Merge branch 'main' into release-preview-private-5g-core

Author: v-alje

CODEOWNERS

@@ -24,13 +24,6 @@ articles/azure-monitor/vm @bwren
 articles/advisor @rboucher
 articles/service-health @rboucher
 
-
-# Azure Active Directory
-/articles/active-directory-b2c/ @msmimart @yoelhor
-/articles/active-directory/app-provisioning/ @CelesteDG
-/articles/active-directory/develop/ @mmacy
-/articles/active-directory/manage-apps/ @CelesteDG
-
 # Azure Synapse Analytics
 /articles/synapse-analytics/ @julieMSFT @ryanmajidi @saveenr 
 /articles/synapse-analytics/backuprestore/ @joannapea @julieMSFT

articles/active-directory/authentication/howto-authentication-passwordless-security-key.md

@@ -26,14 +26,14 @@ This document focuses on enabling security key based passwordless authentication
 - [Azure AD Multi-Factor Authentication](howto-mfa-getstarted.md)
 - Enable [Combined security information registration](concept-registration-mfa-sspr-combined.md)
 - Compatible [FIDO2 security keys](concept-authentication-passwordless.md#fido2-security-keys)
-- WebAuthN requires Windows 10 version 1903 or higher**
+- WebAuthN requires Windows 10 version 1903 or higher
 
 To use security keys for logging in to web apps and services, you must have a browser that supports the WebAuthN protocol. 
 These include Microsoft Edge, Chrome, Firefox, and Safari.
 
 ## Prepare devices
 
-For Azure AD joined devices the best experience is on Windows 10 version 1903 or higher.
+For Azure AD joined devices, the best experience is on Windows 10 version 1903 or higher.
 
 Hybrid Azure AD joined devices must run Windows 10 version 2004 or higher.
 

articles/active-directory/develop/active-directory-certificate-credentials.md

@@ -40,7 +40,7 @@ To compute the assertion, you can use one of the many JWT libraries in the langu
 
 Claim type | Value | Description
 ---------- | ---------- | ----------
-`aud` | `https://login.microsoftonline.com/{tenantId}/v2.0` | The "aud" (audience) claim identifies the recipients that the JWT is intended for (here Azure AD) See [RFC 7519, Section 4.1.3](https://tools.ietf.org/html/rfc7519#section-4.1.3).  In this case, that recipient is the login server (login.microsoftonline.com).
+`aud` | `https://login.microsoftonline.com/{tenantId}/V2.0/token` | The "aud" (audience) claim identifies the recipients that the JWT is intended for (here Azure AD) See [RFC 7519, Section 4.1.3](https://tools.ietf.org/html/rfc7519#section-4.1.3).  In this case, that recipient is the login server (login.microsoftonline.com).
 `exp` | 1601519414 | The "exp" (expiration time) claim identifies the expiration time on or after which the JWT MUST NOT be accepted for processing. See [RFC 7519, Section 4.1.4](https://tools.ietf.org/html/rfc7519#section-4.1.4).  This allows the assertion to be used until then, so keep it short - 5-10 minutes after `nbf` at most.  Azure AD does not place restrictions on the `exp` time currently. 
 `iss` | {ClientID} | The "iss" (issuer) claim identifies the principal that issued the JWT, in this case your client application.  Use the GUID application ID.
 `jti` | (a Guid) | The "jti" (JWT ID) claim provides a unique identifier for the JWT. The identifier value MUST be assigned in a manner that ensures that there is a negligible probability that the same value will be accidentally assigned to a different data object; if the application uses multiple issuers, collisions MUST be prevented among values produced by different issuers as well. The "jti" value is a case-sensitive string. [RFC 7519, Section 4.1.7](https://tools.ietf.org/html/rfc7519#section-4.1.7)
@@ -62,7 +62,7 @@ The signature is computed by applying the certificate as described in the [JSON
 }
 .
 {
-  "aud": "https: //login.microsoftonline.com/contoso.onmicrosoft.com/oauth2/token",
+  "aud": "https: //login.microsoftonline.com/contoso.onmicrosoft.com/oauth2/V2.0/token",
   "exp": 1484593341,
   "iss": "97e0a5b7-d745-40b6-94fe-5f77d35c6e05",
   "jti": "22b3bb26-e046-42df-9c96-65dbd72c1c81",

articles/active-directory/governance/entitlement-management-logs-and-reporting.md

@@ -27,22 +27,20 @@ Azure AD stores audit events for up to 30 days in the audit log. However, you ca
 
 
 ## Configure Azure AD to use Azure Monitor
-Before using the Azure Monitor workbooks, you must configure Azure AD to send a copy of its audit logs to Azure Monitor.
+Before you use the Azure Monitor workbooks, you must configure Azure AD to send a copy of its audit logs to Azure Monitor.
 
 Archiving Azure AD audit logs requires you to have Azure Monitor in an Azure subscription. You can read more about the prerequisites and estimated costs of using Azure Monitor in [Azure AD activity logs in Azure Monitor](../reports-monitoring/concept-activity-logs-azure-monitor.md).
 
-**Prerequisite role**: Global Admin
+**Prerequisite role**: Global Administrator
 
 1. Sign in to the Azure portal as a user who is a Global Admin. Make sure you have access to the resource group containing the Azure Monitor workspace.
 
 1. Select **Azure Active Directory** then click **Diagnostic settings** under Monitoring in the left navigation menu. Check if there's already a setting to send the audit logs to that workspace.
 
-1. If there isn't already a setting, click **Add diagnostic setting**. Use the instructions in the article [Integrate Azure AD logs with Azure Monitor logs](../reports-monitoring/howto-integrate-activity-logs-with-log-analytics.md#send-logs-to-azure-monitor)
-to send the Azure AD audit log to the Azure Monitor workspace.
+1. If there isn't already a setting, click **Add diagnostic setting**. Use the instructions in [Integrate Azure AD logs with Azure Monitor logs](../reports-monitoring/howto-integrate-activity-logs-with-log-analytics.md#send-logs-to-azure-monitor) to send the Azure AD audit log to the Azure Monitor workspace.
 
     ![Diagnostics settings pane](./media/entitlement-management-logs-and-reporting/audit-log-diagnostics-settings.png)
 
-
 1. After the log is sent to Azure Monitor, select **Log Analytics workspaces**, and select the workspace that contains the Azure AD audit logs.
 
 1. Select **Usage and estimated costs** and click **Data Retention**. Change the slider to the number of days you want to keep the data to meet your auditing requirements.
@@ -55,7 +53,6 @@ to send the Azure AD audit log to the Azure Monitor workspace.
 
     1. Expand the section **Azure Active Directory Troubleshooting**, and click on **Archived Log Date Range**. 
 
-
 ## View events for an access package  
 
 To view events for an access package, you must have access to the underlying Azure monitor workspace (see [Manage access to log data and workspaces in Azure Monitor](../../azure-monitor/logs/manage-access.md#manage-access-using-azure-permissions) for information) and in one of the following roles: 
@@ -188,5 +185,5 @@ $bResponse = Invoke-AzOperationalInsightsQuery -WorkspaceId $wks[0].CustomerId -
 $bResponse.Results |ft 
 ```
 
-## Next steps:
+## Next steps
 - [Create interactive reports with Azure Monitor workbooks](../../azure-monitor/visualize/workbooks-overview.md)