Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into azurebl

Author: markingmyname

articles/active-directory/devices/troubleshoot-mac-sso-extension-plugin.md

@@ -77,7 +77,7 @@ Use the following steps to check the operating system (OS) version on the macOS
 1. From the macOS device, open Terminal from the **Applications** -> **Utilities** folder.
 1. When the Terminal opens type **sw_vers** at the prompt, look for a result like the following:
 
-   ```bash
+   ```zsh
    % sw_vers
    ProductName: macOS
    ProductVersion: 13.0.1
@@ -194,7 +194,7 @@ Once deployed the **Microsoft Enterprise SSO Extension for Apple devices** suppo
 1. When the **Spotlight Search** appears type **Terminal** and hit **return**.
 1. When the Terminal opens type **`osascript -e 'id of app "<appname>"'`** at the prompt. See some examples follow:
 
-   ```bash
+   ```zsh
    % osascript -e 'id of app "Safari"'
    com.apple.Safari
 
@@ -294,14 +294,14 @@ During troubleshooting it may be useful to reproduce a problem while tailing the
 1. When the **Spotlight Search** appears type: **Terminal** and hit **return**.
 1. When the Terminal opens type: 
 
-   ```bash
+   ```zsh
    tail -F ~/Library/Containers/com.microsoft.CompanyPortalMac.ssoextension/Data/Library/Caches/Logs/Microsoft/SSOExtension/*
    ```
 
    > [!NOTE]
    > The trailing /* indicates that multiple logs will be tailed should any exist
 
-   ```
+   ```output
    % tail -F ~/Library/Containers/com.microsoft.CompanyPortalMac.ssoextension/Data/Library/Caches/Logs/Microsoft/SSOExtension/*
    ==> /Users/<username>/Library/Containers/com.microsoft.CompanyPortalMac.ssoextension/Data/Library/Caches/Logs/Microsoft/SSOExtension/SSOExtension 2022-12-25--13-11-52-855.log <==
    2022-12-29 14:49:59:281 | I | TID=783491 MSAL 1.2.4 Mac 13.0.1 [2022-12-29 19:49:59] Handling SSO request, requested operation: 

articles/active-directory/external-identities/code-samples.md

@@ -37,14 +37,14 @@ You can bulk-invite external users to an organization from email addresses that
 
 3. Sign in to your tenancy
 
-    ```powershell
+    ```azurepowershell-interactive
     $cred = Get-Credential
     Connect-AzureAD -Credential $cred
     ```
 
 4. Run the PowerShell cmdlet
 
-   ```powershell
+   ```azurepowershell-interactive
    $invitations = import-csv C:\data\invitations.csv
    $messageInfo = New-Object Microsoft.Open.MSGraph.Model.InvitedUserMessageInfo
    $messageInfo.customizedMessageBody = "Hey there! Check this out. I created an invitation through PowerShell"

articles/active-directory/fundamentals/multi-tenant-user-management-scenarios.md

@@ -165,13 +165,13 @@ This scenario requires automatic synchronization and identity management to conf
 
 This section describes three techniques for automating account provisioning in the automated scenario.
 
-#### Technique 1: Use the [built-in cross-tenant synchronization capability in Azure AD](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/seamless-application-access-and-lifecycle-management-for-multi/ba-p/3728752)
+#### Technique 1: Use the [built-in cross-tenant synchronization capability in Azure AD](../multi-tenant-organizations/cross-tenant-synchronization-overview.md)
 
 This approach only works when all tenants that you need to synchronize are in the same cloud instance (such as Commercial to Commercial).
 
 #### Technique 2: Provision accounts with Microsoft Identity Manager
 
-Use an external Identity and Access Management (IAM) solution such as [Microsoft Identity Manager](https://microsoft.sharepoint-df.com/microsoft-identity-manager/microsoft-identity-manager-2016) (MIM) as a synchronization engine.
+Use an external Identity and Access Management (IAM) solution such as [Microsoft Identity Manager](/microsoft-identity-manager/microsoft-identity-manager-2016) (MIM) as a synchronization engine.
 
 This advanced deployment uses MIM as a synchronization engine. MIM calls the [Microsoft Graph API](https://developer.microsoft.com/graph) and [Exchange Online PowerShell](/powershell/exchange/exchange-online/exchange-online-powershell?view=exchange-ps&preserve-view=true). Alternative implementations can include the cloud-hosted [Active Directory Synchronization Service](/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview) (ADSS) managed service offering from [Microsoft Industry Solutions](https://www.microsoft.com/industrysolutions). There are non-Microsoft offerings that you can create from scratch with other IAM offerings (such as SailPoint, Omada, and OKTA).
 

articles/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities.md

@@ -178,21 +178,21 @@ To use Azure PowerShell locally for this article instead of using Cloud Shell:
 
 1. Sign in to Azure.
 
-    ```azurepowershell
+    ```azurepowershell-interactive
     Connect-AzAccount
     ```
 
 1. Install the [latest version of PowerShellGet](/powershell/gallery/powershellget/install-powershellget).
 
-    ```azurepowershell
+    ```azurepowershell-interactive
     Install-Module -Name PowerShellGet -AllowPrerelease
     ```
 
     You might need to `Exit` out of the current PowerShell session after you run this command for the next step.
 
 1. Install the prerelease version of the `Az.ManagedServiceIdentity` module to perform the user-assigned managed identity operations in this article.
 
-    ```azurepowershell
+    ```azurepowershell-interactive
     Install-Module -Name Az.ManagedServiceIdentity -AllowPrerelease
     ```
 
@@ -330,7 +330,7 @@ In this article, you learn how to create, list, and delete a user-assigned manag
 
 1. If you're running locally, sign in to Azure through the Azure CLI.
 
-    ```
+    ```azurecli-interactive
     az login
     ```
 

articles/active-directory/managed-identities-azure-resources/qs-configure-cli-windows-vm.md

@@ -132,7 +132,7 @@ To assign a user-assigned identity to a VM during its creation, your account nee
 3. Create a VM using [az vm create](/cli/azure/vm/#az-vm-create). The following example creates a VM associated with the new user-assigned identity, as specified by the `--assign-identity` parameter, with the specified `--role` and `--scope`. Be sure to replace the `<RESOURCE GROUP>`, `<VM NAME>`, `<USER NAME>`, `<PASSWORD>`, `<USER ASSIGNED IDENTITY NAME>`, `<ROLE>`, and `<SUBSCRIPTION>` parameter values with your own values. 
 
    ```azurecli-interactive 
-   az vm create --resource-group <RESOURCE GROUP> --name <VM NAME> --image UbuntuLTS --admin-username <USER NAME> --admin-password <PASSWORD> --assign-identity <USER ASSIGNED IDENTITY NAME> --role <ROLE> --scope <SUBSCRIPTION> 
+   az vm create --resource-group <RESOURCE GROUP> --name <VM NAME> --image <SKU linux image>  --admin-username <USER NAME> --admin-password <PASSWORD> --assign-identity <USER ASSIGNED IDENTITY NAME> --role <ROLE> --scope <SUBSCRIPTION> 
    ```
 
 ### Assign a user-assigned managed identity to an existing Azure VM

articles/active-directory/managed-identities-azure-resources/qs-configure-cli-windows-vmss.md

@@ -133,7 +133,7 @@ This section walks you through creation of a virtual machine scale set and assig
 3. [Create](/cli/azure/vmss/#az-vmss-create) a virtual machine scale set. The following example creates a virtual machine scale set associated with the new user-assigned managed identity, as specified by the `--assign-identity` parameter, with the specified `--role` and `--scope`. Be sure to replace the `<RESOURCE GROUP>`, `<VMSS NAME>`, `<USER NAME>`, `<PASSWORD>`, `<USER ASSIGNED IDENTITY>`, `<ROLE>`, and `<SUBSCRIPTION>` parameter values with your own values.
 
    ```azurecli-interactive
-   az vmss create --resource-group <RESOURCE GROUP> --name <VMSS NAME> --image UbuntuLTS --admin-username <USER NAME> --admin-password <PASSWORD> --assign-identity <USER ASSIGNED IDENTITY> --role <ROLE> --scope <SUBSCRIPTION>
+   az vmss create --resource-group <RESOURCE GROUP> --name <VMSS NAME> --image <SKU Linux Image> --admin-username <USER NAME> --admin-password <PASSWORD> --assign-identity <USER ASSIGNED IDENTITY> --role <ROLE> --scope <SUBSCRIPTION>
    ```
 
 ### Assign a user-assigned managed identity to an existing virtual machine scale set

articles/active-directory/managed-identities-azure-resources/tutorial-vm-managed-identities-cosmos.md

@@ -170,7 +170,7 @@ The user assigned managed identity should be specified using its [resourceID](./
 # [Azure CLI](#tab/azure-cli)
 
 ```azurecli
-az vm create --resource-group <MyResourceGroup> --name <myVM> --image UbuntuLTS --admin-username <USER NAME> --admin-password <PASSWORD> --assign-identity <USER ASSIGNED IDENTITY NAME>
+az vm create --resource-group <MyResourceGroup> --name <myVM> --image <SKU Linux Image> --admin-username <USER NAME> --admin-password <PASSWORD> --assign-identity <USER ASSIGNED IDENTITY NAME>
 ```
 
 [Configure managed identities for Azure resources on a VM using the Azure CLI](qs-configure-cli-windows-vm.md#user-assigned-managed-identity)

articles/active-directory/standards/index.yml

@@ -24,12 +24,12 @@ landingContent:
     linkLists:
       - linkListType: overview
         links:
-          - text: Configure to identity standards
-            url: standards-overview.md
           - text: NIST AAL overview
             url: nist-overview.md
           - text: FedRAMP High impact overview
             url: configure-azure-active-directory-for-fedramp-high-impact.md
+          - text: Configure Azure Active Directory for Memorandum 22-09 requirements
+            url: memo-22-09-meet-identity-requirements.md
           - text: Configure Azure Active Directory for CMMC compliance
             url: configure-azure-active-directory-for-cmmc-compliance.md
           - text: Configure Azure Active Directory for HIPAA compliance

articles/aks/node-access.md

@@ -2,7 +2,8 @@
 title: Connect to Azure Kubernetes Service (AKS) cluster nodes
 description: Learn how to connect to Azure Kubernetes Service (AKS) cluster nodes for troubleshooting and maintenance tasks.
 ms.topic: article
-ms.date: 11/3/2022
+ms.date: 04/26/2023
+ms.reviewer: mattmcinnes
 ms.custom: contperf-fy21q4
 
 #Customer intent: As a cluster operator, I want to learn how to connect to virtual machines in an AKS cluster to perform maintenance or troubleshoot a problem.
@@ -16,7 +17,7 @@ This article shows you how to create a connection to an AKS node and update the
 
 ## Before you begin
 
-This article assumes you have an SSH key. If not, you can create an SSH key using [macOS or Linux][ssh-nix] or [Windows][ssh-windows]. Make sure you save the key pair in an OpenSSH format, other formats like .ppk are not supported.
+This article assumes you have an SSH key. If not, you can create an SSH key using [macOS or Linux][ssh-nix] or [Windows][ssh-windows]. Make sure you save the key pair in an OpenSSH format, other formats like .ppk aren't supported.
 
 You also need the Azure CLI version 2.0.64 or later installed and configured. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI][install-azure-cli].
 
@@ -74,7 +75,7 @@ To create the SSH connection to the Windows Server node from another node, use t
 
 > [!IMPORTANT]
 >
-> The following steps for creating the SSH connection to the Windows Server node from another node can only be used if you created your AKS cluster using the Azure CLI and the `--generate-ssh-keys` parameter. If you didn't use this method to create your cluster, you'll use a password instead of an SSH key. To do this, see [Create the SSH connection to a Windows node using a password](#create-the-ssh-connection-to-a-windows-node-using-a-password)
+> The following steps for creating the SSH connection to the Windows Server node from another node can only be used if you created your AKS cluster using the Azure CLI and the `--generate-ssh-keys` parameter. If you didn't use this method to create your cluster, use a password instead of an SSH key. To do this, see [Create the SSH connection to a Windows node using a password](#create-the-ssh-connection-to-a-windows-node-using-a-password)
 
 Open a new terminal window and use the `kubectl get pods` command to get the name of the pod started by `kubectl debug`.
 
@@ -123,7 +124,7 @@ aksnpwin000000                      Ready    agent   87s     v1.19.9   10.240.0.
 
 In the above example, *10.240.0.67* is the internal IP address of the Windows Server node.
 
-Create an SSH connection to the Windows Server node using the internal IP address, and connect to port 22 through port 2022 on your development computer. The default username for AKS nodes is *azureuser*. Accept the prompt to continue with the connection. You are then provided with the bash prompt of your Windows Server node:
+Create an SSH connection to the Windows Server node using the internal IP address, and connect to port 22 through port 2022 on your development computer. The default username for AKS nodes is *azureuser*. Accept the prompt to continue with the connection. You're then provided with the bash prompt of your Windows Server node:
 
 ```bash
 ssh -o 'ProxyCommand ssh -p 2022 -W %h:%p [email protected]' [email protected]
@@ -217,7 +218,7 @@ kubectl delete pod node-debugger-aks-nodepool1-12345678-vmss000000-bkmmx
 > [!NOTE]
 > Updating of the SSH key is supported on Azure virtual machine scale sets with AKS clusters.
 
-Use the [az aks update][az-aks-update] command to update the SSH key on the cluster. This operation will update the key on all node pools. You can either specify the key or a key file using the `--ssh-key-value` argument.
+Use the [az aks update][az-aks-update] command to update the SSH key on the cluster. This operation updates the key on all node pools. You can either specify the key or a key file using the `--ssh-key-value` argument.
 
 ```azurecli
 az aks update --name myAKSCluster --resource-group MyResourceGroup --ssh-key-value <new SSH key value or SSH key file>

articles/aks/rdp.md

@@ -4,15 +4,16 @@ titleSuffix: Azure Kubernetes Service
 description: Learn how to create an RDP connection with Azure Kubernetes Service (AKS) cluster Windows Server nodes for troubleshooting and maintenance tasks.
 ms.topic: article
 ms.custom: devx-track-azurecli, devx-track-azurepowershell
-ms.date: 07/06/2022
+ms.author: mattmcinnes
+ms.date: 04/26/2023
 #Customer intent: As a cluster operator, I want to learn how to use RDP to connect to nodes in an AKS cluster to perform maintenance or troubleshoot a problem.
 ---
 
 # Connect with RDP to Azure Kubernetes Service (AKS) cluster Windows Server nodes for maintenance or troubleshooting
 
 Throughout the lifecycle of your Azure Kubernetes Service (AKS) cluster, you may need to access an AKS Windows Server node. This access could be for maintenance, log collection, or other troubleshooting operations. You can access the AKS Windows Server nodes using RDP. For security purposes, the AKS nodes aren't exposed to the internet.
 
-Alternatively, if you want to SSH to your AKS Windows Server nodes, you'll need access to the same key-pair that was used during cluster creation. Follow the steps in [SSH into Azure Kubernetes Service (AKS) cluster nodes][ssh-steps]. 
+Alternatively, if you want to SSH to your AKS Windows Server nodes, you need access to the same key-pair that was used during cluster creation. Follow the steps in [SSH into Azure Kubernetes Service (AKS) cluster nodes][ssh-steps]. 
 
 This article shows you how to create an RDP connection with an AKS node using their private IP addresses.
 
@@ -60,7 +61,7 @@ The following example creates a virtual machine named *myVM* in the *myResourceG
 
 ### [Azure CLI](#tab/azure-cli)
 
-You'll need to get the subnet ID used by your Windows Server node pool. The commands below will query for the following information:
+You need to get the subnet ID used by your Windows Server node pool and query for:
 * The cluster's node resource group
 * The virtual network
 * The subnet's name
@@ -102,7 +103,7 @@ Record the public IP address of the virtual machine. You'll use this address in
 
 ### [Azure PowerShell](#tab/azure-powershell)
 
-You'll need to get the subnet ID used by your Windows Server node pool. The commands below will query for the following information:
+You'll need to get the subnet ID used by your Windows Server node pool and query for:
 * The cluster's node resource group
 * The virtual network
 * The subnet's name and address prefix
@@ -153,7 +154,7 @@ The following example output shows the VM has been successfully created and disp
 13.62.204.18
 ```
 
-Record the public IP address of the virtual machine. You'll use this address in a later step.
+Record the public IP address of the virtual machine and use the address in a later step.
 
 ---
 
@@ -270,7 +271,7 @@ Connect to the public IP address of the virtual machine you created earlier usin
 
 ![Image of connecting to the virtual machine using an RDP client](media/rdp/vm-rdp.png)
 
-After you've connected to your virtual machine, connect to the *internal IP address* of the Windows Server node you want to troubleshoot using an RDP client from within your virtual machine.
+After you have connected to your virtual machine, connect to the *internal IP address* of the Windows Server node you want to troubleshoot using an RDP client from within your virtual machine.
 
 ![Image of connecting to the Windows Server node using an RDP client](media/rdp/node-rdp.png)