Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Banani-Rath

.openpublishing.redirection.iot-hub.json

@@ -938,7 +938,6 @@
       "redirect_url": "/azure/iot-hub/tutorial-x509-scripts",
       "redirect_document_id": false
     },
- 
     {
       "source_path_from_root": "/articles/iot-hub/iot-hub-gateway-kit-c-iot-gateway-connect-device-to-cloud.md",
       "redirect_url": "https://github.com/Azure/iot-edge/tree/master/v1/doc/commercial_gateway_kit/iot-hub-gateway-kit-c-iot-gateway-connect-device-to-cloud.md",
@@ -1005,7 +1004,11 @@
       "redirect_url": "https://github.com/Azure/iot-edge/tree/master/v1/samples/simulated_device_cloud_upload/iot-hub-windows-iot-edge-simulated-device.md",
       "redirect_document_id": false
     },
-  
+    {
+      "source_path_from_root": "/articles/iot-hub/tutorial-firmware-update.md",
+      "redirect_url": "/azure/iot-hub-device-update/device-update-raspberry-pi",
+      "redirect_document_id": false
+    }
 
   ]
 }

.openpublishing.redirection.json

@@ -44243,6 +44243,21 @@
       "redirect_url": "/azure/azure-monitor/logs/log-powerbi",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/azure-monitor/deploy.md",
+      "redirect_url": "/azure/azure-monitor/best-practices",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/azure-monitor/deploy-scale.md",
+      "redirect_url": "/azure/azure-monitor/best-practices",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/azure-monitor/visualizations.md",
+      "redirect_url": "/azure/azure-monitor/best-practices-analysis",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/load-balancer/tutorial-load-balancer-standard-manage-portal.md",
       "redirect_url": "/azure/load-balancer/quickstart-load-balancer-standard-public-portal",

articles/active-directory/authentication/TOC.yml

@@ -58,6 +58,8 @@
       href: /office365/admin/security-and-compliance/set-up-multi-factor-authentication
     - name: FAQ
       href: multi-factor-authentication-faq.yml
+    - name: Operator assistance
+      href: concept-authentication-operator-assistance.md
   - name: Password protection
     items:
     - name: Combined password policy check 

articles/active-directory/authentication/concept-authentication-operator-assistance.md

@@ -0,0 +1,37 @@
+---
+title: Operator assistance in Azure Active Directory 
+description: Learn about deprecation of operator assistance feature in Azure Active Directory
+
+services: active-directory
+ms.service: active-directory
+ms.subservice: authentication
+ms.topic: conceptual
+ms.date: 10/19/2021
+
+ms.author: justinha
+author: justinha
+manager: daveba
+ms.reviewer: ripull
+
+ms.collection: M365-identity-device-management
+---
+# How to enable and disable operator assistance
+
+Operator assistance is a feature within Azure AD that allows an operator to manually transfer phone calls instead of automatic transfer. When this setting is enabled, the office phone number is dialed and when answered, the system asks the operator to transfer the call to a given extension.
+
+Operator assistance can be enabled for an entire tenant or for an individual user. If the setting is **On**, the entire tenant is enabled for operator assistance. If you choose **Phone call** as the default method and have an extension specified as part of your office phone number (delineated by **x**), an operator can manually transfer the phone call.
+
+For example, let's say a customer in U.S has an office phone number 425-555-1234x5678. When operator assistance is enabled, the system will dial 425-555-1234. Once answered, the customer (also known as the operator) is asked to transfer the call to extension 5678. Once transferred and answered, the system recites the normal MFA prompt and awaits approval.
+
+If the setting is **Off**, the system will automatically dial extensions as part of the phone number. Your admin can still specify individual users who should be enabled for operator assistance by prefixing the extension with ‘@’. For example, 425-555-1234x@5678 would indicate that operator assistance should be used, even though the setting is **Off**.
+
+You can check the status of this feature in your own tenant by navigating to the [Azure AD portal](https://ms.portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade), then in the left pane, click **Security** > **MFA** > **Phone call settings**. Check **Operator required to transfer extensions** to see if the setting is **On** or **Off**. 
+
+![Screenshot of operator assistance settings](./media/concept-authentication-operator-assistance/settings.png)
+
+You can improve the reliability, security, and create a frictionless MFA experience by using the following guidance:
+
+- You have [registered a direct phone number](https://aka.ms/mfasetup) (contains no extension) or [other method](concept-authentication-methods.md) to be used for Multi-Factor Authentication or self-service password reset if enabled. 
+- Your admins have registered a direct phone number (contains no extension) on behalf of the user to be used for [Multi-Factor Authentication](howto-mfa-userdevicesettings.md#add-authentication-methods-for-a-user) or [self-service password reset](tutorial-enable-sspr.md) if enabled. 
+- Phone system supports automated attendant functionality. 
+ 

articles/active-directory/authentication/concept-authentication-passwordless.md

@@ -142,7 +142,7 @@ The following providers offer FIDO2 security keys of different form factors that
 | IDmelon Technologies Inc. | ![y]              | ![y]| ![y]| ![y]| ![n]           | https://www.idmelon.com/#idmelon                                                                    |
 | Kensington                | ![y]              | ![y]| ![n]| ![n]| ![n]           | https://www.kensington.com/solutions/product-category/why-biometrics/                               |
 | KONA I                    | ![y]              | ![n]| ![y]| ![y]| ![n]           | https://konai.com/business/security/fido                                                            |
-| NeoWave                   | ![n]              | ![y]| ![y]| ![n]| ![n]           | https://neowave.fr/en/products/fido-range/                                                          |
+| NEOWAVE                   | ![n]              | ![y]| ![y]| ![n]| ![n]           | https://neowave.fr/en/products/fido-range/                                                          |
 | Nymi                      | ![y]              | ![n]| ![y]| ![n]| ![n]           | https://www.nymi.com/nymi-band                                                                      | 
 | Octatco                   | ![y]              | ![y]| ![n]| ![n]| ![n]           | https://octatco.com/                                                                                |
 | OneSpan Inc.              | ![n]              | ![y]| ![n]| ![y]| ![n]           | https://www.onespan.com/products/fido                                                               |

articles/active-directory/authentication/media/concept-authentication-operator-assistance/settings.png

@@ -7,7 +7,7 @@ manager: daveba
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 03/17/2021
+ms.date: 10/18/2021
 ms.subservice: hybrid
 ms.author: billmath
 ms.collection: M365-identity-device-management
@@ -21,7 +21,8 @@ You need the following to use Azure AD Connect cloud sync:
 
 - Domain Administrator or Enterprise Administrator credentials to create the Azure AD Connect Cloud Sync gMSA (group Managed Service Account) to run the agent service.	
 - A hybrid identity administrator account for your Azure AD tenant that is not a guest user.
-- An on-premises server for the provisioning agent with Windows 2016 or later.  This server should be a tier 0 server based on the [Active Directory administrative tier model](/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material).
+- An on-premises server for the provisioning agent with Windows 2016 or later.  This server should be a tier 0 server based on the [Active Directory administrative tier model](/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material).  Installing the agent on a domain controller is supported.
+- High availability refers to the Azure AD Connect cloud sync's ability to operate continuously without failure for a long time.  By having multiple active agents installed and running, Azure AD Connect cloud sync can continue to function even if one agent should fail.  Microsoft recommends having 3 active agents installed for high availability.
 - On-premises firewall configurations.
 
 ## Group Managed Service Accounts

articles/active-directory/cloud-sync/how-to-prerequisites.md

@@ -8,7 +8,7 @@ metadata:
   ms.service: active-directory
   ms.workload: identity
   ms.topic: reference
-  ms.date: 09/10/2021
+  ms.date: 10/18/2021
   ms.subservice: hybrid
   ms.author: billmath
   ms.collection: M365-identity-device-management
@@ -114,6 +114,10 @@ sections:
           Does Azure AD Connect cloud sync support large groups?
         answer: |
           Yes. Today we support up to 50K group members synchronized using the OU scope filtering. 
+      - question: |
+          Does the cloud provisioning agent load balance if I have multiple agents installed?
+        answer: |
+          No. Only one agent is ever active. 
 additionalContent: |
 
   ## Next steps 

articles/active-directory/cloud-sync/reference-cloud-sync-faq.yml

@@ -371,7 +371,7 @@ Define a log storage and retention strategy, design, and implementation to facil
 
    * Risk events 
 
-    Azure AD provides [Azure Monitor integration](../reports-monitoring/concept-activity-logs-azure-monitor.md) for the sign-in activity log and audit logs. Risk events can be ingested through the [Microsoft Graph API](/graph/api/resources/identityriskevent). You can [stream Azure AD logs to Azure Monitor logs](../reports-monitoring/howto-integrate-activity-logs-with-log-analytics.md).
+    Azure AD provides [Azure Monitor integration](../reports-monitoring/concept-activity-logs-azure-monitor.md) for the sign-in activity log and audit logs. Risk events can be ingested through the [Microsoft Graph API](/graph/api/resources/identityprotection-root). You can [stream Azure AD logs to Azure Monitor logs](../reports-monitoring/howto-integrate-activity-logs-with-log-analytics.md).
 
 * **Hybrid infrastructure OS security logs**: All hybrid identity infrastructure OS logs should be archived and carefully monitored as a tier-0 system, because of the surface-area implications. Include the following elements: