Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into crosstenant

Author: liudan66

.openpublishing.publish.config.json

@@ -528,7 +528,7 @@
     {
       "path_to_root": "azure-sdk-for-go-samples",
       "url": "https://github.com/Azure-Samples/azure-sdk-for-go-samples",
-      "branch": "master",
+      "branch": "main",
       "branch_mapping": {}
     },
     {

.openpublishing.redirection.defender-for-cloud.json

@@ -62,7 +62,7 @@
         },
         {
             "source_path_from_root": "/articles/defender-for-cloud/supported-machines-endpoint-solutions-clouds.md",
-            "redirect_url": "/articles/defender-for-cloud/supported-machines-endpoint-solutions-clouds-containers",
+            "redirect_url": "/azure/defender-for-cloud/supported-machines-endpoint-solutions-clouds-containers",
             "redirect_document_id": false
         },
         {

.openpublishing.redirection.json

@@ -14968,6 +14968,11 @@
       "redirect_url": "/azure/defender-for-iot/organizations/tutorial-qradar",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/iot-edge/how-to-devops-starter.md",
+      "redirect_url": "/azure/iot-edge/how-to-continuous-integration-continuous-deployment-classic/",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/ansible/index.yml",
       "redirect_url": "/azure/developer/ansible/",
@@ -25208,6 +25213,11 @@
       "redirect_url": "/azure/azure-sql/managed-instance/scripts/create-configure-managed-instance-cli",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/azure-sql/managed-instance/azure-app-sync-network-configuration.md",
+      "redirect_url": "/azure/azure-sql/managed-instance/index.yml",
+      "redirect_document_id": false
+    },    
     {
       "source_path_from_root": "/articles/sql-database/scripts/sql-database-copy-database-to-new-server-cli.md",
       "redirect_url": "/azure/azure-sql/database/scripts/copy-database-to-new-server-cli",

articles/active-directory-b2c/partner-f5.md

@@ -2,8 +2,8 @@
 title: Tutorial to enable Secure Hybrid Access to applications with Azure AD B2C and F5 BIG-IP
 titleSuffix: Azure AD B2C
 description: Learn how to integrate Azure AD B2C authentication with F5 BIG-IP for secure hybrid access 
-author: NishthaBabith-V
-ms.author: v-nisba
+author: KarenH444
+ms.author: celested
 manager: CelesteDG
 ms.reviewer: kengaderdus
 ms.service: active-directory

articles/active-directory-b2c/quickstart-web-app-dotnet.md

@@ -31,7 +31,7 @@ In this quickstart, you use an ASP.NET application to sign in using a social ide
     git clone https://github.com/Azure-Samples/active-directory-b2c-dotnet-webapp-and-webapi.git
     ```
 
-    There are two projects are in the sample solution:
+    There are two projects in the sample solution:
 
     - **TaskWebApp** - A web application that creates and edits a task list. The web application uses the **sign-up or sign-in** user flow to sign up or sign in users.
     - **TaskService** - A web API that supports the create, read, update, and delete task list functionality. The web API is protected by Azure AD B2C and called by the web application.

articles/active-directory-domain-services/network-considerations.md

@@ -42,7 +42,7 @@ As you design the virtual network for Azure AD DS, the following considerations
 
 A managed domain connects to a subnet in an Azure virtual network. Design this subnet for Azure AD DS with the following considerations:
 
-* A managed domain must be deployed in its own subnet. Don't use an existing subnet or a gateway subnet.
+* A managed domain must be deployed in its own subnet. Don't use an existing subnet or a gateway subnet. This includes the usage of remote gateways settings in the virtual network peering which puts the managed domain in an unsupported state.
 * A network security group is created during the deployment of a managed domain. This network security group contains the required rules for correct service communication.
     * Don't create or use an existing network security group with your own custom rules.
 * A managed domain requires 3-5 IP addresses. Make sure that your subnet IP address range can provide this number of addresses.
@@ -188,4 +188,4 @@ For more information about some of the network resources and connection options
 
 * [Azure virtual network peering](../virtual-network/virtual-network-peering-overview.md)
 * [Azure VPN gateways](../vpn-gateway/vpn-gateway-about-vpn-gateway-settings.md)
-* [Azure network security groups](../virtual-network/network-security-groups-overview.md)
+* [Azure network security groups](../virtual-network/network-security-groups-overview.md)

articles/active-directory/app-provisioning/provision-on-demand.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.workload: identity
 ms.topic: how-to
-ms.date: 05/11/2021
+ms.date: 03/09/2022
 ms.author: kenwith
 ms.reviewer: arvinh
 ---
@@ -147,7 +147,8 @@ There are currently a few known limitations to on-demand provisioning. Post your
 * Amazon Web Services (AWS) application does not support on-demand provisioning. 
 * On-demand provisioning of groups and roles isn't supported.
 * On-demand provisioning supports disabling users that have been unassigned from the application. However, it doesn't support disabling or deleting users that have been disabled or deleted from Azure AD. Those users won't appear when you search for a user.
+* Provisioning multiple roles on a user isn't supported by on-demand provisioning. 
 
 ## Next steps
 
-* [Troubleshooting provisioning](./application-provisioning-config-problem.md)
+* [Troubleshooting provisioning](./application-provisioning-config-problem.md)

articles/active-directory/app-provisioning/skip-out-of-scope-deletions.md

@@ -76,7 +76,7 @@ Copy the updated text from Step 3 into the "Request Body".
 
 Click on “Run Query”. 
 
-You should get the output as "Success – Status Code 204". 
+You should get the output as "Success – Status Code 204". If you receive an error you may need to check that your account has Read/Write permissions for ServicePrincipalEndpoint. You can find this permission by clicking on the *Modify permissions* tab in Graph Explorer.
 
    ![PUT response](./media/skip-out-of-scope-deletions/skip-06.png)
 

articles/active-directory/app-provisioning/use-scim-to-build-users-and-groups-endpoints.md

@@ -99,7 +99,7 @@ The default token validation code is configured to use an Azure AD token and req
 
 After you deploy the SCIM endpoint, you can test to ensure that it's compliant with SCIM RFC. This example provides a set of tests in Postman that validate CRUD (create, read, update, and delete) operations on users and groups, filtering, updates to group membership, and disabling users.
 
-The endpoints are in the `{host}/scim/` directory, and you can use standard HTTP requests to interact with them. To modify the `/scim/` route, see *TokenController.cs* in **SCIMReferenceCode** > **Microsoft.SCIM.WebHostSample** > **Controllers**.
+The endpoints are in the `{host}/scim/` directory, and you can use standard HTTP requests to interact with them. To modify the `/scim/` route, see *ControllerConstant.cs* in **AzureADProvisioningSCIMreference** > **ScimReferenceApi** > **Controllers**.
 
 > [!NOTE]
 > You can only use HTTP endpoints for local tests. The Azure AD provisioning service requires that your endpoint support HTTPS.
@@ -141,4 +141,4 @@ To develop a SCIM-compliant user and group endpoint with interoperability for a
 
 > [!div class="nextstepaction"]
 > [Tutorial: Develop and plan provisioning for a SCIM endpoint](use-scim-to-provision-users-and-groups.md)
-> [Tutorial: Configure provisioning for a gallery app](configure-automatic-user-provisioning-portal.md)
+> [Tutorial: Configure provisioning for a gallery app](configure-automatic-user-provisioning-portal.md)

articles/active-directory/app-proxy/application-proxy-high-availability-load-balancing.md

@@ -28,7 +28,7 @@ Connectors establish their connections based on principles for high availability
 ![Diagram showing connections between users and connectors](media/application-proxy-high-availability-load-balancing/application-proxy-connections.png)
 
 1. A user on a client device tries to access an on-premises application published through Application Proxy.
-2. The request goes through an Azure Load Balancer to determine which Application Proxy service instance should take the request. Per region, there are tens of instances available to accept the request. This method helps to evenly distribute the traffic across the service instances.
+2. The request goes through an Azure Load Balancer to determine which Application Proxy service instance should take the request. There are tens of instances available to accept the requests for all traffic in the region. This method helps to evenly distribute the traffic across the service instances.
 3. The request is sent to [Service Bus](../../service-bus-messaging/index.yml).
 4. Service Bus signals to an available connector. The connector then picks up the request from Service Bus.
    - In step 2, requests go to different Application Proxy service instances, so connections are more likely to be made with different connectors. As a result, connectors are almost evenly used within the group.
@@ -89,4 +89,4 @@ Refer to your software vendor's documentation to understand the load-balancing r
 - [Enable single-sign on](application-proxy-configure-single-sign-on-with-kcd.md)
 - [Enable Conditional Access](./application-proxy-integrate-with-sharepoint-server.md)
 - [Troubleshoot issues you're having with Application Proxy](application-proxy-troubleshoot.md)
-- [Learn how Azure AD architecture supports high availability](../fundamentals/active-directory-architecture.md)
+- [Learn how Azure AD architecture supports high availability](../fundamentals/active-directory-architecture.md)