storage-require-secure-transfer.md
@@ -46,5 +46,63 @@ You can enable the "Secure transfer required" setting both when you create a sto
+## Enable "Secure transfer required" programmatically
+
+The setting name is _supportsHttpsTrafficOnly_ in storage account properties. You can enable "Secure transfer required" setting with REST API, tools or libraries:
+
+* **REST API** (Version: 2016-12-01): [release package](https://docs.microsoft.com/en-us/rest/api/storagerp/storageaccounts)
+* **PowerShell** (Version: 4.1.0): [release package](https://docs.microsoft.com/en-us/powershell/module/azurerm.storage/set-azurermstorageaccount?view=azurermps-4.1.0)
+* **CLI** (Version: 2.0.11): [release package](https://pypi.python.org/pypi/azure-cli-storage/2.0.11)
+* **NodeJS** (Version: 1.1.0): [release package](https://www.npmjs.com/package/azure-arm-storage/)
+* **.NET SDK** (Version: 6.3.0): [release package](https://www.nuget.org/packages/Microsoft.Azure.Management.Storage/6.3.0-preview)
+* **Python SDK** (Version: 1.1.0): [release package](https://pypi.python.org/pypi/azure-mgmt-storage/1.1.0)
+* **Ruby SDK** (Version: 0.11.0): [release package](https://rubygems.org/gems/azure_mgmt_storage)
+
+### Enable "Secure transfer required" setting with REST API
+
+To simplify testing with REST API, you can use [ArmClient](https://github.com/projectkudu/ARMClient) to call from command line.
+
+ You can use below command line to check the setting with the REST API:
+
+```
+# Login Azure and proceed with your credentials
+> armclient login
+
+> armclient GET /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{accountName}?api-version=2016-12-01
+```
+
+In the response, you can find _supportsHttpsTrafficOnly_ setting. Sample:
+
+```Json
+{
+ "id": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{accountName}",
+ "kind": "Storage",
+ ...
+ "properties": {
+ ...
+ "supportsHttpsTrafficOnly": false
+ },
+ "type": "Microsoft.Storage/storageAccounts"
+}
+```
+
+You can use below command line to enable the setting with the REST API:
+
+```
+# Login Azure and proceed with your credentials
+> armclient login
+
+> armclient PUT /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{accountName}?api-version=2016-12-01 < Input.json
+```
+Sample of Input.json:
+```Json
+{
+ "location": "westus",
+ "properties": {
+ "supportsHttpsTrafficOnly": true
+ }
+}
+```
+
## Next steps
Azure Storage provides a comprehensive set of security capabilities, which together enable developers to build secure applications. For more details, visit the [Storage Security Guide](storage-security-guide.md).
diff --git a/articles/virtual-machines/windows/prepare-for-upload-vhd-image.md b/articles/virtual-machines/windows/prepare-for-upload-vhd-image.md
index d212bfc27e72b..9922d13d81242 100644
--- a/articles/virtual-machines/windows/prepare-for-upload-vhd-image.md
+++ b/articles/virtual-machines/windows/prepare-for-upload-vhd-image.md
@@ -154,7 +154,7 @@ Make sure that the following settings are configured correctly for remote deskto
```PowerShell
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name "KeepAliveEnable" 1 -Type DWord
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name "KeepAliveInterval" 1 -Type DWord
- Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp ' -name "KeepAliveTimeout" 1 -Type DWord
+ Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp' -name "KeepAliveTimeout" 1 -Type DWord
```
6. Reconnect:
diff --git a/articles/virtual-machines/workloads/sap/sap-hana-backup-storage-snapshots.md b/articles/virtual-machines/workloads/sap/sap-hana-backup-storage-snapshots.md
index cda76c7e64339..1ac9a1c7d361c 100644
--- a/articles/virtual-machines/workloads/sap/sap-hana-backup-storage-snapshots.md
+++ b/articles/virtual-machines/workloads/sap/sap-hana-backup-storage-snapshots.md
@@ -164,5 +164,5 @@ If it was possible to shut down SAP HANA before the blob snapshots, the procedur
## Next steps
* [Backup guide for SAP HANA on Azure Virtual Machines](sap-hana-backup-guide.md) gives an overview and information on getting started.
-* [SAP HANA backup based on file level](sap-hana-backup-file-level.md) describes the storage snapshot-based backup option.
+* [SAP HANA backup based on file level](sap-hana-backup-file-level.md) covers the file-based backup option.
* To learn how to establish high availability and plan for disaster recovery of SAP HANA on Azure (large instances), see [SAP HANA (large instances) high availability and disaster recovery on Azure](hana-overview-high-availability-disaster-recovery.md).
diff --git a/articles/virtual-network/virtual-network-nsg-manage-log.md b/articles/virtual-network/virtual-network-nsg-manage-log.md
index b7561174e988a..ed6d40f320023 100644
--- a/articles/virtual-network/virtual-network-nsg-manage-log.md
+++ b/articles/virtual-network/virtual-network-nsg-manage-log.md
@@ -43,18 +43,18 @@ Diagnostic logging must be enabled for *each* NSG you want to collect data for.
### Azure portal
-To use the portal to enable logging, login to the [portal](https://portal.azure.com). Click **More services**, then type *network security groups*. Select the NSG you want to enable logging for. Follow the instructions for non-compute resources in the [Enable diagnostic logs in the portal](../monitoring-and-diagnostics/monitoring-overview-of-diagnostic-logs.md#enable-diagnostic-logs-in-the-portal) article. Select **NetworkSecurityGroupEvent**, **NetworkSecurityGroupRuleCounter**, or both categories of logs.
+To use the portal to enable logging, login to the [portal](https://portal.azure.com). Click **More services**, then type *network security groups*. Select the NSG you want to enable logging for. Follow the instructions for non-compute resources in the [Enable diagnostic logs in the portal](../monitoring-and-diagnostics/monitoring-overview-of-diagnostic-logs.md#how-to-enable-collection-of-resource-diagnostic-logs) article. Select **NetworkSecurityGroupEvent**, **NetworkSecurityGroupRuleCounter**, or both categories of logs.
### PowerShell
-To use PowerShell to enable logging, follow the instructions in the [Enable diagnostic logs via PowerShell](../monitoring-and-diagnostics/monitoring-overview-of-diagnostic-logs.md#enable-diagnostic-logs-via-powershell) article. Evaluate the following information before entering a command from the article:
+To use PowerShell to enable logging, follow the instructions in the [Enable diagnostic logs via PowerShell](../monitoring-and-diagnostics/monitoring-overview-of-diagnostic-logs.md#how-to-enable-collection-of-resource-diagnostic-logs) article. Evaluate the following information before entering a command from the article:
- You can determine the value to use for the `-ResourceId` parameter by replacing the following [text], as appropriate, then entering the command `Get-AzureRmNetworkSecurityGroup -Name [nsg-name] -ResourceGroupName [resource-group-name]`. The ID output from the command looks similar to */subscriptions/[Subscription Id]/resourceGroups/[resource-group]/providers/Microsoft.Network/networkSecurityGroups/[NSG name]*.
- If you only want to collect data from log category add `-Categories [category]` to the end of the command in the article, where category is either *NetworkSecurityGroupEvent* or *NetworkSecurityGroupRuleCounter*. If you don't use the `-Categories` parameter, data collection is enabled for both log categories.
### Azure command-line interface (CLI)
-To use the CLI to enable logging, follow the instructions in the [Enable diagnostic logs via CLI](../monitoring-and-diagnostics/monitoring-overview-of-diagnostic-logs.md#enable-diagnostic-logs-via-cli) article. Evaluate the following information before entering a command from the article:
+To use the CLI to enable logging, follow the instructions in the [Enable diagnostic logs via CLI](../monitoring-and-diagnostics/monitoring-overview-of-diagnostic-logs.md#how-to-enable-collection-of-resource-diagnostic-logs) article. Evaluate the following information before entering a command from the article:
- You can determine the value to use for the `-ResourceId` parameter by replacing the following [text], as appropriate, then entering the command `azure network nsg show [resource-group-name] [nsg-name]`. The ID output from the command looks similar to */subscriptions/[Subscription Id]/resourceGroups/[resource-group]/providers/Microsoft.Network/networkSecurityGroups/[NSG name]*.
- If you only want to collect data from log category add `-Categories [category]` to the end of the command in the article, where category is either *NetworkSecurityGroupEvent* or *NetworkSecurityGroupRuleCounter*. If you don't use the `-Categories` parameter, data collection is enabled for both log categories.
diff --git a/includes/cosmos-db-create-collection.md b/includes/cosmos-db-create-collection.md
index 51508232b6b25..37e8924b3cd90 100644
--- a/includes/cosmos-db-create-collection.md
+++ b/includes/cosmos-db-create-collection.md
@@ -1,4 +1,4 @@
-You can now use Data Explorer to create a collection and add data to your database.
+You can now use the Data Explorer tool in the Azure portal to create a database and collection.
1. In the Azure portal, in the left navigation menu, click **Data Explorer (Preview)**.
@@ -8,10 +8,12 @@ You can now use Data Explorer to create a collection and add data to your databa
Setting|Suggested value|Description
---|---|---
- Database id|Tasks|The ID for your new database. Database names must contain from 1 through 255 characters, and they cannot contain /, \\, #, ?, or a trailing space.
- Collection id|Items|The ID for your new collection. Collection names have the same character requirements as database IDs.
- Storage capacity| Fixed (10 GB)|Use the default value. This is the storage capacity of the database.
+ Database id|Tasks|The name for your new database. Database names must contain from 1 through 255 characters, and they cannot contain /, \\, #, ?, or a trailing space.
+ Collection id|Items|The name for your new collection. Collection names have the same character requirements as database IDs.
+ Storage capacity| Fixed (10 GB)|Use the default value. This value is the storage capacity of the database.
Throughput|400 RU|Use the default value. If you want to reduce latency, you can scale up the throughput later.
RU/m|Off|Leave the default value. If you need to handle spiky workloads later, you can turn on the [RU/m](../articles/cosmos-db/request-units-per-minute.md) feature at that time.
Partition key|/category|A partition key that distributes data evenly to each partition. Selecting the correct partition key is important in creating a performant collection. To learn more, see [Designing for partitioning](../articles/cosmos-db/partition-data.md#designing-for-partitioning).
-3. After you've completed the form, click **OK**.
\ No newline at end of file
+3. After you've completed the form, click **OK**.
+
+Data Explorer shows the new Database and collection.
\ No newline at end of file
diff --git a/includes/cosmos-db-create-dbaccount-graph.md b/includes/cosmos-db-create-dbaccount-graph.md
index 88f7d61cd1af8..581adce2dc938 100644
--- a/includes/cosmos-db-create-dbaccount-graph.md
+++ b/includes/cosmos-db-create-dbaccount-graph.md
@@ -3,29 +3,29 @@
-3. In the **New account** blade, specify the desired configuration for the Azure Cosmos DB account.
+3. In the **New account** blade, specify the configuration that you want for this Azure Cosmos DB account.
- With Azure Cosmos DB, you can choose one of four programming models: Gremlin (graph), MongoDB, SQL (DocumentDB), and Table (key-value).
+ With Azure Cosmos DB, you can choose one of four programming models: Gremlin (graph), MongoDB, SQL (DocumentDB), and Table (key-value), each which currently require a separate account.
In this quick-start article, we program against the Graph API, so choose **Gremlin (graph)** as you fill out the form. If you have document data from a catalog app, key/value (table) data, or data that's migrated from a MongoDB app, realize that Azure Cosmos DB can provide a highly available, globally distributed database service platform for all your mission-critical applications.
- On the **New account** blade, complete the fields with the information in the following screenshot as a guide only. Because your own values will not match those in the screenshot, be sure to choose unique values as you set up your account.
+ Complete the fields on the **New account** blade, using the information in the following screenshot as a guide - your values may be different than the values in the screenshot.
- 
+ 
Setting|Suggested value|Description
---|---|---
- ID|*Unique value*|A unique name that you choose to identify the Azure Cosmos DB account. Because *documents.azure.com* is appended to the ID that you provide to create your URI, use a unique but identifiable ID. The ID must contain only lowercase letters, numbers, and the hyphen (-) character, and it must contain from 3 to 50 characters.
+ ID|*Unique value*|A unique name that identifies this Azure Cosmos DB account. Because *documents.azure.com* is appended to the ID that you provide to create your URI, use a unique but identifiable ID. The ID must contain only lowercase letters, numbers, and the hyphen (-) character, and it must contain from 3 to 50 characters.
API|Gremlin (graph)|We program against the [Graph API](../articles/cosmos-db/graph-introduction.md) later in this article.|
- Subscription|*Your subscription*|The Azure subscription that you want to use for the Azure Cosmos DB account.
+ Subscription|*Your subscription*|The Azure subscription that you want to use for this Azure Cosmos DB account.
Resource Group|*The same value as ID*|The new resource group name for your account. For simplicity, you can use the same name as your ID.
Location|*The region closest to your users*|The geographic location in which to host your Azure Cosmos DB account. Choose the location closest to your users to give them the fastest access to the data.
4. Click **Create** to create the account.
-5. On the toolbar, click **Notifications** to monitor the deployment process.
+5. On the top toolbar, click the **Notifications** icon  to monitor the deployment process.
- 
+ 
-6. When the deployment is complete, open the new account from the **All Resources** tile.
+6. When the Notifications window indicates the deployment succeeded, close the notification window and open the new account from the **All Resources** tile on the Dashboard.
\ No newline at end of file
diff --git a/includes/cosmos-db-create-dbaccount.md b/includes/cosmos-db-create-dbaccount.md
index 0f825d95c66c3..391eaf1576d9a 100644
--- a/includes/cosmos-db-create-dbaccount.md
+++ b/includes/cosmos-db-create-dbaccount.md
@@ -3,29 +3,29 @@
-3. On the **New account** blade, specify the configuration that you want for the Azure Cosmos DB account.
+3. On the **New account** blade, specify the configuration that you want for this Azure Cosmos DB account.
- With Azure Cosmos DB, you can choose one of four programming models: Gremlin (graph), MongoDB, SQL (DocumentDB), and Table (key-value).
+ With Azure Cosmos DB, you can choose one of four programming models: Gremlin (graph), MongoDB, SQL (DocumentDB), and Table (key-value), each which currently require a separate account.
- In this quick-start article we program against the DocumentDB API, so choose **SQL (DocumentDB)** as you fill out the form. But if you have graph data for a social media app, or key/value (table) data, or data migrated from a MongoDB app, realize that Azure Cosmos DB can provide a highly available, globally distributed database service platform for all your mission-critical applications.
+ In this quick-start article we program against the DocumentDB API, so choose **SQL (DocumentDB)** as you fill out the form. If you have graph data for a social media app, or key/value (table) data, or data migrated from a MongoDB app, realize that Azure Cosmos DB can provide a highly available, globally distributed database service platform for all your mission-critical applications.
- Complete the fields on the **New account** blade, using the information in the following screenshot as a guide. When you set up your account, choose unique values that do not match those in the screenshot.
+ Complete the fields on the **New account** blade, using the information in the following screenshot as a guide- your values may be different than the values in the screenshot.
- 
+ 
Setting|Suggested value|Description
---|---|---
- ID|*Unique value*|A unique name that identifies your Azure Cosmos DB account. The string *documents.azure.com* is appended to the ID you provide to create your URI, so use a unique but identifiable ID. The ID can contain only lowercase letters, numbers, and the hyphen (-) character, and it must contain from 3 through 50 characters.
+ ID|*Unique value*|A unique name that identifies this Azure Cosmos DB account. TBecause *documents.azure.com* is appended to the ID that you provide to create your URI, use a unique but identifiable ID. The ID can contain only lowercase letters, numbers, and the hyphen (-) character, and it must contain 3 to 50 characters.
API|SQL (DocumentDB)|We program against the [DocumentDB API](../articles/documentdb/documentdb-introduction.md) later in this article.|
- Subscription|*Your subscription*|The Azure subscription that you want to use for your Azure Cosmos DB account.
+ Subscription|*Your subscription*|The Azure subscription that you want to use for this Azure Cosmos DB account.
Resource Group|*The same value as ID*|The new resource-group name for your account. For simplicity, you can use the same name as your ID.
Location|*The region closest to your users*|The geographic location in which to host your Azure Cosmos DB account. Choose the location that's closest to your users to give them the fastest access to the data.
4. Click **Create** to create the account.
-5. On the top toolbar, click **Notifications** to monitor the deployment process.
+5. On the top toolbar, click the **Notifications** icon  to monitor the deployment process.
-6. When the deployment is complete, open the new account from the **All Resources** tile.
+6. When the Notifications window indicates the deployment succeeded, close the notification window and open the new account from the **All Resources** tile on the Dashboard.
diff --git a/includes/cosmos-db-create-graph.md b/includes/cosmos-db-create-graph.md
index a3a4e110cc287..ef90738e27bfa 100644
--- a/includes/cosmos-db-create-graph.md
+++ b/includes/cosmos-db-create-graph.md
@@ -1,7 +1,7 @@
-You can now use Data Explorer to create a graph container and add data to your database.
+You can now use the Data Explorer tool in the Azure portal to create a graph database.
-1. In the Azure portal, in the navigation menu, click **Data Explorer**.
-2. In the Data Explorer blade, click **New Graph**, then fill in the page using the following information.
+1. In the Azure portal, in the left navigation menu, click **Data Explorer (Preview)**.
+2. In the **Data Explorer (Preview)** blade, click **New Graph**, then fill in the page using the following information.
diff --git a/includes/cosmos-db-keys.md b/includes/cosmos-db-keys.md
index 9c9faea738302..518dff1763eda 100644
--- a/includes/cosmos-db-keys.md
+++ b/includes/cosmos-db-keys.md
@@ -1,4 +1,4 @@
- Now navigate to the DocumentDB account blade, and click **Keys**, as we will use these values in the web application we create next.
+ Now navigate to the Cosmos DB account blade, and click **Keys**, as we use these values in the web application we create next.
-
+
diff --git a/includes/media/cosmos-db-create-dbaccount-graph/azure-documentdb-nosql-notification.png b/includes/media/cosmos-db-create-dbaccount-graph/azure-documentdb-nosql-notification.png
index c599af3e885af..f3ef02e5d1b60 100644
Binary files a/includes/media/cosmos-db-create-dbaccount-graph/azure-documentdb-nosql-notification.png and b/includes/media/cosmos-db-create-dbaccount-graph/azure-documentdb-nosql-notification.png differ
diff --git a/includes/media/cosmos-db-create-dbaccount-graph/notification-icon.png b/includes/media/cosmos-db-create-dbaccount-graph/notification-icon.png
new file mode 100644
index 0000000000000..3118bd6246017
Binary files /dev/null and b/includes/media/cosmos-db-create-dbaccount-graph/notification-icon.png differ
diff --git a/includes/media/cosmos-db-create-dbaccount-graph/notification.png b/includes/media/cosmos-db-create-dbaccount-graph/notification.png
new file mode 100644
index 0000000000000..f3ef02e5d1b60
Binary files /dev/null and b/includes/media/cosmos-db-create-dbaccount-graph/notification.png differ
diff --git a/includes/media/cosmos-db-create-dbaccount/notification-icon.png b/includes/media/cosmos-db-create-dbaccount/notification-icon.png
new file mode 100644
index 0000000000000..3118bd6246017
Binary files /dev/null and b/includes/media/cosmos-db-create-dbaccount/notification-icon.png differ
diff --git a/includes/media/cosmos-db-create-dbaccount/notification.png b/includes/media/cosmos-db-create-dbaccount/notification.png
index c599af3e885af..f3ef02e5d1b60 100644
Binary files a/includes/media/cosmos-db-create-dbaccount/notification.png and b/includes/media/cosmos-db-create-dbaccount/notification.png differ
diff --git a/includes/media/cosmos-db-create-graph/azure-cosmosdb-data-explorer.png b/includes/media/cosmos-db-create-graph/azure-cosmosdb-data-explorer.png
index 6e5e3c3608248..8d4f187d5a554 100644
Binary files a/includes/media/cosmos-db-create-graph/azure-cosmosdb-data-explorer.png and b/includes/media/cosmos-db-create-graph/azure-cosmosdb-data-explorer.png differ