Merge pull request #186844 from MicrosoftDocs/master

1/31 AM Publish

Author: huypub

.openpublishing.redirection.json

@@ -45237,6 +45237,21 @@
       "redirect_url": "/azure/cognitive-services/translator/custom-translator/v2-preview/beginners-guide",
       "redirect_document_id": true
     },
+    {
+      "source_path_from_root": "/articles/azure/devtest-labs/scripts/create-verify-virtual-machine-in-lab-cli.md",
+      "redirect_url": "/azure/devtest-labs/samples-cli",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/azure/devtest-labs/scripts/start-connect-virtual-machine-in-lab-cli.md",
+      "redirect_url": "/azure/devtest-labs/samples-cli",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/azure/devtest-labs/scripts/stop-delete-virtual-machine-in-lab-cli.md",
+      "redirect_url": "/azure/devtest-labs/samples-cli",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/azure-monitor/agents/azure-monitor-agent-install.md",
       "redirect_url": "/azure/azure-monitor/agents/azure-monitor-agent-manage",

articles/active-directory-b2c/partner-f5.md

@@ -1,18 +1,19 @@
 ---
-title: Tutorial to extend Azure Active Directory B2C with F5 BIG-IP  
+title: Tutorial to enable Secure Hybrid Access to applications with Azure AD B2C and F5 BIG-IP
 titleSuffix: Azure AD B2C
 description: Learn how to integrate Azure AD B2C authentication with F5 BIG-IP for secure hybrid access 
-author: gargi-sinha
-ms.author: gasinh
+author: NishthaBabith-V
+ms.author: v-nisba
 manager: martinco
 ms.service: active-directory
 ms.subservice: B2C
 ms.workload: identity
 ms.topic: how-to
 ms.date: 10/15/2021
+ms.reviewer: v-nisba
 ---
 
-# Tutorial: Extend Azure Active Directory B2C using F5 BIG-IP
+# Tutorial: Secure Hybrid Access to applications with Azure AD B2C and F5 BIG-IP
 
 In this sample tutorial, learn how to integrate Azure Active Directory (Azure AD) B2C with [F5 BIG-IP Access Policy Manager (APM)](https://www.f5.com/services/resources/white-papers/easily-configure-secure-access-to-all-your-applications-via-azure-active-directory). This tutorial demonstrates how legacy applications can be securely exposed to the internet through BIG-IP security combined with Azure AD B2C pre-authentication, Conditional Access (CA), and Single sign-on (SSO).
 
@@ -73,8 +74,6 @@ The following diagram illustrates the Service Provider (SP) initiated flow for t
 | 5. | OIDC client asks the authorization server to exchange authorization code for an ID token |
 | 6. | BIG-IP APM grants user access and injects the HTTP headers in the client request forwarded on to the application |
 
-For increased security, organizations using this pattern could also consider blocking all direct access to the application, in that way forcing a strict path through the BIG-IP.
-
 ## Azure AD B2C Configuration
 
 Enabling a BIG-IP with Azure AD B2C authentication requires an Azure AD B2C tenant with a suitable user flow or custom policy. [Set up an Azure AD B2C user flow](tutorial-create-user-flows.md).
@@ -337,6 +336,8 @@ You will then be redirected to sign up and authenticate against your Azure AD B2
 
 ![Screenshot shows post sign in welcome message](./media/partner-f5/welcome-page.png)
 
+For increased security, organizations using this pattern could also consider blocking all direct access to the application, in that way forcing a strict path through the BIG-IP.
+
 ### Supplemental configurations
 
 **Single Log-Out (SLO)**
@@ -358,7 +359,7 @@ One optional step for improving the user login experience would be to suppress t
 
    ![Screenshot shows optimized login flow](./media/partner-f5/optimized-login-flow.png)
 
-   Unlocking the strict configuration prevents any further changes via the wizard UI, leaving all BIG-IP objects associated with the published instance of the application open for direct management.
+Unlocking the strict configuration prevents any further changes via the wizard UI, leaving all BIG-IP objects associated with the published instance of the application open for direct management.
 
 2. Navigate to **Access** > **Profiles/ Policies** > **Access Profiles (Per-session Policies)** and select the **Per-Session Policy** Edit link for the application’s policy object.
 
@@ -405,11 +406,11 @@ Your application’s logs would then help understand if it received those attrib
 
   ![Screenshot shows the error message](./media/partner-f5/error-message.png)
 
-  This is a policy violation due to the BIG-IP’s inability to validate the signature of the token issued by Azure AD B2C. The same access log should be able to provide more detail on the issue.
+This is a policy violation due to the BIG-IP’s inability to validate the signature of the token issued by Azure AD B2C. The same access log should be able to provide more detail on the issue.
 
   ![Screenshot shows the access logs](./media/partner-f5/access-log.png)
 
-  Exact root cause is still being investigated by F5 engineering, but issue appears related to the AGC not enabling the Auto JWT setting during deployment, thereby preventing the APM from obtaining the current token signing keys.
+Exact root cause is still being investigated by F5 engineering, but issue appears related to the AGC not enabling the Auto JWT setting during deployment, thereby preventing the APM from obtaining the current token signing keys.
 
   Until resolved, one way to work around the issue is to manually enable this setting. 
 
@@ -421,7 +422,7 @@ Your application’s logs would then help understand if it received those attrib
 
   4. Check the **Use Auto JWT** box then select **Discover**, followed by **Save**.
 
-    You should now see the Key (JWT) field populated with the key ID (KID) of the token signing certificate provided through the OpenID URI metadata.
+You should now see the Key (JWT) field populated with the key ID (KID) of the token signing certificate provided through the OpenID URI metadata.
 
   5. Finally, select the yellow **Apply Access Policy** option in the top left-hand corner, located next to the F5 logo. Apply those settings and select **Apply** again to refresh the access profile list.
 

articles/active-directory/develop/scenario-daemon-overview.md

@@ -34,6 +34,14 @@ Here are some examples of use cases for daemon apps:
 
 There's another common case where non-daemon applications use client credentials: even when they act on behalf of users, they need to access a web API or a resource under their own identity for technical reasons. An example is access to secrets in Azure Key Vault or Azure SQL Database for a cache.
 
+> [!NOTE]
+> You can't deploy a daemon application to a regular user's device, and a regular user can't access a daemon application. Only a limited set of IT administrators can access devices that have daemon applications running, so a bad actor can't access a client secret or token from device traffic and act on behalf of the daemon application. The daemon application scenario doesn't replace device authentication.
+>
+> Examples of non-daemon applications:
+> - A mobile application that accesses a web service on behalf of an application, but not on behalf of a user.
+> - An IoT device that accesses a web service on behalf of a device, but not on behalf of a user.
+>
+
 Applications that acquire a token for their own identities:
 
 - Are confidential client applications. These apps, given that they access resources independently of users, need to prove their identity. They're also rather sensitive apps. They need to be approved by the Azure Active Directory (Azure AD) tenant admins.