Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into yelevin/add-entity-ti

Author: yelevin

.openpublishing.publish.config.json

@@ -986,6 +986,7 @@
     ".openpublishing.redirection.azure-percept.json",
     ".openpublishing.redirection.azure-productivity.json",
     ".openpublishing.redirection.azure-australia.json",
+    ".openpublishing.redirection.aks.json",
     "articles/azure-fluid-relay/.openpublishing.redirection.fluid-relay.json",
     "articles/azure-netapp-files/.openpublishing.redirection.azure-netapp-files.json",
     "articles/azure-relay/.openpublishing.redirection.relay.json",

.openpublishing.redirection.active-directory.json

@@ -10831,11 +10831,6 @@
       "redirect_url": "/azure/active-directory/manage-apps/tutorial-manage-certificates-for-federated-single-sign-on",
       "redirect_document_id": false
     },
-    {
-      "source_path": "articles/active-directory/manage-apps/howto-enforce-signed-saml-authentication.md",
-      "redirect_url": "/azure/active-directory/manage-apps/howto-saml-token-encryption",
-      "redirect_document_id": true
-    },
     {
       "source_path": "articles/active-directory/manage-apps/recover-deleted-apps-faq.md",
       "redirect_url": "/azure/active-directory/manage-apps/delete-recover-faq",
@@ -10845,8 +10840,47 @@
       "source_path": "articles/azure-percept/voice-control-your-inventory-then-visualize-with-power-bi-dashboard.md",
       "redirect_url": "/azure/azure-percept/index",
       "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/fundamentals/active-directory-groups-create-azure-portal.md",
+      "redirect_url": "/azure/active-directory/fundamentals/how-to-manage-groups",
+      "redirect_document_id": false
+    },
+{
+      "source_path_from_root": "/articles/active-directory/fundamentals/active-directory-groups-members-azure-portal.md",
+      "redirect_url": "/azure/active-directory/fundamentals/how-to-manage-groups",
+      "redirect_document_id": false
+    },
+{
+      "source_path_from_root": "/articles/active-directory/fundamentals/active-directory-groups-delete-group.md",
+      "redirect_url": "/azure/active-directory/fundamentals/how-to-manage-groups",
+      "redirect_document_id": false
+    },
+{
+      "source_path_from_root": "/articles/active-directory/fundamentals/active-directory-groups-membership-azure-portal.md",
+      "redirect_url": "/azure/active-directory/fundamentals/how-to-manage-groups",
+      "redirect_document_id": false
+    },
+{
+      "source_path_from_root": "/articles/active-directory/fundamentals/active-directory-groups-settings-azure-portal.md",
+      "redirect_url": "/azure/active-directory/fundamentals/how-to-manage-groups",
+      "redirect_document_id": false
+    },
+{
+      "source_path_from_root": "/articles/active-directory/fundamentals/active-directory-accessmanagement-managing-group-owners.md",
+      "redirect_url": "/azure/active-directory/fundamentals/how-to-manage-groups",
+      "redirect_document_id": false
+    },
+{
+      "source_path_from_root": "/articles/active-directory/fundamentals/active-directory-manage-groups.md",
+      "redirect_url": "/azure/active-directory/fundamentals/concept-learn-about-groups",
+      "redirect_document_id": false
+       },
+{   
+      "source_path_from_root": "/articles/active-directory/fundamentals/keep-me-signed-in.md",
+      "redirect_url": "/azure/active-directory/fundamentals/customize-branding",
+      "redirect_document_id": false
     }
 
-
   ]
 }

.openpublishing.redirection.aks.json

@@ -0,0 +1,9 @@
+{
+  "redirections": [
+    {
+      "source_path_from_root": "/articles/aks/azure-cni-overlay.md",
+      "redirect_url": "/azure/aks",
+      "redirect_document_id": false
+    }
+  ]
+}

.openpublishing.redirection.json

@@ -6928,6 +6928,11 @@
     "redirect_url":  "/azure/azure-government/compare-azure-government-global-azure",
     "redirect_document_id":  false
 },
+{
+    "source_path_from_root":  "/articles/azure-government/documentation-government-overview.md",
+    "redirect_url":  "/azure/azure-government/documentation-government-plan-security",
+    "redirect_document_id":  false
+},
 {
     "source_path_from_root":  "/articles/security/compliance/azure-services-in-fedramp-auditscope.md",
     "redirect_url":  "/azure/azure-government/compliance/azure-services-in-fedramp-auditscope",
@@ -34243,6 +34248,11 @@
     "redirect_url":  "/azure/virtual-machines/windows/connect-winrm",
     "redirect_document_id":  false
 },
+{
+    "source_path_from_root":  "/articles/azure-arc/servers/data-residency.md",
+    "redirect_url":  "/azure/azure-arc/servers/overview",
+    "redirect_document_id":  false
+},
 {
   "source_path_from_root": "/articles/virtual-machines/linux/copy-files-to-linux-vm-using-scp.md",
   "redirect_url": "/azure/virtual-machines/copy-files-to-vm-using-scp",

articles/active-directory-b2c/enable-authentication-web-api.md

@@ -443,7 +443,7 @@ Under the project root folder, create a *config.json* file, and then add to it t
 ```json
 {
     "credentials": {
-        "tenantName": "<your-tenant-name>",
+        "tenantName": "<your-tenant-name>.onmicrosoft.com",
         "clientID": "<your-webapi-application-ID>",
         "issuer": "https://<your-tenant-name>.b2clogin.com/<your-tenant-ID>/v2.0/"
     },
@@ -470,7 +470,7 @@ In the *config.json* file, update the following properties:
 
 |Section  |Key  |Value  |
 |---------|---------|---------|
-| credentials | tenantName | The first part of your Azure AD B2C [tenant name](tenant-management.md#get-your-tenant-name) (for example, `contoso`).|
+| credentials | tenantName | Your Azure AD B2C [tenant name/domain name](tenant-management.md#get-your-tenant-name) (for example, `contoso.onmicrosoft.com`).|
 | credentials |clientID | The web API application ID. In the [preceding diagram](#app-registration-overview), it's the application with *App ID: 2*. To learn how to get your web API application registration ID, see [Prerequisites](#prerequisites). |
 | credentials | issuer| The token issuer `iss` claim value. By default, Azure AD B2C returns the token in the following format: `https://<your-tenant-name>.b2clogin.com/<your-tenant-ID>/v2.0/`. Replace `<your-tenant-name>` with the first part of your Azure AD B2C [tenant name](tenant-management.md#get-your-tenant-name). Replace `<your-tenant-ID>` with your [Azure AD B2C tenant ID](tenant-management.md#get-your-tenant-id). |
 | policies | policyName | The user flows, or custom policy. To learn how to get your user flow or policy, see [Prerequisites](#prerequisites).|

articles/active-directory-b2c/whats-new-docs.md

@@ -15,6 +15,23 @@ manager: CelesteDG
 
 Welcome to what's new in Azure Active Directory B2C documentation. This article lists new docs that have been added and those that have had significant updates in the last three months. To learn what's new with the B2C service, see [What's new in Azure Active Directory](../active-directory/fundamentals/whats-new.md) and [Azure AD B2C developer release notes](custom-policy-developer-notes.md)
 
+## August 2022
+
+### New articles
+
+- [Configure Azure Active Directory B2C with Deduce to combat identity fraud and create a trusted user experience](partner-deduce.md)
+
+### Updated articles
+
+- [Clean up resources and delete the tenant](tutorial-delete-tenant.md)
+- [Set up sign-up and sign-in with a Twitter account using Azure Active Directory B2C](identity-provider-twitter.md)
+- [JSON claims transformations](json-transformations.md)
+- [Extensions app in Azure AD B2C](extensions-app.md)
+- [Manage Azure AD B2C with Microsoft Graph](microsoft-graph-operations.md)
+- [Define custom attributes in Azure Active Directory B2C](user-flow-custom-attributes.md)
+- [Azure Active Directory B2C: What's new](whats-new-docs.md)
+- [Page layout versions](page-layout.md)
+
 ## July 2022
 
 ### New articles
@@ -86,72 +103,4 @@ Welcome to what's new in Azure Active Directory B2C documentation. This article
 - [Application types that can be used in Active Directory B2C](application-types.md)
 - [Publish your Azure Active Directory B2C app to the Azure Active Directory app gallery](publish-app-to-azure-ad-app-gallery.md)
 - [Quickstart: Set up sign in for a desktop app using Azure Active Directory B2C](quickstart-native-app-desktop.md)
-- [Register a single-page application (SPA) in Azure Active Directory B2C](tutorial-register-spa.md)
-
-## March 2022
-
-### New articles
-
-- [Configure eID-Me with Azure Active Directory B2C for identity verification](partner-eid-me.md)
-- [Configure xID with Azure Active Directory B2C for passwordless authentication](partner-xid.md)
-- [Configure Transmit Security with Azure Active Directory B2C for passwordless authentication](partner-bindid.md)
-
-### Updated articles
-
-- [Configure eID-Me with Azure Active Directory B2C for identity verification](partner-eid-me.md)
-- [Language customization in Azure Active Directory B2C](language-customization.md)
-- [Configure Transmit Security with Azure Active Directory B2C for passwordless authentication](partner-bindid.md)
-- [Set up direct sign in using Azure Active Directory B2C](direct-signin.md)
-- [Single-page application sign in using the OAuth 2.0 implicit flow in Azure Active Directory B2C](implicit-flow-single-page-application.md)
-- [Azure AD B2C: Authentication protocols](protocols-overview.md)
-- [Configure Akamai with Azure Active Directory B2C](partner-akamai.md)
-- [Cookies definitions for Azure AD B2C](cookie-definitions.md)
-- [Manage Azure AD B2C with Microsoft Graph](microsoft-graph-operations.md)
-- [Azure Active Directory B2C: What's new](whats-new-docs.md)
-- [Define custom attributes in Azure Active Directory B2C](user-flow-custom-attributes.md)
-- [Options for registering a SAML application in Azure AD B2C](saml-service-provider-options.md)
-
-## February 2022
-
-### New articles
-
-- [Configure authentication in a sample Node.js web application by using Azure Active Directory B2C](configure-a-sample-node-web-app.md)
-- [Configure authentication in a sample Node.js web API by using Azure Active Directory B2C](configure-authentication-in-sample-node-web-app-with-api.md)
-- [Enable authentication options in a Node.js web app by using Azure Active Directory B2C](enable-authentication-in-node-web-app-options.md)
-- [Enable Node.js web API authentication options using Azure Active Directory B2C](enable-authentication-in-node-web-app-with-api-options.md)
-- [Enable authentication in your own Node.js web API by using Azure Active Directory B2C](enable-authentication-in-node-web-app-with-api.md)
-- [Enable authentication in your own Node web application using Azure Active Directory B2C](enable-authentication-in-node-web-app.md)
-
-### Updated articles
-
-- [Configure session behavior in Azure Active Directory B2C](session-behavior.md)
-- [Customize the user interface with HTML templates in Azure Active Directory B2C](customize-ui-with-html.md)
-- [Define a self-asserted technical profile in an Azure Active Directory B2C custom policy](self-asserted-technical-profile.md)
-- [About claim resolvers in Azure Active Directory B2C custom policies](claim-resolver-overview.md)
-- [Date claims transformations](date-transformations.md)
-- [Integer claims transformations](integer-transformations.md)
-- [JSON claims transformations](json-transformations.md)
-- [Define phone number claims transformations in Azure AD B2C](phone-number-claims-transformations.md)
-- [Social accounts claims transformations](social-transformations.md)
-- [String claims transformations](string-transformations.md)
-- [Web sign in with OpenID Connect in Azure Active Directory B2C](openid-connect.md)
-
-## January 2022
-
-### Updated articles
-
-- [Tutorial: Secure Hybrid Access to applications with Azure AD B2C and F5 BIG-IP](partner-f5.md)
-- [Set up a force password reset flow in Azure Active Directory B2C](force-password-reset.md)
-- [Boolean claims transformations](boolean-transformations.md)
-- [Date claims transformations](date-transformations.md)
-- [General claims transformations](general-transformations.md)
-- [Integer claims transformations](integer-transformations.md)
-- [JSON claims transformations](json-transformations.md)
-- [Define phone number claims transformations in Azure AD B2C](phone-number-claims-transformations.md)
-- [Social accounts claims transformations](social-transformations.md)
-- [String claims transformations](string-transformations.md)
-- [StringCollection claims transformations](stringcollection-transformations.md)
-- [Billing model for Azure Active Directory B2C](billing.md)
-- [Configure SAML identity provider options with Azure Active Directory B2C](identity-provider-generic-saml-options.md)
-- [About claim resolvers in Azure Active Directory B2C custom policies](claim-resolver-overview.md)
-- [Add AD FS as a SAML identity provider using custom policies in Azure Active Directory B2C](identity-provider-adfs-saml.md)
+- [Register a single-page application (SPA) in Azure Active Directory B2C](tutorial-register-spa.md)

articles/active-directory-domain-services/alert-service-principal.md

@@ -10,7 +10,7 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: troubleshooting
-ms.date: 07/09/2020
+ms.date: 09/04/2022
 ms.author: justinha
 
 ---
@@ -34,7 +34,7 @@ To check which service principal is missing and must be recreated, complete the
 
 1. In the Azure portal, select **Azure Active Directory** from the left-hand navigation menu.
 1. Select **Enterprise applications**. Choose *All applications* from the **Application Type** drop-down menu, then select **Apply**.
-1. Search for each of the following application IDs. If no existing application is found, follow the *Resolution* steps to create the service principal or re-register the namespace.
+1. Search for each of the following application IDs. For Azure Global, search for AppId value *2565bd9d-da50-47d4-8b85-4c97f669dc36*. For other Azure clouds, search for AppId value *6ba9a5d4-8456-4118-b521-9c5ca10cdf84*. If no existing application is found, follow the *Resolution* steps to create the service principal or re-register the namespace.
 
     | Application ID | Resolution |
     | :--- | :--- |
@@ -45,7 +45,7 @@ To check which service principal is missing and must be recreated, complete the
 
 ### Recreate a missing Service Principal
 
-If application ID *2565bd9d-da50-47d4-8b85-4c97f669dc36* is missing from your Azure AD directory, use Azure AD PowerShell to complete the following steps. For more information, see [Azure AD PowerShell](/powershell/azure/active-directory/install-adv2).
+If application ID *2565bd9d-da50-47d4-8b85-4c97f669dc36* is missing from your Azure AD directory in Azure Global, use Azure AD PowerShell to complete the following steps. For other Azure clouds, use AppId value *6ba9a5d4-8456-4118-b521-9c5ca10cdf84*. For more information, see [Azure AD PowerShell](/powershell/azure/active-directory/install-adv2).
 
 1. If needed, install the Azure AD PowerShell module and import it as follows:
 

articles/active-directory-domain-services/powershell-create-instance.md

@@ -10,7 +10,7 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: sample
-ms.date: 08/17/2022
+ms.date: 09/1/2022
 ms.author: justinha
 ms.custom: devx-track-azurepowershell
 
@@ -48,7 +48,7 @@ To complete this article, you need the following resources:
 
 Azure AD DS requires a service principal to authenticate and communicate and an Azure AD group to define which users have administrative permissions in the managed domain.
 
-First, create an Azure AD service principal by using a specific application ID named *Domain Controller Services*. The ID value is *2565bd9d-da50-47d4-8b85-4c97f669dc36*. Don't change this application ID.
+First, create an Azure AD service principal by using a specific application ID named *Domain Controller Services*. The ID value is *2565bd9d-da50-47d4-8b85-4c97f669dc36* for global Azure and *6ba9a5d4-8456-4118-b521-9c5ca10cdf84* for other Azure clouds. Don't change this application ID.
 
 Create an Azure AD service principal using the [New-AzureADServicePrincipal][New-AzureADServicePrincipal] cmdlet:
 
@@ -230,7 +230,7 @@ When the Azure portal shows that the managed domain has finished provisioning, t
 
 ## Complete PowerShell script
 
-The following complete PowerShell script combines all of the tasks shown in this article. Copy the script and save it to a file with a `.ps1` extension. Run the script in a local PowerShell console or the [Azure Cloud Shell][cloud-shell].
+The following complete PowerShell script combines all of the tasks shown in this article. Copy the script and save it to a file with a `.ps1` extension. For Azure Global, use AppId value *2565bd9d-da50-47d4-8b85-4c97f669dc36*. For other Azure clouds, use AppId value *6ba9a5d4-8456-4118-b521-9c5ca10cdf84*. Run the script in a local PowerShell console or the [Azure Cloud Shell][cloud-shell].
 
 > [!NOTE]
 > To enable Azure AD DS, you must be a global administrator for the Azure AD tenant. You also need at least *Contributor* privileges in the Azure subscription.
@@ -251,7 +251,7 @@ Connect-AzureAD
 Connect-AzAccount
 
 # Create the service principal for Azure AD Domain Services.
-New-AzureADServicePrincipal -AppId "6ba9a5d4-8456-4118-b521-9c5ca10cdf84"
+New-AzureADServicePrincipal -AppId "2565bd9d-da50-47d4-8b85-4c97f669dc36"
 
 # First, retrieve the object ID of the 'AAD DC Administrators' group.
 $GroupObjectId = Get-AzureADGroup `

articles/active-directory/app-provisioning/use-scim-to-provision-users-and-groups.md

@@ -196,7 +196,8 @@ Use the general guidelines when implementing a SCIM endpoint to ensure compatibi
 * Microsoft Azure AD makes requests to fetch a random user and group to ensure that the endpoint and the credentials are valid. It's also done as a part of the **Test Connection** flow in the [Azure portal](https://portal.azure.com). 
 * Support HTTPS on your SCIM endpoint.
 * Custom complex and multivalued attributes are supported but Azure AD doesn't have many complex data structures to pull data from in these cases. Simple paired name/value type complex attributes can be mapped to easily, but flowing data to complex attributes with three or more subattributes aren't well supported at this time.
-* The "type" subattribute values of multivalued complex attributes must be unique. For example, there can't be two different email addresses with the "work" subtype. 
+* The "type" subattribute values of multivalued complex attributes must be unique. For example, there can't be two different email addresses with the "work" subtype.
+* The header for all the responses should be of content-Type: application/scim+json 
 
 ### Retrieving Resources:
 

articles/active-directory/app-proxy/application-proxy-security.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-proxy
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 04/21/2021
+ms.date: 09/02/2022
 ms.author: kenwith
 ms.reviewer: ashishj
 ---
@@ -23,7 +23,7 @@ The following diagram shows how Azure AD enables secure remote access to your on
 
 ## Security benefits
 
-Azure AD Application Proxy offers the following security benefits:
+Azure AD Application Proxy offers many security benefits including authenticated access, conditional access, traffic termination, all outbound access, cloud scale analytics and machine learning, and remote access as a service. It is important to note that even with all of the added security provided by Application Proxy, the systems being accessed must continually be updated with the latest patches.
 
 ### Authenticated access