MicrosoftDocs
diff --git a/‎.openpublishing.redirection.json
Lines changed: 10 additions & 0 deletions b/‎.openpublishing.redirection.json
Lines changed: 10 additions & 0 deletions
diff --git a/‎articles/active-directory-b2c/authorization-code-flow.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory-b2c/authorization-code-flow.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/cloud-infrastructure-entitlement-management/ui-triggers.md
Lines changed: 3 additions & 1 deletion b/‎articles/active-directory/cloud-infrastructure-entitlement-management/ui-triggers.md
Lines changed: 3 additions & 1 deletion
diff --git a/‎articles/active-directory/fundamentals/whats-new-sovereign-clouds-archive.md
Lines changed: 31 additions & 0 deletions b/‎articles/active-directory/fundamentals/whats-new-sovereign-clouds-archive.md
Lines changed: 31 additions & 0 deletions
diff --git a/‎articles/active-directory/fundamentals/whats-new-sovereign-clouds.md
Lines changed: 47 additions & 31 deletions b/‎articles/active-directory/fundamentals/whats-new-sovereign-clouds.md
Lines changed: 47 additions & 31 deletions
diff --git a/‎articles/active-directory/saas-apps/confluencemicrosoft-tutorial.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/saas-apps/confluencemicrosoft-tutorial.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/saas-apps/ms-confluence-jira-plugin-adminguide.md
Lines changed: 3 additions & 3 deletions b/‎articles/active-directory/saas-apps/ms-confluence-jira-plugin-adminguide.md
Lines changed: 3 additions & 3 deletions
diff --git a/‎articles/ai-services/commitment-tier.md
Lines changed: 2 additions & 2 deletions b/‎articles/ai-services/commitment-tier.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/ai-services/computer-vision/Tutorials/storage-lab-tutorial.md
Lines changed: 1 addition & 1 deletion b/‎articles/ai-services/computer-vision/Tutorials/storage-lab-tutorial.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/ai-services/computer-vision/use-case-alt-text.md
Lines changed: 1 addition & 1 deletion b/‎articles/ai-services/computer-vision/use-case-alt-text.md
Lines changed: 1 addition & 1 deletion
@@ -13338,6 +13338,16 @@
             "redirect_url": "/azure/governance/policy/samples/index",
             "redirect_document_id": false
         },
+        {
+          "source_path_from_root": "/articles/governance/policy/samples/PCIv3_2_1_2018_audit.md",
+          "redirect_url": "/azure/governance/policy/samples/pci-dss-3-2-1",
+          "redirect_document_id": false
+        },
+        {
+          "source_path_from_root": "/articles/governance/policy/samples/pci_dss_v4.0.md",
+          "redirect_url": "/azure/governance/policy/samples/pci-dss-4-0",
+          "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/azure-policy/create-manage-policy.md",
             "redirect_url": "/azure/governance/policy/tutorials/create-and-manage",
 
@@ -124,7 +124,7 @@ grant_type=authorization_code&client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6&sco
 | client_id |Required |The application ID assigned to your app in the [Azure portal](https://portal.azure.com).|
 | client_secret | Yes, in Web Apps | The application secret that was generated in the [Azure portal](https://portal.azure.com/). Client secrets are used in this flow for Web App scenarios, where the client can securely store a client secret. For Native App (public client) scenarios, client secrets cannot be securely stored, and therefore are not used in this call. If you use a client secret, please change it on a periodic basis. |
 | grant_type |Required |The type of grant. For the authorization code flow, the grant type must be `authorization_code`. |
-| scope |Required |A space-separated list of scopes. A single scope value indicates to Azure AD both of the permissions that are being requested. Using the client ID as the scope indicates that your app needs an access token that can be used against your own service or web API, represented by the same client ID.  The `offline_access` scope indicates that your app needs a refresh token for long-lived access to resources.  You also can use the `openid` scope to request an ID token from Azure AD B2C. |
+| scope |Recommended |A space-separated list of scopes. A single scope value indicates to Azure AD both of the permissions that are being requested. Using the client ID as the scope indicates that your app needs an access token that can be used against your own service or web API, represented by the same client ID.  The `offline_access` scope indicates that your app needs a refresh token for long-lived access to resources.  You also can use the `openid` scope to request an ID token from Azure AD B2C. |
 | code |Required |The authorization code that you acquired in from the `/authorize` endpoint. |
 | redirect_uri |Required |The redirect URI of the application where you received the authorization code. |
 | code_verifier | recommended | The same `code_verifier` used to obtain the authorization code. Required if PKCE was used in the authorization code grant request. For more information, see the [PKCE RFC](https://tools.ietf.org/html/rfc7636). |
 
@@ -31,6 +31,9 @@ This article describes how to use the **Alerts** dashboard in Permissions Manage
 
     - **Alerts**
     - **Alert Triggers**
+      
+- Select the **Authorization system**(s) and/or **folder**(s) to display alerts and alert triggers in scope of the selected view. 
+- Alert triggers are based on data collected. All alerts, if triggered, are shown every hour under the Alerts subtab.
 
 ## View information about alerts
 
@@ -55,7 +58,6 @@ The **Rule-Based Anomaly** tab and the **Statistical Anomaly** tab both have one
 - **Columns**: Select the columns you want to display: **Task**, **Resource**, and **Identity**.
     - To return to the system default settings, select **Reset to default**.
 
-Alert triggers are based on data collected. All alerts, if triggered, are shown every hour under the Alerts subtab.
 
 
 ## View information about alert triggers
 
@@ -20,6 +20,37 @@ The primary [What's new in sovereign clouds release notes](whats-new-sovereign-c
 
 ---
 
+## December 2022
+
+### General Availability - Risk-based Conditional Access for workload identities
+
+**Type:** New feature  
+**Service category:** Conditional Access          
+**Product capability:** Identity Security & Protection     
+
+Customers can now bring one of the most powerful forms of access control in the industry to workload identities. Conditional Access supports risk-based policies for workload identities. Organizations can block sign-in attempts when Identity Protection detects compromised apps or services. For more information, see: [Create a risk-based Conditional Access policy](../conditional-access/workload-identity.md#create-a-risk-based-conditional-access-policy).
+
+---
+
+### General Availability - API to recover accidentally deleted Service Principals
+
+**Type:** New feature  
+**Service category:** Enterprise Apps        
+**Product capability:** Identity Lifecycle Management     
+
+Restore a recently deleted application, group, servicePrincipal, administrative unit, or user object from deleted items. If an item was accidentally deleted, you can fully restore the item. This isn't applicable to security groups, which are deleted permanently. A recently deleted item remains available for up to 30 days. After 30 days, the item is permanently deleted. For more information, see: [servicePrincipal resource type](/graph/api/resources/serviceprincipal).
+
+---
+
+### General Availability - Using Staged rollout to test Cert Based Authentication (CBA)
+
+**Type:** New feature  
+**Service category:** Authentications (Logins)     
+**Product capability:** Identity Security & Protection   
+
+We're excited to announce the general availability of hybrid cloud Kerberos trust, a new Windows Hello for Business deployment model to enable a password-less sign-in experience. With this new model, we’ve made Windows Hello for Business easier to deploy than the existing key trust and certificate trust deployment models by removing the need for maintaining complicated public key infrastructure (PKI), and Azure Active Directory (AD) Connect synchronization wait times. For more information, see: [Migrate to cloud authentication using Staged Rollout](../hybrid/how-to-connect-staged-rollout.md).
+
+---
 
 ## November 2022
 
 
@@ -21,6 +21,53 @@ Azure AD receives improvements on an ongoing basis. To stay up to date with the
 
 This page updates monthly, so revisit it regularly. If you're looking for items older than six months, you can find them in [Archive for What's new in Sovereign Clouds](whats-new-archive.md).
 
+## June 2023 
+
+### General Availability - Apply RegEx Replace to groups claim content 
+
+
+
+**Type:** New feature   
+**Service category:** Enterprise Apps                  
+**Product capability:** SSO             
+
+Today, when group claims are added to tokens Azure Active Directory attempts to include all of the groups the user is a member of.  In larger organizations where users are members of hundreds of groups this can often exceed the limits of what can go in the token.  This feature enables more customers to connect their apps to Azure Active Directory by making connections easier and more robust through automation of the application’s creation process. This specifically allows the set of groups included in the token to be limited to only those that are assigned to the application. For more information, see: [Regex-based claims transformation](../develop/saml-claims-customization.md#regex-based-claims-transformation).
+
+---
+
+### General Availability - Azure Active Directory SSO integration with Cisco Unified Communications Manager
+
+
+
+**Type:** New feature   
+**Service category:** Enterprise Apps                  
+**Product capability:** Platform              
+
+Cisco Unified Communications Manager (Unified CM) provides reliable, secure, scalable, and manageable call control and session management. When you integrate Cisco Unified Communications Manager with Azure Active Directory, you can:
+
+- Control in Azure Active Directory who has access to Cisco Unified Communications Manager.
+- Enable your users to be automatically signed-in to Cisco Unified Communications Manager with their Azure AD accounts.
+- Manage your accounts in one central location - the Azure portal.
+
+
+For more information, see: [Azure Active Directory SSO integration with Cisco Unified Communications Manager](../saas-apps/cisco-unified-communications-manager-tutorial.md).
+
+---
+
+### General Availability - Number Matching for Microsoft Authenticator notifications
+
+**Type:** Plan for Change  
+**Service category:** Microsoft Authenticator App                      
+**Product capability:** User Authentication             
+
+Microsoft Authenticator app’s number matching feature has been Generally Available since Nov 2022! If you haven't already used the rollout controls (via Azure portal Admin UX and MSGraph APIs) to smoothly deploy number matching for users of Microsoft Authenticator push notifications, we highly encourage you to do so. We previously announced that we'll remove the admin controls and enforce the number match experience tenant-wide for all users of Microsoft Authenticator push notifications starting February 27, 2023. After listening to customers, we'll extend the availability of the rollout controls for a few more weeks. Organizations can continue to use the existing rollout controls until May 8, 2023, to deploy number matching in their organizations. Microsoft services will start enforcing the number matching experience for all users of Microsoft Authenticator push notifications after May 8, 2023. We'll also remove the rollout controls for number matching after that date.
+
+If customers don’t enable number match for all Microsoft Authenticator push notifications prior to May 8, 2023, Authenticator users may experience inconsistent sign-ins while the services are rolling out this change. To ensure consistent behavior for all users, we highly recommend you enable number match for Microsoft Authenticator push notifications in advance.
+
+For more information, see: [How to use number matching in multifactor authentication (MFA) notifications - Authentication methods policy](../authentication/how-to-mfa-number-match.md)
+
+---
+
 ## May 2023
 
 ### General Availability - Admins can now restrict users from self-service accessing their BitLocker keys
@@ -372,37 +419,6 @@ Represents a tenant's customizable terms of use agreement that is created, and m
 
 ---
 
-## December 2022
-
-### General Availability - Risk-based Conditional Access for workload identities
-
-**Type:** New feature  
-**Service category:** Conditional Access          
-**Product capability:** Identity Security & Protection     
-
-Customers can now bring one of the most powerful forms of access control in the industry to workload identities. Conditional Access supports risk-based policies for workload identities. Organizations can block sign-in attempts when Identity Protection detects compromised apps or services. For more information, see: [Create a risk-based Conditional Access policy](../conditional-access/workload-identity.md#create-a-risk-based-conditional-access-policy).
-
----
-
-### General Availability - API to recover accidentally deleted Service Principals
-
-**Type:** New feature  
-**Service category:** Enterprise Apps        
-**Product capability:** Identity Lifecycle Management     
-
-Restore a recently deleted application, group, servicePrincipal, administrative unit, or user object from deleted items. If an item was accidentally deleted, you can fully restore the item. This isn't applicable to security groups, which are deleted permanently. A recently deleted item remains available for up to 30 days. After 30 days, the item is permanently deleted. For more information, see: [servicePrincipal resource type](/graph/api/resources/serviceprincipal).
-
----
-
-### General Availability - Using Staged rollout to test Cert Based Authentication (CBA)
-
-**Type:** New feature  
-**Service category:** Authentications (Logins)     
-**Product capability:** Identity Security & Protection   
-
-We're excited to announce the general availability of hybrid cloud Kerberos trust, a new Windows Hello for Business deployment model to enable a password-less sign-in experience. With this new model, we’ve made Windows Hello for Business easier to deploy than the existing key trust and certificate trust deployment models by removing the need for maintaining complicated public key infrastructure (PKI), and Azure Active Directory (AD) Connect synchronization wait times. For more information, see: [Migrate to cloud authentication using Staged Rollout](../hybrid/how-to-connect-staged-rollout.md).
-
----
 
 ## Next steps
 <!-- Add a context sentence for the following links -->
 
@@ -60,7 +60,7 @@ As of now, following versions of Confluence are supported:
 
 - Confluence: 5.0 to 5.10
 - Confluence: 6.0.1 to 6.15.9
-- Confluence: 7.0.1 to 8.3.0
+- Confluence: 7.0.1 to 8.0.4
 
 > [!NOTE]
 > Please note that our Confluence Plugin also works on Ubuntu Version 16.04
 
@@ -64,7 +64,7 @@ The plug-in supports the following versions of Jira and Confluence:
 * JIRA also supports 5.2. For more details, click [Microsoft Azure Active Directory single sign-on for JIRA 5.2](./jira52microsoft-tutorial.md).
 * Confluence: 5.0 to 5.10.
 * Confluence: 6.0.1 to 6.15.9.
-* Confluence: 7.0.1 to 8.3.0.
+* Confluence: 7.0.1 to 8.0.4.
 
 ## Installation
 
@@ -148,7 +148,7 @@ Confluence:
 
 |Plugin Version   |                                   Release Notes                                           |       Supported JIRA versions       |
 |-----------------|-------------------------------------------------------------------------------------------|-------------------------------------|
-|  6.3.9          |   Bug Fixes:                                                                              | Confluence Server: 7.20.3 to 8.3.0  |
+|  6.3.9          |   Bug Fixes:                                                                              | Confluence Server: 7.20.3 to 8.0.4  |
 |                 |   System Error: Metadata link cannot be configured on SSO plugins.                        |                                     |
 |                 |                                                                                           |                                     |
 |  6.3.8          |   New Feature:                                                                            | Confluence Server: 5.0 to 7.20.1    |
@@ -212,7 +212,7 @@ The plug-in supports these versions:
 * JIRA also supports 5.2. For more details, click [Microsoft Azure Active Directory single sign-on for JIRA 5.2](./jira52microsoft-tutorial.md).
 * Confluence: 5.0 to 5.10.
 * Confluence: 6.0.1 to 6.15.9.
-* Confluence: 7.0.1 to 8.3.0.
+* Confluence: 7.0.1 to 8.0.4.
 
 ### Is the plug-in free or paid?
 
 
@@ -37,7 +37,7 @@ For more information, see [Azure AI services pricing](https://azure.microsoft.co
 
 ## Create a new resource
 
-1. Sign into the [Azure portal](https://portal.azure.com/) and select **Create a new resource** for one of the applicable Azure AI services or Azure AI services listed.
+1. Sign in to the [Azure portal](https://portal.azure.com) and select **Create a new resource** for one of the applicable Azure AI services or Azure AI services listed.
 
 2. Enter the applicable information to create your resource. Be sure to select the standard pricing tier.
 
@@ -50,7 +50,7 @@ For more information, see [Azure AI services pricing](https://azure.microsoft.co
 
 ## Purchase a commitment plan by updating your Azure resource
 
-1. Sign in to the [Azure portal](https://portal.azure.com/) with your Azure subscription.
+1. Sign in to the [Azure portal](https://portal.azure.com) with your Azure subscription.
 2. In your Azure resource for one of the applicable features listed, select **Commitment tier pricing**.
 3. Select **Change** to view the available commitments for hosted API and container usage. Choose a commitment plan for one or more of the following offerings:
     * **Web**: web-based APIs, where you send data to Azure for processing.
 
@@ -45,7 +45,7 @@ If you don't have an Azure subscription, create a [free account](https://azure.m
 
 In this section, you'll use the [Azure portal](https://portal.azure.com?WT.mc_id=academiccontent-github-cxa) to create a storage account. Then you'll create a pair of containers: one to store images uploaded by the user, and another to store image thumbnails generated from the uploaded images.
 
-1. Open the [Azure portal](https://portal.azure.com?WT.mc_id=academiccontent-github-cxa) in your browser. If you're asked to sign in, do so using your Microsoft account.
+1. Sign in to the [Azure portal](https://portal.azure.com?WT.mc_id=academiccontent-github-cxa) in your browser. If you're asked to sign in, do so using your Microsoft account.
 1. To create a storage account, select **+ Create a resource** in the ribbon on the left. Then select **Storage**, followed by **Storage account**.
 
     ![Creating a storage account](Images/new-storage-account.png)
 
@@ -60,7 +60,7 @@ In general, we advise a confidence threshold of `0.4` for the Image Analysis 3.2
 
 On rare occasions, image captions can contain embarrassing errors, such as labeling a male-identifying person as a "woman" or labeling an adult woman as a "girl". We encourage users to consider using the latest Image Analysis 4.0 API (preview) which eliminates some errors by supporting gender-neutral captions.
 
-Please report any embarrassing or offensive captions by going to the [Azure portal](https://ms.portal.azure.com/#home) and navigating to the **Feedback** button in the top right.
+Please report any embarrassing or offensive captions by going to the [Azure portal](https://portal.azure.com) and navigating to the **Feedback** button in the top right.
 
 ## Next Steps 
 Follow a quickstart to begin automatically generating alt text by using image captioning on Image Analysis.