Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into azure-communication-services-10dlc-articles

Author: ShawnJackson

articles/active-directory-b2c/media/partner-nok-nok/nok-nok-id-token-hint-architecture-diagram.png

@@ -40,7 +40,7 @@ To enable passkey authentication for your users, enable Nok Nok as an identity p
 
 The following diagram illustrates the Nok Nok solution as an IdP for Azure AD B2C by using OpenID Connect (OIDC) for passkey authentication.
 
-![Diagram of Nok Nok as IdP for Azure AD B2C using OpenID Connect (OIDC) for passkey authentication.](./media/partner-nok-nok/nok-nok-architecture-diagram.png)
+![Diagram for passkey authentication with Nok Nok as an IdP.](./media/partner-nok-nok/nok-nok-architecture-diagram.png)
 
 ### Scenario 1: Passkey registration
 1. The user navigates to the Nok Nok tutorial web app using the link provided by Nok Nok.
@@ -52,9 +52,11 @@ The following diagram illustrates the Nok Nok solution as an IdP for Azure AD B2
 ### Scenario 2: Passkey authentication
 1. The user selects the sign-in with Nok Nok Cloud button on the Azure AD B2C sign-in page.
 2. Azure AD B2C redirects the user to the Nok Nok sign-in app.
-3. The user authenticates with their passkey.
-4. The Nok Nok server validates the passkey assertion and sends an OIDC authentication response to Azure AD B2C.
-5. Based on the authentication result, Azure AD B2C either grants or denies access to the target application.
+3. The user requests passkey authentication
+4. The user authenticates with their passkey.
+5. The Nok Nok Cloud validates the passkey assertion
+6. The Nok Nok Cloud sends an OIDC authentication response to Azure AD B2C.
+7. Based on the authentication result, Azure AD B2C either grants or denies access to the target application.
 
 ## Get started with Nok Nok
 
@@ -125,6 +127,22 @@ For the following instructions, Nok Nok is a new OIDC IdP in the B2C identity pr
 
 If the flow is incomplete, confirm the user is or isn't saved in the directory.
 
+## Alternate flow for Authentication
+
+The following diagram illustrates an alternate passkey sign in or sign up flow using the ID Token Hint feature of Azure AD B2C. With this approach, an Azure custom policy verifies the ID Token Hint produced by the Nok Nok Cloud. For more details, please refer to the article, [Define an ID token hint technical profile in an Azure Active Directory B2C custom policy](./id-token-hint.md). Please contact Nok Nok support for help with integrated the required Azure custom policy.
+
+![Diagram for passkey authentication using ID Token Hint from Nok Nok.](./media/partner-nok-nok/nok-nok-id-token-hint-architecture-diagram.png)
+
+The following are the steps
+1. The user selects the sign-in with Nok Nok Cloud button.
+2. The Nok Nok Cloud request passkey authentication.
+3. The user authenticates with their passkey.
+4. The Nok Nok Cloud validates the passkey assertion.
+5. The ID Token Hint is returned.
+6. The App posts an OIDC request with the ID Token Hint to Azure AD B2C.
+7. Azure AD B2C Custom Policy verifies the ID Token Hint.
+8. Based on the authentication result, Azure AD B2C either grants or denies access to the target application.
+
 ## Next steps
 
 * [Azure AD B2C custom policy overview](./custom-policy-overview.md)

articles/active-directory-b2c/partner-nok-nok.md

@@ -1,7 +1,7 @@
 ---
 title: "What's new in Azure Active Directory business-to-customer (B2C)"
 description: "New and updated documentation for the Azure Active Directory business-to-customer (B2C)."
-ms.date: 04/01/2025
+ms.date: 07/03/2025
 ms.service: azure-active-directory
 ms.subservice: b2c
 ms.topic: whats-new
@@ -18,6 +18,15 @@ manager: CelesteDG
 
 Welcome to what's new in Azure Active Directory B2C documentation. This article lists new and significantly updated docs from the past three months. To learn what's new with the B2C service, see [What's new in Microsoft Entra ID](../active-directory/fundamentals/whats-new.md), [Azure AD B2C developer release notes](custom-policy-developer-notes.md) and [What's new in Microsoft Entra External ID](/entra/external-id/whats-new-docs).
 
+## June 2025
+
+### Updated articles
+
+- [Configure Cloudflare Web Application Firewall with Azure Active Directory B2C](partner-cloudflare.md) - Added a note about Azure Front Door-managed certificates
+- [Azure AD B2C: Frequently asked questions (FAQ)](faq.yml) - Updated the note in the Azure AD B2C end-of-sale section
+- [Page layout versions](page-layout.md) - Added updates related to CAPTCHA
+- [Securing phone-based multifactor authentication](phone-based-mfa.md) - Added information on preventing fraudulent sign-ups 
+
 ## April 2025
 
 ### Updated articles
@@ -32,12 +41,3 @@ This month, we added an important note to our articles stating that starting May
 ### Updated articles
 - [Error codes: Azure Active Directory B2C](error-codes.md) - Updated error messages
 
-## February 2025
-
-### Updated articles
-
-- [Enable multifactor authentication in Azure Active Directory B2C](multi-factor-authentication.md) - Added SMS pricing
-- [Page layout versions](page-layout.md) - Updated the latest versions of the self-asserted and MFA pages
-- [Azure AD B2C: Frequently asked questions (FAQ)](faq.yml) - Added billing name change for SMS phone
-- [Enable CAPTCHA in Azure Active Directory B2C](add-captcha.md) - Added CAPTCHA feature flag
-

articles/active-directory-b2c/whats-new-docs.md

@@ -30,6 +30,8 @@ The virtual network must be in the same region and Azure subscription as the API
 
 * The subnet used for virtual network integration or injection can only be used by a single workspace gateway. It can't be shared with another Azure resource.
 
+[!INCLUDE [api-management-virtual-network-address-prefix](../../includes/api-management-virtual-network-address-prefix.md)]
+
 ## Subnet size 
 
 * Minimum: /27 (32 addresses)

articles/api-management/virtual-network-workspaces-resources.md

@@ -4,7 +4,7 @@ description: Learn how App Service plans work in Azure App Service, how they're
 keywords: app service, azure app service, scale, scalable, scalability, app service plan, app service cost
 ms.assetid: dea3f41e-cf35-481b-a6bc-33d7fc9d01b1
 ms.topic: overview
-ms.date: 03/28/2025
+ms.date: 07/02/2025
 ms.update-cycle: 1095-days
 ms.author: msangapu
 author: msangapu-msft
@@ -123,7 +123,19 @@ However, keep in mind that apps in the same App Service plan all share the same
 
 Isolate your app in a new App Service plan when:
 
-- The app is resource intensive.
+- The app is resource intensive. For general guidance, use this table:
+
+  | App Service plan | Maximum apps |
+  |--|--|
+  | B1, S1, P1v2, I1v1 | 8 |
+  | B2, S2, P2v2, I2v1 | 16 |
+  | B3, S3, P3v2, I3v1 | 32 |
+  | P0v3 | 8 |
+  | P1v3, I1v2 | 16 |
+  | P2v3, I2v2, P1mv3 | 32 |
+  | P3v3, I3v2, P2mv3 | 64 |
+  | I4v2, I5v2, I6v2 | Maximum density bound by vCPU usage |
+  | P3mv3, P4mv3, P5mv3 | Maximum density bound by vCPU usage |
 - You want to scale the app independently from the other apps in the existing plan.
 - The app needs resources in a different geographical region. This way, you can allocate a new set of resources for your app and gain greater control of your apps.
 

articles/app-service/overview-hosting-plans.md

@@ -5,6 +5,7 @@ ms.service: azure-automanage
 ms.custom: devx-track-arm-template
 ms.topic: how-to
 ms.date: 12/10/2021
+# Customer intent: "As an IT administrator, I want to onboard a machine to Azure Automanage using an ARM template, so that I can automate configuration management and ensure adherence to best practices efficiently."
 ---
 
 # Onboard a machine to Automanage with an Azure Resource Manager (ARM) template

articles/automanage/arm-deploy.md

@@ -4,6 +4,7 @@ description: Learn how an Automanage Account works and how to create one.
 ms.service: azure-automanage
 ms.topic: concept-article
 ms.date: 12/10/2021
+# Customer intent: As a system administrator, I want to create and configure an Automanage Account, so that I can enable automated operations on my virtual machines and manage permissions effectively across multiple subscriptions.
 ---
 
 # Automanage Accounts

articles/automanage/automanage-account.md

@@ -5,6 +5,7 @@ ms.service: azure-automanage
 ms.collection: linux
 ms.topic: concept-article
 ms.date: 05/12/2022
+# Customer intent: As an IT administrator managing Arc-enabled servers, I want to configure Azure services using Automanage best practices, so that I can streamline monitoring, updates, and compliance for my virtual machines efficiently before the service retirement.
 ---
 
 # Azure Automanage for Machines Best Practices - Azure Arc-enabled servers

articles/automanage/automanage-arc.md

@@ -8,6 +8,7 @@ ms.collection: linux
 ms.topic: concept-article
 ms.date: 12/10/2021
 ms.author: memccror
+# Customer intent: As a system administrator managing Linux virtual machines, I want to automate the onboarding and configuration of best practices services, so that I can ensure optimal performance, security, and compliance without manual intervention.
 ---
 
 # Azure Automanage for Machines Best Practices - Linux

articles/automanage/automanage-linux.md

@@ -6,6 +6,7 @@ ms.service: azure-automanage
 ms.topic: concept-article
 ms.date: 11/1/2021
 ms.author: jol
+# Customer intent: "As an IT administrator managing virtual machines, I want to implement Automanage machine best practices for SMB over QUIC, so that I can ensure secure connectivity and compliance with certificate management without manual oversight."
 ---
 
 # SMB over QUIC with Automanage machine best practices