Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr …

…into container-insights
MicrosoftDocs · May 26, 2022 · e7c14ae · e7c14ae
2 parents 7f0310f + a9e1c7f
commit e7c14ae
Show file tree

Hide file tree

Showing 1,253 changed files with 18,711 additions and 8,047 deletions.
diff --git a/.openpublishing.redirection.azure-monitor.json b/.openpublishing.redirection.azure-monitor.json
@@ -65,6 +65,11 @@
             "redirect_url": "/azure/azure-monitor/logs/cost-logs",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/azure-monitor/logs/design-logs-deployment.md",
+            "redirect_url": "/azure/azure-monitor/logs/workspace-design",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/azure-monitor/app/apm-tables.md",
             "redirect_url": "/azure/azure-monitor/app/convert-classic-resource#workspace-based-resource-changes",
@@ -94,6 +99,26 @@
             "source_path_from_root": "/articles/azure-monitor/containers/container-insights-azure-redhat4-setup.md" ,
             "redirect_url": "/azure/azure-monitor/containers/container-insights-transition-hybrid",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/alerts/alerts-metric-overview.md" ,
+            "redirect_url": "/azure/azure-monitor/alerts/alert-types.md#metric-alerts",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/alerts/alerts-managing-alert-instances.md" ,
+            "redirect_url": "/azure/azure-monitor/alerts/alerts-page.md",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/alerts/alerts-unified-log.md" ,
+            "redirect_url": "/azure/azure-monitor/alerts/alert-types.md#log-alerts",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/alerts/activity-log-alerts.md" ,
+            "redirect_url": "/azure/azure-monitor/alerts/alert-types.md#activity-log-alerts",
+            "redirect_document_id": false
         }
     ]
 }
diff --git a/.openpublishing.redirection.defender-for-cloud.json b/.openpublishing.redirection.defender-for-cloud.json
@@ -15,6 +15,11 @@
             "redirect_url": "/azure/defender-for-cloud/policy-reference",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/security-center/security-center-identity-access.md",
+            "redirect_url": "/azure/defender-for-cloud/multi-factor-authentication-enforcement",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/security-center/security-center-policy-definitions.md",
             "redirect_url": "/azure/defender-for-cloud/policy-reference",

diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
@@ -27419,6 +27419,11 @@
       "redirect_url": "/azure/web-application-firewall/afds/afds-overview",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/web-application-firewall/waf-cdn-create-portal.md",
+      "redirect_url": "/azure/web-application-firewall/cdn/cdn-overview",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/frontdoor/waf-faq.md",
       "redirect_url": "/azure/web-application-firewall/afds/waf-faq",
@@ -43290,9 +43295,24 @@
       "redirect_document_id": true
     },
     {
-      "source_path_from_root": "/articles/aks/web-app-routing.md",
-      "redirect_url": "/azure/aks/intro-kubernetes",
-      "redirect_document_id": false
+      "source_path_from_root": "/articles/virtual-network/nat-gateway/tutorial-create-nat-gateway-portal.md",
+      "redirect_url": "/azure/virtual-network/nat-gateway/quickstart-create-nat-gateway-portal",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/virtual-network/nat-gateway/tutorial-create-nat-gateway-powershell.md",
+      "redirect_url": "/azure/virtual-network/nat-gateway/quickstart-create-nat-gateway-powershell",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/virtual-network/nat-gateway/tutorial-create-nat-gateway-cli.md",
+      "redirect_url": "/azure/virtual-network/nat-gateway/quickstart-create-nat-gateway-cli",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/private-link/private-endpoint-static-ip-powershell.md",
+      "redirect_url": "/azure/private-link/create-private-endpoint-powershell",
+      "redirect_document_id": true
     }
   ]
 }
diff --git a/articles/active-directory-b2c/media/partner-gallery/asignio-logo.png b/articles/active-directory-b2c/media/partner-gallery/asignio-logo.png
diff --git a/articles/active-directory-b2c/quickstart-web-app-dotnet.md b/articles/active-directory-b2c/quickstart-web-app-dotnet.md
@@ -85,7 +85,7 @@ Azure Active Directory B2C provides functionality to allow users to update their
 
     The ASP.NET web application includes an Azure AD access token in the request to the protected web API resource to perform operations on the user's to-do list items.
 
-You've successfully used your Azure AD B2C user account to make an authorized call an Azure AD B2C protected web API.
+You've successfully used your Azure AD B2C user account to make an authorized call to an Azure AD B2C protected web API.
 
 
 ## Next steps

diff --git a/...directory/app-provisioning/on-premises-application-provisioning-architecture.md b/...directory/app-provisioning/on-premises-application-provisioning-architecture.md
@@ -142,6 +142,14 @@ Microsoft provides direct support for the latest agent version and one version b
 ### Download link
 You can download the latest version of the agent using [this link](https://aka.ms/onpremprovisioningagent).
 
+### 1.1.892.0 
+
+May 20th, 2022 - released for download
+
+#### Fixed issues
+
+- We added support for exporting changes to integer attributes, which benefits customers using the generic LDAP connector.
+
 ### 1.1.846.0
 
 April 11th, 2022 - released for download

diff --git a/...les/active-directory/app-provisioning/use-scim-to-provision-users-and-groups.md b/...les/active-directory/app-provisioning/use-scim-to-provision-users-and-groups.md
@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 04/13/2022
+ms.date: 05/25/2022
 ms.author: kenwith
 ms.reviewer: arvinh
 ---
@@ -1350,7 +1350,7 @@ The SCIM spec doesn't define a SCIM-specific scheme for authentication and autho
 |Username and password (not recommended or supported by Azure AD)|Easy to implement|Insecure - [Your Pa$$word doesn't matter](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/your-pa-word-doesn-t-matter/ba-p/731984)|Not supported for new gallery or non-gallery apps.|
 |Long-lived bearer token|Long-lived tokens do not require a user to be present. They are easy for admins to use when setting up provisioning.|Long-lived tokens can be hard to share with an admin without using insecure methods such as email. |Supported for gallery and non-gallery apps. |
 |OAuth authorization code grant|Access tokens are much shorter-lived than passwords, and have an automated refresh mechanism that long-lived bearer tokens do not have.  A real user must be present during initial authorization, adding a level of accountability. |Requires a user to be present. If the user leaves the organization, the token is invalid and authorization will need to be completed again.|Supported for gallery apps, but not non-gallery apps. However, you can provide an access token in the UI as the secret token for short term testing purposes. Support for OAuth code grant on non-gallery is in our backlog, in addition to support for configurable auth / token URLs on the gallery app.|
-|OAuth client credentials grant|Access tokens are much shorter-lived than passwords, and have an automated refresh mechanism that long-lived bearer tokens do not have. Both the authorization code grant and the client credentials grant create the same type of access token, so moving between these methods is transparent to the API.  Provisioning can be completely automated, and new tokens can be silently requested without user interaction. ||Not supported for gallery and non-gallery apps. Support is in our backlog.|
+|OAuth client credentials grant|Access tokens are much shorter-lived than passwords, and have an automated refresh mechanism that long-lived bearer tokens do not have. Both the authorization code grant and the client credentials grant create the same type of access token, so moving between these methods is transparent to the API.  Provisioning can be completely automated, and new tokens can be silently requested without user interaction. ||Supported for gallery apps, but not non-gallery apps. However, you can provide an access token in the UI as the secret token for short term testing purposes. Support for OAuth client credentials grant on non-gallery is in our backlog.|
 
 > [!NOTE]
 > It's not recommended to leave the token field blank in the Azure AD provisioning configuration custom app UI. The token generated is primarily available for testing purposes.

diff --git a/articles/active-directory/authentication/concept-registration-mfa-sspr-combined.md b/articles/active-directory/authentication/concept-registration-mfa-sspr-combined.md
@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 03/1/2022
+ms.date: 05/24/2022
 
 ms.author: justinha
 author: justinha
@@ -73,6 +73,9 @@ Users can set one of the following options as the default Multi-Factor Authentic
 - Phone call
 - Text message
 
+>[!NOTE]
+>Virtual phone numbers are not supported for Voice calls or SMS messages.
+
 Third party authenticator apps do not provide push notification. As we continue to add more authentication methods to Azure AD, those methods become available in combined registration.
 
 ## Combined registration modes

diff --git a/articles/active-directory/authentication/how-to-mfa-number-match.md b/articles/active-directory/authentication/how-to-mfa-number-match.md
@@ -243,11 +243,10 @@ To enable number matching in the Azure AD portal, complete the following steps:
    ![Screenshot of enabling number match.](media/howto-authentication-passwordless-phone/enable-number-matching.png)
 
 >[!NOTE]
->[Least privilege role in Azure Active Directory - Multi-factor Authentication](https://docs.microsoft.com/azure/active-directory/roles/delegate-by-task#multi-factor-authentication)
+>[Least privilege role in Azure Active Directory - Multi-factor Authentication](../roles/delegate-by-task.md#multi-factor-authentication)
 
 Number matching is not supported for Apple Watch notifications. Apple Watch need to use their phone to approve notifications when number matching is enabled.
 
 ## Next steps
 
-[Authentication methods in Azure Active Directory - Microsoft Authenticator app](concept-authentication-authenticator-app.md)
-
+[Authentication methods in Azure Active Directory - Microsoft Authenticator app](concept-authentication-authenticator-app.md)
diff --git a/...es/active-directory/conditional-access/concept-condition-filters-for-devices.md b/...es/active-directory/conditional-access/concept-condition-filters-for-devices.md
@@ -23,7 +23,7 @@ There are multiple scenarios that organizations can now enable using filter for
 
 - **Restrict access to privileged resources**. For this example, lets say you want to allow access to Microsoft Azure Management from a user who is assigned a privilged role Global Admin, has satisfied multifactor authentication and accessing from a device that is [privileged or secure admin workstations](/security/compass/privileged-access-devices) and attested as compliant. For this scenario, organizations would create two Conditional Access policies:
    - Policy 1: All users with the directory role of Global administrator, accessing the Microsoft Azure Management cloud app, and for Access controls, Grant access, but require multifactor authentication and require device to be marked as compliant.
-   - Policy 2: All users with the directory role of Global administrator, accessing the Microsoft Azure Management cloud app, excluding a filter for devices using rule expression device.extensionAttribute1 equals SAW and for Access controls, Block. Learn how to [update extensionAttributes on an Azure AD device object](https://docs.microsoft.com/graph/api/device-update?view=graph-rest-1.0&tabs=http).
+   - Policy 2: All users with the directory role of Global administrator, accessing the Microsoft Azure Management cloud app, excluding a filter for devices using rule expression device.extensionAttribute1 equals SAW and for Access controls, Block. Learn how to [update extensionAttributes on an Azure AD device object](/graph/api/device-update?tabs=http&view=graph-rest-1.0).
 - **Block access to organization resources from devices running an unsupported Operating System**. For this example, lets say you want to block access to resources from Windows OS version older than Windows 10. For this scenario, organizations would create the following Conditional Access policy:
    - All users, accessing all cloud apps, excluding a filter for devices using rule expression device.operatingSystem equals Windows and device.operatingSystemVersion startsWith "10.0" and for Access controls, Block.
 - **Do not require multifactor authentication for specific accounts on specific devices**. For this example, lets say you want to not require multifactor authentication when using service accounts on specific devices like Teams phones or Surface Hub devices. For this scenario, organizations would create the following two Conditional Access policies:
@@ -148,4 +148,4 @@ The filter for devices condition in Conditional Access evaluates policy based on
 - [Update device Graph API](/graph/api/device-update?tabs=http)
 - [Conditional Access: Conditions](concept-conditional-access-conditions.md)
 - [Common Conditional Access policies](concept-conditional-access-policy-common.md)
-- [Securing devices as part of the privileged access story](/security/compass/privileged-access-devices)
+- [Securing devices as part of the privileged access story](/security/compass/privileged-access-devices)
diff --git a/articles/active-directory/develop/includes/desktop-app/quickstart-uwp.md b/articles/active-directory/develop/includes/desktop-app/quickstart-uwp.md
@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: include
 ms.workload: identity
-ms.date: 03/04/2022
+ms.date: 05/19/2022
 ms.author: jmprieur
 ms.custom: aaddev, identityplatformtop40, "scenarios:getting-started", "languages:UWP", mode-api
 #Customer intent: As an application developer, I want to learn how my Universal Windows Platform (UWP) application can get an access token and call an API that's protected by the Microsoft identity platform.
@@ -134,7 +134,7 @@ Some situations require forcing users to interact with the Microsoft identity pl
 - When two factor authentication is required
 
 ```csharp
-authResult = await App.PublicClientApp.AcquireTokenInteractive(scopes)
+authResult = await PublicClientApp.AcquireTokenInteractive(scopes)
                       .ExecuteAsync();
 ```
 
@@ -145,9 +145,9 @@ The `scopes` parameter contains the scopes being requested, such as `{ "user.rea
 Use the `AcquireTokenSilent` method to obtain tokens to access protected resources after the initial `AcquireTokenInteractive` method. You don’t want to require the user to validate their credentials every time they need to access a resource. Most of the time you want token acquisitions and renewal without any user interaction
 
 ```csharp
-var accounts = await App.PublicClientApp.GetAccountsAsync();
+var accounts = await PublicClientApp.GetAccountsAsync();
 var firstAccount = accounts.FirstOrDefault();
-authResult = await App.PublicClientApp.AcquireTokenSilent(scopes, firstAccount)
+authResult = await PublicClientApp.AcquireTokenSilent(scopes, firstAccount)
                                       .ExecuteAsync();
 ```
 

diff --git a/...les/active-directory/develop/includes/desktop-app/quickstart-windows-desktop.md b/...les/active-directory/develop/includes/desktop-app/quickstart-windows-desktop.md
@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: include
 ms.workload: identity
-ms.date: 03/04/2022
+ms.date: 05/19/2022
 ms.author: jmprieur
 ms.custom: aaddev, identityplatformtop40, mode-api
 #Customer intent: As an application developer, I want to learn how my Windows Presentation Foundation (WPF) application can get an access token and call an API that's protected by the Microsoft identity platform.
@@ -134,7 +134,7 @@ Some situations require forcing users interact with the Microsoft identity platf
 - When two factor authentication is required
 
 ```csharp
-authResult = await App.PublicClientApp.AcquireTokenInteractive(_scopes)
+authResult = await app.AcquireTokenInteractive(_scopes)
                                       .ExecuteAsync();
 ```
 
@@ -147,9 +147,9 @@ authResult = await App.PublicClientApp.AcquireTokenInteractive(_scopes)
 You don't want to require the user to validate their credentials every time they need to access a resource. Most of the time you want token acquisitions and renewal without any user interaction. You can use the `AcquireTokenSilent` method to obtain tokens to access protected resources after the initial `AcquireTokenInteractive` method:
 
 ```csharp
-var accounts = await App.PublicClientApp.GetAccountsAsync();
+var accounts = await app.GetAccountsAsync();
 var firstAccount = accounts.FirstOrDefault();
-authResult = await App.PublicClientApp.AcquireTokenSilent(scopes, firstAccount)
+authResult = await app.AcquireTokenSilent(scopes, firstAccount)
                                       .ExecuteAsync();
 ```