Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into yelevin/manual-incidents

Author: yelevin

.openpublishing.publish.config.json

@@ -986,6 +986,7 @@
     ".openpublishing.redirection.azure-percept.json",
     ".openpublishing.redirection.azure-productivity.json",
     ".openpublishing.redirection.azure-australia.json",
+    ".openpublishing.redirection.aks.json",
     "articles/azure-fluid-relay/.openpublishing.redirection.fluid-relay.json",
     "articles/azure-netapp-files/.openpublishing.redirection.azure-netapp-files.json",
     "articles/azure-relay/.openpublishing.redirection.relay.json",

.openpublishing.redirection.active-directory.json

@@ -10831,11 +10831,6 @@
       "redirect_url": "/azure/active-directory/manage-apps/tutorial-manage-certificates-for-federated-single-sign-on",
       "redirect_document_id": false
     },
-    {
-      "source_path": "articles/active-directory/manage-apps/howto-enforce-signed-saml-authentication.md",
-      "redirect_url": "/azure/active-directory/manage-apps/howto-saml-token-encryption",
-      "redirect_document_id": true
-    },
     {
       "source_path": "articles/active-directory/manage-apps/recover-deleted-apps-faq.md",
       "redirect_url": "/azure/active-directory/manage-apps/delete-recover-faq",
@@ -10845,8 +10840,47 @@
       "source_path": "articles/azure-percept/voice-control-your-inventory-then-visualize-with-power-bi-dashboard.md",
       "redirect_url": "/azure/azure-percept/index",
       "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/fundamentals/active-directory-groups-create-azure-portal.md",
+      "redirect_url": "/azure/active-directory/fundamentals/how-to-manage-groups",
+      "redirect_document_id": false
+    },
+{
+      "source_path_from_root": "/articles/active-directory/fundamentals/active-directory-groups-members-azure-portal.md",
+      "redirect_url": "/azure/active-directory/fundamentals/how-to-manage-groups",
+      "redirect_document_id": false
+    },
+{
+      "source_path_from_root": "/articles/active-directory/fundamentals/active-directory-groups-delete-group.md",
+      "redirect_url": "/azure/active-directory/fundamentals/how-to-manage-groups",
+      "redirect_document_id": false
+    },
+{
+      "source_path_from_root": "/articles/active-directory/fundamentals/active-directory-groups-membership-azure-portal.md",
+      "redirect_url": "/azure/active-directory/fundamentals/how-to-manage-groups",
+      "redirect_document_id": false
+    },
+{
+      "source_path_from_root": "/articles/active-directory/fundamentals/active-directory-groups-settings-azure-portal.md",
+      "redirect_url": "/azure/active-directory/fundamentals/how-to-manage-groups",
+      "redirect_document_id": false
+    },
+{
+      "source_path_from_root": "/articles/active-directory/fundamentals/active-directory-accessmanagement-managing-group-owners.md",
+      "redirect_url": "/azure/active-directory/fundamentals/how-to-manage-groups",
+      "redirect_document_id": false
+    },
+{
+      "source_path_from_root": "/articles/active-directory/fundamentals/active-directory-manage-groups.md",
+      "redirect_url": "/azure/active-directory/fundamentals/concept-learn-about-groups",
+      "redirect_document_id": false
+       },
+{   
+      "source_path_from_root": "/articles/active-directory/fundamentals/keep-me-signed-in.md",
+      "redirect_url": "/azure/active-directory/fundamentals/customize-branding",
+      "redirect_document_id": false
     }
 
-
   ]
 }

.openpublishing.redirection.aks.json

@@ -0,0 +1,9 @@
+{
+  "redirections": [
+    {
+      "source_path_from_root": "/articles/aks/azure-cni-overlay.md",
+      "redirect_url": "/azure/aks",
+      "redirect_document_id": false
+    }
+  ]
+}

.openpublishing.redirection.json

@@ -34248,6 +34248,11 @@
     "redirect_url":  "/azure/virtual-machines/windows/connect-winrm",
     "redirect_document_id":  false
 },
+{
+    "source_path_from_root":  "/articles/azure-arc/servers/data-residency.md",
+    "redirect_url":  "/azure/azure-arc/servers/overview",
+    "redirect_document_id":  false
+},
 {
   "source_path_from_root": "/articles/virtual-machines/linux/copy-files-to-linux-vm-using-scp.md",
   "redirect_url": "/azure/virtual-machines/copy-files-to-vm-using-scp",

articles/active-directory-b2c/enable-authentication-web-api.md

@@ -443,7 +443,7 @@ Under the project root folder, create a *config.json* file, and then add to it t
 ```json
 {
     "credentials": {
-        "tenantName": "<your-tenant-name>",
+        "tenantName": "<your-tenant-name>.onmicrosoft.com",
         "clientID": "<your-webapi-application-ID>",
         "issuer": "https://<your-tenant-name>.b2clogin.com/<your-tenant-ID>/v2.0/"
     },
@@ -470,7 +470,7 @@ In the *config.json* file, update the following properties:
 
 |Section  |Key  |Value  |
 |---------|---------|---------|
-| credentials | tenantName | The first part of your Azure AD B2C [tenant name](tenant-management.md#get-your-tenant-name) (for example, `contoso`).|
+| credentials | tenantName | Your Azure AD B2C [tenant name/domain name](tenant-management.md#get-your-tenant-name) (for example, `contoso.onmicrosoft.com`).|
 | credentials |clientID | The web API application ID. In the [preceding diagram](#app-registration-overview), it's the application with *App ID: 2*. To learn how to get your web API application registration ID, see [Prerequisites](#prerequisites). |
 | credentials | issuer| The token issuer `iss` claim value. By default, Azure AD B2C returns the token in the following format: `https://<your-tenant-name>.b2clogin.com/<your-tenant-ID>/v2.0/`. Replace `<your-tenant-name>` with the first part of your Azure AD B2C [tenant name](tenant-management.md#get-your-tenant-name). Replace `<your-tenant-ID>` with your [Azure AD B2C tenant ID](tenant-management.md#get-your-tenant-id). |
 | policies | policyName | The user flows, or custom policy. To learn how to get your user flow or policy, see [Prerequisites](#prerequisites).|

articles/active-directory-domain-services/alert-service-principal.md

@@ -10,7 +10,7 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: troubleshooting
-ms.date: 07/09/2020
+ms.date: 09/04/2022
 ms.author: justinha
 
 ---
@@ -34,7 +34,7 @@ To check which service principal is missing and must be recreated, complete the
 
 1. In the Azure portal, select **Azure Active Directory** from the left-hand navigation menu.
 1. Select **Enterprise applications**. Choose *All applications* from the **Application Type** drop-down menu, then select **Apply**.
-1. Search for each of the following application IDs. If no existing application is found, follow the *Resolution* steps to create the service principal or re-register the namespace.
+1. Search for each of the following application IDs. For Azure Global, search for AppId value *2565bd9d-da50-47d4-8b85-4c97f669dc36*. For other Azure clouds, search for AppId value *6ba9a5d4-8456-4118-b521-9c5ca10cdf84*. If no existing application is found, follow the *Resolution* steps to create the service principal or re-register the namespace.
 
     | Application ID | Resolution |
     | :--- | :--- |
@@ -45,7 +45,7 @@ To check which service principal is missing and must be recreated, complete the
 
 ### Recreate a missing Service Principal
 
-If application ID *2565bd9d-da50-47d4-8b85-4c97f669dc36* is missing from your Azure AD directory, use Azure AD PowerShell to complete the following steps. For more information, see [Azure AD PowerShell](/powershell/azure/active-directory/install-adv2).
+If application ID *2565bd9d-da50-47d4-8b85-4c97f669dc36* is missing from your Azure AD directory in Azure Global, use Azure AD PowerShell to complete the following steps. For other Azure clouds, use AppId value *6ba9a5d4-8456-4118-b521-9c5ca10cdf84*. For more information, see [Azure AD PowerShell](/powershell/azure/active-directory/install-adv2).
 
 1. If needed, install the Azure AD PowerShell module and import it as follows:
 

articles/active-directory-domain-services/powershell-create-instance.md

@@ -10,7 +10,7 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: sample
-ms.date: 08/17/2022
+ms.date: 09/1/2022
 ms.author: justinha
 ms.custom: devx-track-azurepowershell
 
@@ -48,7 +48,7 @@ To complete this article, you need the following resources:
 
 Azure AD DS requires a service principal to authenticate and communicate and an Azure AD group to define which users have administrative permissions in the managed domain.
 
-First, create an Azure AD service principal by using a specific application ID named *Domain Controller Services*. The ID value is *2565bd9d-da50-47d4-8b85-4c97f669dc36*. Don't change this application ID.
+First, create an Azure AD service principal by using a specific application ID named *Domain Controller Services*. The ID value is *2565bd9d-da50-47d4-8b85-4c97f669dc36* for global Azure and *6ba9a5d4-8456-4118-b521-9c5ca10cdf84* for other Azure clouds. Don't change this application ID.
 
 Create an Azure AD service principal using the [New-AzureADServicePrincipal][New-AzureADServicePrincipal] cmdlet:
 
@@ -230,7 +230,7 @@ When the Azure portal shows that the managed domain has finished provisioning, t
 
 ## Complete PowerShell script
 
-The following complete PowerShell script combines all of the tasks shown in this article. Copy the script and save it to a file with a `.ps1` extension. Run the script in a local PowerShell console or the [Azure Cloud Shell][cloud-shell].
+The following complete PowerShell script combines all of the tasks shown in this article. Copy the script and save it to a file with a `.ps1` extension. For Azure Global, use AppId value *2565bd9d-da50-47d4-8b85-4c97f669dc36*. For other Azure clouds, use AppId value *6ba9a5d4-8456-4118-b521-9c5ca10cdf84*. Run the script in a local PowerShell console or the [Azure Cloud Shell][cloud-shell].
 
 > [!NOTE]
 > To enable Azure AD DS, you must be a global administrator for the Azure AD tenant. You also need at least *Contributor* privileges in the Azure subscription.
@@ -251,7 +251,7 @@ Connect-AzureAD
 Connect-AzAccount
 
 # Create the service principal for Azure AD Domain Services.
-New-AzureADServicePrincipal -AppId "6ba9a5d4-8456-4118-b521-9c5ca10cdf84"
+New-AzureADServicePrincipal -AppId "2565bd9d-da50-47d4-8b85-4c97f669dc36"
 
 # First, retrieve the object ID of the 'AAD DC Administrators' group.
 $GroupObjectId = Get-AzureADGroup `

articles/active-directory/app-provisioning/use-scim-to-provision-users-and-groups.md

@@ -196,7 +196,8 @@ Use the general guidelines when implementing a SCIM endpoint to ensure compatibi
 * Microsoft Azure AD makes requests to fetch a random user and group to ensure that the endpoint and the credentials are valid. It's also done as a part of the **Test Connection** flow in the [Azure portal](https://portal.azure.com). 
 * Support HTTPS on your SCIM endpoint.
 * Custom complex and multivalued attributes are supported but Azure AD doesn't have many complex data structures to pull data from in these cases. Simple paired name/value type complex attributes can be mapped to easily, but flowing data to complex attributes with three or more subattributes aren't well supported at this time.
-* The "type" subattribute values of multivalued complex attributes must be unique. For example, there can't be two different email addresses with the "work" subtype. 
+* The "type" subattribute values of multivalued complex attributes must be unique. For example, there can't be two different email addresses with the "work" subtype.
+* The header for all the responses should be of content-Type: application/scim+json 
 
 ### Retrieving Resources:
 

articles/active-directory/app-proxy/application-proxy-security.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-proxy
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 04/21/2021
+ms.date: 09/02/2022
 ms.author: kenwith
 ms.reviewer: ashishj
 ---
@@ -23,7 +23,7 @@ The following diagram shows how Azure AD enables secure remote access to your on
 
 ## Security benefits
 
-Azure AD Application Proxy offers the following security benefits:
+Azure AD Application Proxy offers many security benefits including authenticated access, conditional access, traffic termination, all outbound access, cloud scale analytics and machine learning, and remote access as a service. It is important to note that even with all of the added security provided by Application Proxy, the systems being accessed must continually be updated with the latest patches.
 
 ### Authenticated access 
 

articles/active-directory/authentication/concepts-azure-multi-factor-authentication-prompts-session-lifetime.md

@@ -68,7 +68,7 @@ When a user selects **Yes** on the *Stay signed in?* option during sign-in, a pe
 
 If you have an Azure AD Premium 1 license, we recommend using Conditional Access policy for *Persistent browser session*. This policy overwrites the *Stay signed in?* setting and provides an improved user experience. If you don't have an Azure AD Premium 1 license, we recommend enabling the stay signed in setting for your users.
 
-For more information on configuring the option to let users remain signed-in, see [Customize your Azure AD sign-in page](../fundamentals/customize-branding.md#customize-your-azure-ad-sign-in-page).
+For more information on configuring the option to let users remain signed-in, see [Customize your Azure AD sign-in page](../fundamentals/customize-branding.md#learn-about-the-stay-signed-in-prompt).
 
 ### Remember Multi-Factor Authentication