Merge branch '1925568-single-script-python' of https://github.com/laujan/azure-docs-pr into 1925568-single-script-python

Author: laujan

.openpublishing.redirection.json

@@ -25208,6 +25208,11 @@
       "redirect_url": "/azure/azure-sql/managed-instance/scripts/create-configure-managed-instance-cli",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/azure-sql/managed-instance/azure-app-sync-network-configuration.md",
+      "redirect_url": "/azure/azure-sql/managed-instance/index.yml",
+      "redirect_document_id": false
+    },    
     {
       "source_path_from_root": "/articles/sql-database/scripts/sql-database-copy-database-to-new-server-cli.md",
       "redirect_url": "/azure/azure-sql/database/scripts/copy-database-to-new-server-cli",

articles/active-directory/app-provisioning/skip-out-of-scope-deletions.md

@@ -76,7 +76,7 @@ Copy the updated text from Step 3 into the "Request Body".
 
 Click on “Run Query”. 
 
-You should get the output as "Success – Status Code 204". 
+You should get the output as "Success – Status Code 204". If you receive an error you may need to check that your account has Read/Write permissions for ServicePrincipalEndpoint. You can find this permission by clicking on the *Modify permissions* tab in Graph Explorer.
 
    ![PUT response](./media/skip-out-of-scope-deletions/skip-06.png)
 

articles/active-directory/app-provisioning/use-scim-to-build-users-and-groups-endpoints.md

@@ -99,7 +99,7 @@ The default token validation code is configured to use an Azure AD token and req
 
 After you deploy the SCIM endpoint, you can test to ensure that it's compliant with SCIM RFC. This example provides a set of tests in Postman that validate CRUD (create, read, update, and delete) operations on users and groups, filtering, updates to group membership, and disabling users.
 
-The endpoints are in the `{host}/scim/` directory, and you can use standard HTTP requests to interact with them. To modify the `/scim/` route, see *TokenController.cs* in **SCIMReferenceCode** > **Microsoft.SCIM.WebHostSample** > **Controllers**.
+The endpoints are in the `{host}/scim/` directory, and you can use standard HTTP requests to interact with them. To modify the `/scim/` route, see *ControllerConstant.cs* in **AzureADProvisioningSCIMreference** > **ScimReferenceApi** > **Controllers**.
 
 > [!NOTE]
 > You can only use HTTP endpoints for local tests. The Azure AD provisioning service requires that your endpoint support HTTPS.
@@ -141,4 +141,4 @@ To develop a SCIM-compliant user and group endpoint with interoperability for a
 
 > [!div class="nextstepaction"]
 > [Tutorial: Develop and plan provisioning for a SCIM endpoint](use-scim-to-provision-users-and-groups.md)
-> [Tutorial: Configure provisioning for a gallery app](configure-automatic-user-provisioning-portal.md)
+> [Tutorial: Configure provisioning for a gallery app](configure-automatic-user-provisioning-portal.md)

articles/active-directory/app-proxy/application-proxy-high-availability-load-balancing.md

@@ -28,7 +28,7 @@ Connectors establish their connections based on principles for high availability
 ![Diagram showing connections between users and connectors](media/application-proxy-high-availability-load-balancing/application-proxy-connections.png)
 
 1. A user on a client device tries to access an on-premises application published through Application Proxy.
-2. The request goes through an Azure Load Balancer to determine which Application Proxy service instance should take the request. Per region, there are tens of instances available to accept the request. This method helps to evenly distribute the traffic across the service instances.
+2. The request goes through an Azure Load Balancer to determine which Application Proxy service instance should take the request. There are tens of instances available to accept the requests for all traffic in the region. This method helps to evenly distribute the traffic across the service instances.
 3. The request is sent to [Service Bus](../../service-bus-messaging/index.yml).
 4. Service Bus signals to an available connector. The connector then picks up the request from Service Bus.
    - In step 2, requests go to different Application Proxy service instances, so connections are more likely to be made with different connectors. As a result, connectors are almost evenly used within the group.
@@ -89,4 +89,4 @@ Refer to your software vendor's documentation to understand the load-balancing r
 - [Enable single-sign on](application-proxy-configure-single-sign-on-with-kcd.md)
 - [Enable Conditional Access](./application-proxy-integrate-with-sharepoint-server.md)
 - [Troubleshoot issues you're having with Application Proxy](application-proxy-troubleshoot.md)
-- [Learn how Azure AD architecture supports high availability](../fundamentals/active-directory-architecture.md)
+- [Learn how Azure AD architecture supports high availability](../fundamentals/active-directory-architecture.md)

articles/active-directory/azuread-dev/active-directory-authentication-libraries.md

@@ -41,7 +41,7 @@ The Azure Active Directory Authentication Library (ADAL) v1.0 enables applicatio
 | JavaScript |ADAL.js |[GitHub](https://github.com/AzureAD/azure-activedirectory-library-for-js) |[GitHub](https://github.com/AzureAD/azure-activedirectory-library-for-js) |[Single-page app](https://github.com/Azure-Samples/active-directory-javascript-singlepageapp-dotnet-webapi) | |
 | iOS, macOS |ADAL |[GitHub](https://github.com/AzureAD/azure-activedirectory-library-for-objc/releases) |[GitHub](https://github.com/AzureAD/azure-activedirectory-library-for-objc) |[iOS app](../develop/quickstart-v2-ios.md) | [Reference](http://cocoadocs.org/docsets/ADAL/2.5.1/)|
 | Android |ADAL |[Maven](https://search.maven.org/search?q=g:com.microsoft.aad+AND+a:adal&core=gav) |[GitHub](https://github.com/AzureAD/azure-activedirectory-library-for-android) |[Android app](../develop/quickstart-v2-android.md) | [JavaDocs](https://javadoc.io/doc/com.microsoft.aad/adal/)|
-| Node.js |ADAL |[npm](https://www.npmjs.com/package/adal-node) |[GitHub](https://github.com/AzureAD/azure-activedirectory-library-for-nodejs) | [Node.js web app](https://github.com/Azure-Samples/active-directory-node-webapp-openidconnect)|[Reference](/javascript/api/overview/azure/activedirectory) |
+| Node.js |ADAL |[npm](https://www.npmjs.com/package/adal-node) |[GitHub](https://github.com/AzureAD/azure-activedirectory-library-for-nodejs) | [Node.js web app](https://github.com/Azure-Samples/active-directory-node-webapp-openidconnect)|[Reference](/javascript/api/overview/azure/active-directory) |
 | Java |ADAL4J |[Maven](https://search.maven.org/#search%7Cga%7C1%7Ca%3Aadal4j%20g%3Acom.microsoft.azure) |[GitHub](https://github.com/AzureAD/azure-activedirectory-library-for-java) |[Java web app](https://github.com/Azure-Samples/active-directory-java-webapp-openidconnect) |[Reference](https://javadoc.io/doc/com.microsoft.azure/adal4j) |
 | Python |ADAL |[GitHub](https://github.com/AzureAD/azure-activedirectory-library-for-python) |[GitHub](https://github.com/AzureAD/azure-activedirectory-library-for-python) |[Python web app](https://github.com/Azure-Samples/active-directory-python-webapp-graphapi) |[Reference](https://adal-python.readthedocs.io/) |
 

articles/active-directory/cloud-infrastructure-entitlement-management/cloudknox-product-data-sources.md

@@ -62,7 +62,7 @@ You can use the **Data Collectors** dashboard in CloudKnox Permissions Managemen
 1. Select the ellipses **(...)** at the end of the row in the table.
 1. Select **Edit Configuration**. 
 
-    The **M-CIEM Onboarding - Summary** box displays.
+    The **CloudKnox Onboarding - Summary** box displays.
 
 1. Select **Edit** (the pencil icon) for each field you want to change. 
 1. Select **Verify now & save**.

articles/active-directory/conditional-access/block-legacy-authentication.md

@@ -16,7 +16,7 @@ ms.collection: M365-identity-device-management
 To give your users easy access to your cloud apps, Azure Active Directory (Azure AD) supports a broad variety of authentication protocols including legacy authentication. However, legacy authentication doesn't support multifactor authentication (MFA). MFA is in many environments a common requirement to address identity theft. 
 
 > [!NOTE]
-> Effective October 1, 2022, we will begin to permanently disable Basic Authentication for Exchange Online in all Microsoft 365 tenants regardless of usage, except for SMTP Authentication.
+> Effective October 1, 2022, we will begin to permanently disable Basic Authentication for Exchange Online in all Microsoft 365 tenants regardless of usage, except for SMTP Authentication. Read more [here](/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online)
 
 Alex Weinert, Director of Identity Security at Microsoft, in his March 12, 2020 blog post [New tools to block legacy authentication in your organization](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/new-tools-to-block-legacy-authentication-in-your-organization/ba-p/1225302#) emphasizes why organizations should block legacy authentication and what other tools Microsoft provides to accomplish this task:
 

articles/active-directory/develop/consent-framework.md

@@ -10,10 +10,10 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 10/21/2020
+ms.date: 03/14/2022
 ms.author: ryanwi
-ms.reviewer: zachowd, lenalepa, jesakowi
-ms.custom: has-adal-ref
+ms.reviewer: phsignor, jesakowi
+ms.custom: 
 ---
 
 # Azure Active Directory consent framework
@@ -32,17 +32,17 @@ The following steps show you how the consent experience works for both the appli
 
 1. Assume you have a web client application that needs to request specific permissions to access a resource/API. You'll learn how to do this configuration in the next section, but essentially the Azure portal is used to declare permission requests at configuration time. Like other configuration settings, they become part of the application's Azure AD registration:
 
-    ![Permissions to other applications](./media/consent-framework/permissions.png)
+    :::image type="content" source="./media/consent-framework/permissions.png" alt-text="Permissions to other applications" lightbox="./media/consent-framework/permissions.png":::
 
 1. Consider that your application’s permissions have been updated, the application is running, and a user is about to use it for the first time. First, the application needs to obtain an authorization code from Azure AD’s `/authorize` endpoint. The authorization code can then be used to acquire a new access and refresh token.
 
 1. If the user is not already authenticated, Azure AD's `/authorize` endpoint prompts the user to sign in.
 
-    ![User or administrator sign in to Azure AD](./media/consent-framework/usersignin.png)
+    :::image type="content" source="./media/consent-framework/usersignin.png" alt-text="User or administrator sign in to Azure AD":::
 
 1. After the user has signed in, Azure AD will determine if the user needs to be shown a consent page. This determination is based on whether the user (or their organization’s administrator) has already granted the application consent. If consent has not already been granted, Azure AD prompts the user for consent and displays the required permissions it needs to function. The set of permissions that are displayed in the consent dialog match the ones selected in the **Delegated permissions** in the Azure portal.
 
-    ![Shows an example of permissions displayed in the consent dialog](./media/consent-framework/consent.png)
+    :::image type="content" source="./media/consent-framework/consent.png" alt-text="Shows an example of permissions displayed in the consent dialog":::
 
 1. After the user grants consent, an authorization code is returned to your application, which is redeemed to acquire an access token and refresh token. For more information about this flow, see [OAuth 2.0 authorization code flow](v2-oauth2-auth-code-flow.md).
 
@@ -53,7 +53,7 @@ The following steps show you how the consent experience works for both the appli
    1. Go to the **API permissions** page for your application
    1. Click on the **Grant admin consent** button.
 
-      ![Grant permissions for explicit admin consent](./media/consent-framework/grant-consent.png)
+      :::image type="content" source="./media/consent-framework/grant-consent.png" alt-text="Grant permissions for explicit admin consent" lightbox="./media/consent-framework/grant-consent.png":::
 
    > [!IMPORTANT]
    > Granting explicit consent using the **Grant permissions** button is currently required for single-page applications (SPA) that use MSAL.js. Otherwise, the application fails when the access token is requested.