Merge branch 'live' into master

Author: JasonGerend

WindowsServerDocs/administration/windows-commands/secedit-generaterollback.md

@@ -24,7 +24,7 @@ Allows you to generate a rollback template for a specified configuration templat
 ## Syntax
 
 ```
-Secedit /generaterollback /db <database file name> /cfg <configuration file name> /rbk <rollback template file name> [log <log file name>] [/quiet]
+Secedit /generaterollback /db <database file name> /cfg <configuration file name> /rbk <rollback template file name> [/log <log file name>] [/quiet]
 ```
 
 ### Parameters

WindowsServerDocs/remote/remote-access/directaccess/single-server-wizard/da-basic-configure-s1-infrastructure.md

@@ -202,7 +202,10 @@ To create a Group policy object, see [Create and Edit a Group Policy Object](htt
 > 4.  If the linking to OU has not been done before running the DirectAccess wizard, after the configuration is complete, the administrator can link the DirectAccess Group Policy Objects to the required Organizational Units. The link to the domain can be removed. Steps for linking a Group policy object to an Organization Unit can be found [here](https://technet.microsoft.com/library/cc732979.aspx)  
   
 > [!NOTE]  
-> If a Group policy object was created manually, it is possible during the DirectAccess configuration that the Group policy object will not be available. The Group policy object may not have been replicated to the closest Domain Controller to the management computer. In this event, the administrator can wait for replication to complete, or force the replication.  
+> If a Group policy object was created manually, it is possible during the DirectAccess configuration that the Group policy object will not be available. The Group policy object may not have been replicated to the closest Domain Controller to the management computer. In this event, the administrator can wait for replication to complete, or force the replication.
+
+> [!Warning]
+> Using any means other than the DirectAccess Setup Wizard to configure DirectAccess, such as modifying DirectAccess Group Policy Objects directly or manually modifying the default policy settings on the server or client, is not supported.
   
 ## <a name="ConfigSGs"></a>Configure security groups  
 The DirectAccess settings contained in the client computer Group policy objects are applied only to computers that are members of the security groups that you specify when configuring Remote Access.  

WindowsServerDocs/security/group-managed-service-accounts/getting-started-with-group-managed-service-accounts.md

@@ -141,27 +141,31 @@ You can create a gMSA only if the forest schema has been updated to  Windows Ser
 
 Membership in **Domain Admins**, **Account Operators** or ability to create msDS-GroupManagedServiceAccount objects, is the minimum required to complete the following procedures.
 
+> [!NOTE]
+> A value for the -Name parameter is always required (whether you specify -Name or not), with -DNSHostName, -RestrictToSingleComputer, and -RestrictToOutboundAuthentication being secondary requirements for the three deployment scenarios.    
+
+
 #### <a name="BKMK_CreateGMSA"></a>To create a gMSA using the New-ADServiceAccount cmdlet
 
 1.  On the Windows Server 2012 domain controller, run Windows PowerShell from the Taskbar.
 
 2.  At the command prompt for the Windows PowerShell, type the following commands, and then press ENTER. (The Active Directory module will load automatically.)
 
-    **New-ADServiceAccount [-Name] <string> -DNSHostName <string> [-KerberosEncryptionType <ADKerberosEncryptionType>] [-ManagedPasswordIntervalInDays <Nullable[Int32]>] [-PrincipalsAllowedToRetrieveManagedPassword <ADPrincipal[]>] -SamAccountName <string> -ServicePrincipalNames <string[]>**
+    **New-ADServiceAccount [-Name] &lt;string&gt; -DNSHostName &lt;string&gt; [-KerberosEncryptionType &lt;ADKerberosEncryptionType&gt;] [-ManagedPasswordIntervalInDays <Nullable[Int32]>] [-PrincipalsAllowedToRetrieveManagedPassword <ADPrincipal[]>] [-SamAccountName &lt;string&gt;] [-ServicePrincipalNames <string[]>]**
 
     |Parameter|String|Example|
     |-------|-----|------|
     |Name|Name of the account|ITFarm1|
     |DNSHostName|DNS host name of service|ITFarm1.contoso.com|
-    |KerberosEncryptionType|Any encryption types supported by the host servers|RC4, AES128, AES256|
+    |KerberosEncryptionType|Any encryption types supported by the host servers|None, RC4, AES128, AES256|
     |ManagedPasswordIntervalInDays|Password change interval in days (default is 30 days if not provided)|90|
     |PrincipalsAllowedToRetrieveManagedPassword|The computer accounts of the member hosts or the security group that the member hosts are a member of|ITFarmHosts|
     |SamAccountName|NetBIOS name for the service if not same as Name|ITFarm1|
-    |ServicePrincipalNames|Service Principal Names (SPNs) for the service|http/ITFarm1.contoso.com/contoso.com, http/ITFarm1.contoso.com/contoso, http/ITFarm1/contoso.com, http/ITFarm1/contoso|
+    |ServicePrincipalNames|Service Principal Names (SPNs) for the service|http/ITFarm1.contoso.com/contoso.com, http/ITFarm1.contoso.com/contoso, http/ITFarm1/contoso.com, http/ITFarm1/contoso, MSSQLSvc/ITFarm1.contoso.com:1433, MSSQLSvc/ITFarm1.contoso.com:INST01|
 
     > [!IMPORTANT]
     > The password change interval can only be set during creation. If you need to change the interval, you must create a new gMSA and set it at creation time.
-
+   
     **Example**
 
     Enter the command on a single line, even though they might appear word-wrapped across several lines here because of formatting constraints.
@@ -178,7 +182,7 @@ Membership in **Domain Admins**, **Account Operators**, or ability to create msD
 
 2.  At the command prompt for the Windows PowerShell Active Directory module, type the following commands, and then press ENTER:
 
-    **New-ADServiceAccount [-Name] <string> -RestrictToOutboundAuthenticationOnly [-ManagedPasswordIntervalInDays <Nullable[Int32]>] [-PrincipalsAllowedToRetrieveManagedPassword <ADPrincipal[]>]**
+    **New-ADServiceAccount [-Name] &lt;string&gt; -RestrictToOutboundAuthenticationOnly [-ManagedPasswordIntervalInDays <Nullable[Int32]>] [-PrincipalsAllowedToRetrieveManagedPassword <ADPrincipal[]>]**
 
     |Parameter|String|Example|
     |-------|-----|------|
@@ -188,8 +192,8 @@ Membership in **Domain Admins**, **Account Operators**, or ability to create msD
 
     > [!IMPORTANT]
     > The password change interval can only be set during creation. If you need to change the interval, you must create a new gMSA and set it at creation time.
-
-**Example**
+    
+  **Example**
 
 ```PowerShell
 New-ADServiceAccount ITFarm1 -RestrictToOutboundAuthenticationOnly - PrincipalsAllowedToRetrieveManagedPassword ITFarmHosts$
@@ -239,11 +243,11 @@ Membership in **Domain Admins**, **Account Operators**, or ability to manage msD
 
 2.  At the command prompt for the Windows PowerShell Active Directory module, type the following commands, and then press ENTER:
 
-    **Get-ADServiceAccount [-Name] <string> -PrincipalsAllowedToRetrieveManagedPassword**
+    **Get-ADServiceAccount [-Name] &lt;string&gt; -PrincipalsAllowedToRetrieveManagedPassword**
 
 3.  At the command prompt for the Windows PowerShell Active Directory module, type the following commands, and then press ENTER:
 
-    **Set-ADServiceAccount [-Name] <string> -PrincipalsAllowedToRetrieveManagedPassword <ADPrincipal[]>**
+    **Set-ADServiceAccount [-Name] &lt;string&gt; -PrincipalsAllowedToRetrieveManagedPassword <ADPrincipal[]>**
 
 |Parameter|String|Example|
 |-------|-----|------|
@@ -297,11 +301,11 @@ Membership in **Domain Admins**, **Account Operators**, or ability to manage msD
 
 2.  At the command prompt for the Windows PowerShell Active Directory module, type the following commands, and then press ENTER:
 
-    **Get-ADServiceAccount [-Name] <string> -PrincipalsAllowedToRetrieveManagedPassword**
+    **Get-ADServiceAccount [-Name] &lt;string&gt; -PrincipalsAllowedToRetrieveManagedPassword**
 
 3.  At the command prompt for the Windows PowerShell Active Directory module, type the following commands, and then press ENTER:
 
-    **Set-ADServiceAccount [-Name] <string> -PrincipalsAllowedToRetrieveManagedPassword <ADPrincipal[]>**
+    **Set-ADServiceAccount [-Name] &lt;string&gt; -PrincipalsAllowedToRetrieveManagedPassword <ADPrincipal[]>**
 
 |Parameter|String|Example|
 |-------|-----|------|
@@ -331,7 +335,7 @@ Membership in **Administrators**, or equivalent, is the minimum required to comp
 
 2.  At the command prompt for the Windows PowerShell Active Directory module, type the following commands, and then press ENTER:
 
-    **Uninstall-ADServiceAccount < ADServiceAccount>**
+    **Uninstall-ADServiceAccount &lt;ADServiceAccount&gt;**
 
     **Example**
 

WindowsServerDocs/storage/storage-spaces/configure-azure-monitor.md

@@ -3,14 +3,12 @@ title: Understand and Configure Azure Monitor
 description: Detailed setup information on what Azure Monitor is and how to configure email and sms alerts for your storage spaces direct cluster in Windows Server 2016 and 2019.
 keywords: Storage Spaces Direct,azure monitor, notifications, email, sms
 ms.assetid: 
-ms.prod: 
+ms.prod: windows-server-threshold
 ms.author: adagashe
 ms.technology: storage-spaces
 ms.topic: article
 author: adagashe
-ms.date: 3/26/2019 
-ms.localizationpriority: 
----
+ms.date: 01/10/2020 
 ---
 # Use Azure Monitor to send emails for Health Service Faults
 
@@ -43,7 +41,15 @@ All data collected by Azure Monitor fits into one of two fundamental types: metr
 
 We will have more details below on how to configure these alerts.
 
-## Configuring Health Service
+## Onboarding your cluster using Windows Admin Center
+
+Using Windows Admin Center, you can onboard your cluster to Azure Monitor.
+
+![Gif of onboarding cluster to Azure Monitor"](media/configure-azure-monitor/onboarding.gif)
+
+During this onboarding flow, the steps below are happening under the hood. We detail how to configure them in detail in case you want to manually setup your cluster. 
+
+### Configuring Health Service
 
 The first thing that you need to do is configure your cluster. As you may know, the [Health Service](../../failover-clustering/health-service-overview.md) improves the day-to-day monitoring and operational experience for clusters running Storage Spaces Direct. 
 
@@ -62,7 +68,7 @@ get-storagesubsystem clus* | Set-StorageHealthSetting -Name "Platform.ETW.MasTyp
 
 When you run the cmdlet above to set the Health Settings, you cause the events we want to begin being written to the *Microsoft-Windows-Health/Operational* event channel.
 
-## Configuring Log Analytics
+### Configuring Log Analytics
 
 Now that you have setup the proper logging on your cluster, the next step is to properly configure log analytics.
 
@@ -72,11 +78,11 @@ To understand the supported configuration, review [supported Windows operating s
 
 If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
 
-### Login in to Azure Portal
+#### Login in to Azure Portal
 
 Log in to the Azure portal at [https://portal.azure.com](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
 
-### Create a workspace
+#### Create a workspace
 
 For more details on the steps listed below, see the [Azure Monitor documentation](https://docs.microsoft.com/azure/azure-monitor/learn/quick-collect-windows-computer).
 
@@ -96,7 +102,7 @@ For more details on the steps listed below, see the [Azure Monitor documentation
 
 While the information is verified and the workspace is created, you can track its progress under **Notifications** from the menu. 
 
-### Obtain workspace ID and key
+#### Obtain workspace ID and key
 Before installing the Microsoft Monitoring Agent for Windows, you need the workspace ID and key for your Log Analytics workspace.  This information is required by the setup wizard to properly configure the agent and ensure it can successfully communicate with Log Analytics.  
 
 1. In the Azure portal, click **All services** found in the upper left-hand corner. In the list of resources, type **Log Analytics**. As you begin typing, the list filters based on your input. Select **Log Analytics**.
@@ -105,7 +111,7 @@ Before installing the Microsoft Monitoring Agent for Windows, you need the works
 4. Select **Connected Sources**, and then select **Windows Servers**.   
 5. The value to the right of **Workspace ID** and **Primary Key**. Save both temporarily - copy and paste both into your favorite editor for the time being.   
 
-## Installing the agent on Windows
+### Installing the agent on Windows
 The following steps install and configure the Microsoft Monitoring Agent. **Be sure to install this agent on each server in your cluster and indicate that you want the agent to run at Windows Startup.**
 
 1. On the **Windows Servers** page, select the appropriate **Download Windows Agent** version to download depending on the processor architecture of the Windows operating system.
@@ -127,7 +133,30 @@ When complete, the **Microsoft Monitoring Agent** appears in **Control Panel**.
 
 To understand the supported configuration, review [supported Windows operating systems](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent#supported-windows-operating-systems) and [network firewall configuration](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent#network-firewall-requirements).
 
-## Collecting event and performance data
+## Setting up alerts using Windows Admin Center
+
+In Windows Admin Center, you can configure default alerts that will apply to all servers in your Log Analytics workspace. 
+
+![Gif of setting up alerts"](media/configure-azure-monitor/setup1.gif)
+
+These are the alerts and their default conditions that you can opt into:
+
+| Alert Name                | Default Condition                                  |
+|---------------------------|----------------------------------------------------|
+| CPU utilization           | Over 85% for 10 minutes                            |
+| Disk capacity utilization | Over 85% for 10 minutes                            |
+| Memory utilization        | Available memory less than 100 MB for 10 minutes   |
+| Heartbeat                 | Fewer than 2 beats for 5 minutes                   |
+| System critical error     | Any critical alert in the cluster system event log |
+| Health service alert      | Any health service fault on the cluster            |
+
+Once you configure the alerts in Windows Admin Center, you can see the alerts in your log analytics workspace in Azure.
+
+![Gif of setting up alerts"](media/configure-azure-monitor/setup2.gif)
+
+During this onboarding flow, the steps below are happening under the hood. We detail how to configure them in detail in case you want to manually setup your cluster. 
+
+### Collecting event and performance data
 
 Log Analytics can collect events from the Windows event log and performance counters that you specify for longer term analysis and reporting, and take action when a particular condition is detected.  Follow these steps to configure collection of events from the Windows event log, and several common performance counters to start with.  
 
@@ -207,11 +236,16 @@ Now, let's walk through an example for creating an alert.
 
 ### Example alert
 
-For reference, this is what an example alert looks like:
+For reference, this is what an example alert looks like in Azure.
+
+![Gif of alert in Azure](media/configure-azure-monitor/alert.gif)
+
+Below is an example of the email that you will be send by Azure Monitor:
 
 ![Alert email example](media/configure-azure-monitor/warning.png)
 
 ## See also
 
 - [Storage Spaces Direct overview](storage-spaces-direct-overview.md)
 - For more detailed information, read the [Azure Monitor documentation](https://docs.microsoft.com/azure/azure-monitor/learn/tutorial-viewdata).
+- Read this for an overview on how to [connect to other Azure hybrid services](../../manage/windows-admin-center/azure/index.md).

WindowsServerDocs/storage/storage-spaces/media/configure-azure-monitor/alert.gif

@@ -93,7 +93,7 @@ In this section:
 This series only has 64-bit kernels.
 
 
-|                                                                 **Feature**                                                                  |     **Windows Server version**     |                             **7.5-7.6**                             |                             **7.3-7.4**                             |                             **7.0-7.2**                             |     **7.5-7.6**     |       **7.4**       |       **7.3**       |       **7.2**       |       **7.1**       |        **7.0**         |
+|                                                                 **Feature**                                                                  |     **Windows Server version**     |                             **7.5-7.7**                             |                             **7.3-7.4**                             |                             **7.0-7.2**                             |     **7.5-7.7**     |       **7.4**       |       **7.3**       |       **7.2**       |       **7.1**       |        **7.0**         |
 |----------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------|---------------------------------------------------------------------|---------------------------------------------------------------------|---------------------------------------------------------------------|---------------------|---------------------|---------------------|---------------------|---------------------|------------------------|
 |                                                               **Availability**                                                               |                                    | [LIS 4.3](https://www.microsoft.com/download/details.aspx?id=55106) | [LIS 4.3](https://www.microsoft.com/download/details.aspx?id=55106) | [LIS 4.3](https://www.microsoft.com/download/details.aspx?id=55106) |      Built in       |      Built in       |      Built in       |      Built in       |      Built in       |        Built in        |
 |                          **[Core](Feature-Descriptions-for-Linux-and-FreeBSD-virtual-machines-on-Hyper-V.md#core)**                          | 2019, 2016, 2012 R2, 2012, 2008 R2 |                              ✔                               |                              ✔                               |                              ✔                               |      ✔       |      ✔       |      ✔       |      ✔       |      ✔       |        ✔        |