Merge pull request #228526 from MicrosoftDocs/main

2/24 PM Publish

Author: huypub

.openpublishing.redirection.json

@@ -13399,6 +13399,11 @@
             "redirect_url": "/previous-versions/azure/search/search-how-to-index-power-query-data-sources",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/search/search-performance-optimization.md",
+            "redirect_url": "/azure/search/search-reliability",
+            "redirect_document_id": true
+        },
         {
             "source_path_from_root": "/articles/search/cognitive-search-quickstart-ocr.md",
             "redirect_url": "/azure/search/cognitive-search-quickstart-blob",

articles/active-directory/app-provisioning/application-provisioning-quarantine-status.md

@@ -75,16 +75,16 @@ A job can go into quarantine regardless of failure counts for issues such as adm
 
 The logic documented here may be different for certain connectors to ensure best customer experience, but we generally have the below retry cycles after a failure:
 
-After the first failure, the first retry happens within the next 2 hours (usually in the next sync cycle).
-- The second retry happens 6 hours after the first failure.
-- The third retry happens 12 hours after the first failure.
-- The fourth retry happens 24 hours after the first failure.
-- The fifth retry happens 48 hours after the first failure.
-- The sixth retry happens 72 hours after the first failure.
-- The seventh retry happens 96 hours after the first failure.
-- The eighth retry happens 120 hours after the first failure.
-
-This cycle is repeated every 24 hours until the 30th day when retries are stopped and the job is disabled. 
+After the failure, the first retry will happen in 6 hours.
+- The second retry happens 12 hours after the first failure.
+- The third retry happens 24 hours after the first failure.
+- The fourth retry happens 48 hours after the first failure.
+- The fifth retry happens 96 hours after the first failure.
+- The sixth retry happens 192 hours after the first failure.
+- The seventh retry happens 384 hours after the first failure.
+- The eighth retry happens 768 hours after the first failure.
+
+The retries are stopped after the 8th retry and the escrow entry is removed. The job will continue unless it hits the escrow thresholds from the section above 
 
 
 ## How do I get my application out of quarantine?

articles/active-directory/conditional-access/resilience-defaults.md

@@ -54,7 +54,7 @@ If the required controls of a policy weren't previously satisfied, the policy is
 - Country location (resolving new IP or GPS coordinates)
 - Authentication strengths
 
-When active, the Backup Authentication Service doesn't evaluate authentication methods required by [authentication strengths](../authentication/concept-authentication-strengths.md). If you used a non-phishing-resistant authentication method before an outage, during an outage you aren't be prompted for multifactor authentication even if accessing a resource protected by a Conditional Access policy with a phishing-resistant authentication strength.
+When active, the Backup Authentication Service doesn't evaluate authentication methods required by [authentication strengths](../authentication/concept-authentication-strengths.md). If you used a non-phishing-resistant authentication method before an outage, during an outage you aren't prompted for multifactor authentication even if accessing a resource protected by a Conditional Access policy with a phishing-resistant authentication strength.
 
 ## Resilience defaults enabled
 

articles/active-directory/develop/msal-net-aad-b2c-considerations.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 05/07/2020
+ms.date: 02/21/2023
 ms.author: henrymbugua
 ms.reviewer: saeeda, jeferrie
 ms.custom: "devx-track-csharp, aaddev"
@@ -29,9 +29,9 @@ This article applies to MSAL.NET 3.x. For MSAL.NET 2.x, see [Azure AD B2C specif
 
 The authority format for Azure AD B2C is: `https://{azureADB2CHostname}/tfp/{tenant}/{policyName}`
 
-- `azureADB2CHostname` - The name of the Azure AD B2C tenant plus the host. For example, *contosob2c.b2clogin.com*.
-- `tenant` - The domain name or the directory (tenant) ID of the Azure AD B2C tenant. For example, *contosob2c.onmicrosoft.com* or a GUID, respectively.
-- `policyName` - The name of the user flow or custom policy to apply. For example, a sign-up/sign-in policy like *b2c_1_susi*.
+- `azureADB2CHostname` - The name of the Azure AD B2C tenant plus the host. For example, _contosob2c.b2clogin.com_.
+- `tenant` - The domain name or the directory (tenant) ID of the Azure AD B2C tenant. For example, _contosob2c.onmicrosoft.com_ or a GUID, respectively.
+- `policyName` - The name of the user flow or custom policy to apply. For example, a sign-up/sign-in policy like _b2c_1_susi_.
 
 For more information about Azure AD B2C authorities, see [Set redirect URLs to b2clogin.com](../../active-directory-b2c/b2clogin.md).
 
@@ -77,7 +77,7 @@ catch (MsalUiRequiredException ex)
                         .WithAccount(account)
                         .WithParentActivityOrWindow(ParentActivityOrWindow)
                         .ExecuteAsync();
-}  
+}
 ```
 
 In the preceding code snippet:
@@ -116,12 +116,12 @@ private async void EditProfileButton_Click(object sender, RoutedEventArgs e)
 
 For more information on the ROPC flow, see [Sign in with resource owner password credentials grant](v2-oauth-ropc.md).
 
-The ROPC flow is **not recommended** because asking a user for their password in your application is not secure. For more information about this problem, see [What’s the solution to the growing problem of passwords?](https://news.microsoft.com/features/whats-solution-growing-problem-passwords-says-microsoft/).
+The ROPC flow is **not recommended** because asking a user for their password in your application isn't secure. For more information about this problem, see [What’s the solution to the growing problem of passwords?](https://news.microsoft.com/features/whats-solution-growing-problem-passwords-says-microsoft/).
 
 By using username/password in an ROPC flow, you sacrifice several things:
 
 - Core tenets of modern identity: The password can be fished or replayed because the shared secret can be intercepted. By definition, ROPC is incompatible with passwordless flows.
-- Users who need to do MFA won't be able to sign in (as there is no interaction).
+- Users who use multi-factor authentication (MFA) won't be able to sign in as there's no interaction.
 - Users won't be able to use single sign-on (SSO).
 
 ### Configure the ROPC flow in Azure AD B2C
@@ -137,21 +137,19 @@ AcquireTokenByUsernamePassword(
             SecureString password)
 ```
 
-This `AcquireTokenByUsernamePassword` method takes the following parameters:
+The `AcquireTokenByUsernamePassword` method takes the following parameters:
 
-- The *scopes* for which to obtain an access token.
-- A *username*.
-- A SecureString *password* for the user.
+- The _scopes_ for which to obtain an access token.
+- A _username_.
+- A SecureString _password_ for the user.
 
 ### Limitations of the ROPC flow
 
 The ROPC flow **only works for local accounts**, where your users have registered with Azure AD B2C using an email address or username. This flow doesn't work when federating to an external identity provider supported by Azure AD B2C (Facebook, Google, etc.).
 
 ## Google auth and embedded webview
 
-If you're using Google as an identity provider, we recommend you use the system browser as Google doesn't allow [authentication from embedded webviews](https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html). Currently, `login.microsoftonline.com` is a trusted authority with Google and will work with embedded webview. However, `b2clogin.com` is not a trusted authority with Google, so users will not be able to authenticate.
-
-We'll provide an update to this [issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/688) if things change.
+If you're using Google as an identity provider, we recommend you use the system browser as Google doesn't allow [authentication from embedded webviews](https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html). Currently, `login.microsoftonline.com` is a trusted authority with Google and will work with embedded webview. However, `b2clogin.com` isn't a trusted authority with Google, so users won't be able to authenticate.
 
 ## Token caching in MSAL.NET
 
@@ -186,6 +184,6 @@ For more information about specifying which claims are returned by your user flo
 
 More details about acquiring tokens interactively with MSAL.NET for Azure AD B2C applications are provided in the following sample.
 
-| Sample | Platform | Description|
-|------ | -------- | -----------|
-|[active-directory-b2c-xamarin-native](https://github.com/Azure-Samples/active-directory-b2c-xamarin-native) | Xamarin iOS, Xamarin Android, UWP | A Xamarin Forms app that uses MSAL.NET to authenticate users via Azure AD B2C and then access a web API with the tokens returned.|
+| Sample                                                                                                      | Platform                          | Description                                                                                                                       |
+| ----------------------------------------------------------------------------------------------------------- | --------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- |
+| [active-directory-b2c-xamarin-native](https://github.com/Azure-Samples/active-directory-b2c-xamarin-native) | Xamarin iOS, Xamarin Android, UWP | A Xamarin Forms app that uses MSAL.NET to authenticate users via Azure AD B2C and then access a web API with the tokens returned. |

articles/active-directory/devices/howto-vm-sign-in-azure-ad-linux.md

@@ -43,7 +43,7 @@ The following Linux distributions are currently supported for deployments in a s
 | CentOS | CentOS 7, CentOS 8 |
 | Debian | Debian 9, Debian 10, Debian 11 |
 | openSUSE | openSUSE Leap 42.3, openSUSE Leap 15.1+ |
-| RedHat Enterprise Linux (RHEL) | RHEL 7.4 to RHEL 7.10, RHEL 8.3+ |
+| RedHat Enterprise Linux (RHEL) | RHEL 7.4 to RHEL 7.9, RHEL 8.3+ |
 | SUSE Linux Enterprise Server (SLES) | SLES 12, SLES 15.1+ |
 | Ubuntu Server | Ubuntu Server 16.04 to Ubuntu Server 22.04 |
 

articles/active-directory/enterprise-users/licensing-service-plan-reference.md

@@ -424,10 +424,8 @@ The following service plans cannot be assigned together:
 | Service Plan Name | GUID |
 | --- | --- |
 | EXCHANGE_B_STANDARD	| 90927877-dcff-4af6-b346-2332c0b15bb7 |
-| EXCHANGE_L_STANDARD	| d42bdbd6-c335-4231-ab3d-c8f348d5aff5 |
 | EXCHANGE_S_ARCHIVE	| da040e0a-b393-4bea-bb76-928b3fa1cf5a |
 | EXCHANGE_S_DESKLESS	| 4a82b400-a79f-41a4-b4e2-e94f5787b113 |
-| EXCHANGE_S_ENTERPRISE	| efb87545-963c-4e0d-99df-69c6916d9eb0 |
 | EXCHANGE_S_ESSENTIALS	| 1126bef5-da20-4f07-b45e-ad25d2581aa8 |
 | EXCHANGE_S_STANDARD	| 9aaf7827-d63c-4b61-89c3-182f06f82e5c |
 | EXCHANGE_S_STANDARD_MIDMARKET	| fc52cc4b-ed7d-472d-bbe7-b081c23ecc56 |

articles/active-directory/fundamentals/data-protection-considerations.md

@@ -83,7 +83,6 @@ For more information about Secret encryption at rest, see the following table.
 
 * [Microsoft Service Trust Documents](https://servicetrust.microsoft.com/Documents/TrustDocuments)
 * [Microsoft Azure Trust Center](https://azure.microsoft.com/overview/trusted-cloud/)
-* [Where is my data? - Office 365 documentation](http://o365datacentermap.azurewebsites.net/)
 * [Recover from deletions in Azure Active Directory](recover-from-deletions.md)
 
 ## Next steps