Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Banani-Rath

.openpublishing.publish.config.json

@@ -836,6 +836,7 @@
     "articles/event-hubs/.openpublishing.redirection.event-hubs.json",
     "articles/hdinsight/.openpublishing.redirection.hdinsight.json",
     "articles/iot-central/.openpublishing.redirection.iot-central.json",
+    "articles/iot-accelerators/.openpublishing.redirection.iot-accelerators.json",
     "articles/iot-develop/.openpublishing.redirection.iot-develop.json",
     "articles/iot-edge/.openpublishing.redirection.iot-edge.json",
     "articles/marketplace/.openpublishing.redirection.marketplace.json",

.openpublishing.redirection.json

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: how-to
-ms.date: 03/04/2021
+ms.date: 09/27/2021
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -21,31 +21,31 @@ Accounts that are assigned administrative rights are targeted by attackers. Requ
 
 Microsoft recommends you require MFA on the following roles at a minimum:
 
-* Application administrator
-* Authentication Administrator
-* Billing administrator
-* Cloud application administrator
-* Conditional Access administrator
-* Exchange administrator
-* Global administrator
-* Helpdesk administrator
-* Password administrator
-* Privileged authentication administrator
-* Privileged Role Administrator
-* Security administrator
-* SharePoint administrator
-* User administrator
+- Global administrator
+- Application administrator
+- Authentication Administrator
+- Billing administrator
+- Cloud application administrator
+- Conditional Access administrator
+- Exchange administrator
+- Helpdesk administrator
+- Password administrator
+- Privileged authentication administrator
+- Privileged Role Administrator
+- Security administrator
+- SharePoint administrator
+- User administrator
 
 Organizations can choose to include or exclude roles as they see fit.
 
 ## User exclusions
 
 Conditional Access policies are powerful tools, we recommend excluding the following accounts from your policy:
 
-* **Emergency access** or **break-glass** accounts to prevent tenant-wide account lockout. In the unlikely scenario all administrators are locked out of your tenant, your emergency-access administrative account can be used to log into the tenant take steps to recover access.
-   * More information can be found in the article, [Manage emergency access accounts in Azure AD](../roles/security-emergency-access.md).
-* **Service accounts** and **service principals**, such as the Azure AD Connect Sync Account. Service accounts are non-interactive accounts that are not tied to any particular user. They are normally used by back-end services allowing programmatic access to applications, but are also used to sign in to systems for administrative purposes. Service accounts like these should be excluded since MFA can't be completed programmatically. Calls made by service principals are not blocked by Conditional Access.
-   * If your organization has these accounts in use in scripts or code, consider replacing them with [managed identities](../managed-identities-azure-resources/overview.md). As a temporary workaround, you can exclude these specific accounts from the baseline policy.
+- **Emergency access** or **break-glass** accounts to prevent tenant-wide account lockout. In the unlikely scenario all administrators are locked out of your tenant, your emergency-access administrative account can be used to log into the tenant take steps to recover access.
+   - More information can be found in the article, [Manage emergency access accounts in Azure AD](../roles/security-emergency-access.md).
+- **Service accounts** and **service principals**, such as the Azure AD Connect Sync Account. Service accounts are non-interactive accounts that are not tied to any particular user. They are normally used by back-end services allowing programmatic access to applications, but are also used to sign in to systems for administrative purposes. Service accounts like these should be excluded since MFA can't be completed programmatically. Calls made by service principals are not blocked by Conditional Access.
+   - If your organization has these accounts in use in scripts or code, consider replacing them with [managed identities](../managed-identities-azure-resources/overview.md). As a temporary workaround, you can exclude these specific accounts from the baseline policy.
 
 ## Create a Conditional Access policy
 
@@ -57,20 +57,20 @@ The following steps will help create a Conditional Access policy to require thos
 1. Give your policy a name. We recommend that organizations create a meaningful standard for the names of their policies.
 1. Under **Assignments**, select **Users and groups**
    1. Under **Include**, select **Directory roles** and choose built-in roles like:
-      * Application administrator
-      * Authentication Administrator
-      * Billing administrator
-      * Cloud application administrator
-      * Conditional Access administrator
-      * Exchange administrator
-      * Global administrator
-      * Helpdesk administrator
-      * Password administrator
-      * Privileged authentication administrator
-      * Privileged Role Administrator
-      * Security administrator
-      * SharePoint administrator
-      * User administrator
+      - Global administrator
+      - Application administrator
+      - Authentication Administrator
+      - Billing administrator
+      - Cloud application administrator
+      - Conditional Access administrator
+      - Exchange administrator
+      - Helpdesk administrator
+      - Password administrator
+      - Privileged authentication administrator
+      - Privileged Role Administrator
+      - Security administrator
+      - SharePoint administrator
+      - User administrator
 
       > [!WARNING]
       > Conditional Access policies support built-in roles. Conditional Access policies are not enforced for other role types including [administrative unit-scoped](../roles/admin-units-assign-roles.md) or [custom roles](../roles/custom-create.md).

articles/active-directory/conditional-access/howto-conditional-access-policy-admin-mfa.md

@@ -10,7 +10,7 @@ ms.date: 10/29/2020
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
-manager: daveba
+manager: karenhoran
 ms.reviewer: martinco
 
 ms.collection: M365-identity-device-management

articles/active-directory/fundamentals/active-directory-deployment-checklist-p2.md

@@ -10,7 +10,7 @@ ms.date: 01/26/2021
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
-manager: daveba
+manager: karenhoran
 ms.reviewer: rogoya
 
 ms.collection: M365-identity-device-management

articles/active-directory/fundamentals/concept-fundamentals-block-legacy-authentication.md

@@ -6,11 +6,11 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
-ms.date: 09/17/2021
+ms.date: 09/27/2021
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
-manager: daveba
+manager: karenhoran
 ms.reviewer: lvandenende
 
 ms.collection: M365-identity-device-management
@@ -59,18 +59,18 @@ Users with privileged access have increased access to your environment. Because
 After registration with Azure AD Multi-Factor Authentication is finished, the following nine Azure AD administrator roles will be required to do extra authentication every time they sign in:
 
 - Global administrator
-- SharePoint administrator
-- Exchange administrator
-- Conditional Access administrator
-- Security administrator
-- Helpdesk administrator
-- Billing administrator
-- User administrator
-- Authentication administrator
-- Password administrator
-- Privileged authentication administrator
-- Application administrator
-- Cloud application administrator
+- Application administrator
+- Authentication administrator
+- Billing administrator
+- Cloud application administrator
+- Conditional Access administrator
+- Exchange administrator
+- Helpdesk administrator
+- Password administrator
+- Privileged authentication administrator
+- Security administrator
+- SharePoint administrator
+- User administrator
 
 > [!WARNING]
 > Ensure your directory has at least two accounts with global administrator privileges assigned to them. This will help in the case that one global administrator is locked out. For more detail see the article, [Manage emergency access accounts in Azure AD](../roles/security-emergency-access.md).

articles/active-directory/fundamentals/concept-fundamentals-security-defaults.md

@@ -10,7 +10,7 @@ ms.date: 04/27/2020
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
-manager: daveba
+manager: karenhoran
 ms.reviewer: davidspo
 
 ms.collection: M365-identity-device-management

articles/active-directory/fundamentals/concept-secure-remote-workers.md

@@ -2,7 +2,7 @@
 title: Use Azure AD in Azure Automation to authenticate to Azure
 description: This article tells how to use Azure AD within Azure Automation as the provider for authentication to Azure. 
 services: automation
-ms.date: 03/30/2020
+ms.date: 09/23/2021
 ms.topic: conceptual 
 ms.custom: devx-track-azurepowershell
 ---
@@ -46,7 +46,7 @@ Before installing the Azure AD modules on your computer:
 
 1. Ensure that the Microsoft .NET Framework 3.5.x feature is enabled on your computer. It's likely that your computer has a newer version installed, but backward compatibility with older versions of the .NET Framework can be enabled or disabled. 
 
-2. Install the 64-bit version of the [Microsoft Online Services Sign-in Assistant](/microsoft-365/enterprise/connect-to-microsoft-365-powershell?view=o365-worldwide#step-1-install-the-required-software-1).
+2. Install the 64-bit version of the [Microsoft Online Services Sign-in Assistant](/microsoft-365/enterprise/connect-to-microsoft-365-powershell?view=o365-worldwide&preserve-view=true#step-1-install-the-required-software-1).
 
 3. Run Windows PowerShell as an administrator to create an elevated Windows PowerShell command prompt.
 
@@ -92,10 +92,10 @@ To prepare a new credential asset in Windows PowerShell, your script first creat
 
 ## Manage Azure resources from an Azure Automation runbook
 
-You can manage Azure resources from Azure Automation runbooks using the credential asset. Below is an example PowerShell runbook that collects the credential asset to use for stopping and starting virtual machines in an Azure subscription. This runbook first uses `Get-AutomationPSCredential` to retrieve the credential to use to authenticate to Azure. It then calls the [Connect-AzAccount](/powershell/module/az.accounts/connect-azaccount) cmdlet to connect to Azure using the credential. The script uses the [Select-AzureSubscription](/powershell/module/servicemanagement/azure.service/select-azuresubscription) cmdlet to choose the subscription to work with. 
+You can manage Azure resources from Azure Automation runbooks using the credential asset. Below is an example PowerShell runbook that collects the credential asset to use for stopping and starting virtual machines in an Azure subscription. This runbook first uses `Get-AutomationPSCredential` to retrieve the credential to use to authenticate to Azure. It then calls the [Connect-AzAccount](/powershell/module/az.accounts/connect-azaccount) cmdlet to connect to Azure using the credential. 
 
-```azurepowershell
-Workflow Stop-Start-AzureVM 
+```powershell
+Workflow Workflow
 { 
     Param 
     (    
@@ -110,9 +110,25 @@ Workflow Stop-Start-AzureVM
         $Action 
     ) 
      
-    $credential = Get-AutomationPSCredential -Name 'AzureCredential' 
-    Connect-AzAccount -Credential $credential 
-    Select-AzureSubscription -SubscriptionId $AzureSubscriptionId 
+    # Ensures you do not inherit an AzContext in your runbook
+    Disable-AzContextAutosave -Scope Process
+
+    # Connect to Azure with system-assigned managed identity
+    $AzureContext = (Connect-AzAccount -Identity).context
+
+    # set and store context
+    $AzureContext = Set-AzContext -SubscriptionName $AzureContext.Subscription -DefaultProfile $AzureContext 
+
+    # get credential
+    $credential = Get-AutomationPSCredential -Name "AzureCredential"
+
+    # Connect to Azure with credential
+    $AzureContext = (Connect-AzAccount -Credential $credential -TenantId $AzureContext.Subscription.TenantId).context 
+
+    # set and store context
+    $AzureContext = Set-AzContext -SubscriptionName $AzureContext.Subscription `
+        -TenantId $AzureContext.Subscription.TenantId `
+        -DefaultProfile $AzureContext
  
     if($AzureVMList -ne "All") 
     { 
@@ -121,14 +137,13 @@ Workflow Stop-Start-AzureVM
     } 
     else 
     { 
-        $AzureVMs = (Get-AzVM).Name 
+        $AzureVMs = (Get-AzVM -DefaultProfile $AzureContext).Name 
         [System.Collections.ArrayList]$AzureVMsToHandle = $AzureVMs 
- 
     } 
  
     foreach($AzureVM in $AzureVMsToHandle) 
     { 
-        if(!(Get-AzVM | ? {$_.Name -eq $AzureVM})) 
+        if(!(Get-AzVM -DefaultProfile $AzureContext | ? {$_.Name -eq $AzureVM})) 
         { 
             throw " AzureVM : [$AzureVM] - Does not exist! - Check your inputs " 
         } 
@@ -139,15 +154,15 @@ Workflow Stop-Start-AzureVM
         Write-Output "Stopping VMs"; 
         foreach -parallel ($AzureVM in $AzureVMsToHandle) 
         { 
-            Get-AzVM | ? {$_.Name -eq $AzureVM} | Stop-AzVM -Force 
+            Get-AzVM -DefaultProfile $AzureContext | ? {$_.Name -eq $AzureVM} | Stop-AzVM -DefaultProfile $AzureContext -Force 
         } 
     } 
     else 
     { 
         Write-Output "Starting VMs"; 
         foreach -parallel ($AzureVM in $AzureVMsToHandle) 
         { 
-            Get-AzVM | ? {$_.Name -eq $AzureVM} | Start-AzVM 
+            Get-AzVM -DefaultProfile $AzureContext | ? {$_.Name -eq $AzureVM} | Start-AzVM -DefaultProfile $AzureContext
         } 
     } 
 }

articles/automation/automation-use-azure-ad.md

@@ -639,54 +639,55 @@ To add the JavaScript:
     //Load a custom image icon into the map resources.
     map.imageSprite.add('myCustomIcon', iconImageUrl).then(function() {
 
-    //Create a layer to render a coffee cup symbol above each bubble for an individual location.
-    iconLayer = new atlas.layer.SymbolLayer(datasource, null, {
-        iconOptions: {
-            //Pass in the ID of the custom icon that was loaded into the map resources.
-            image: 'myCustomIcon',
-
-            //Optionally, scale the size of the icon.
-            font: ['SegoeUi-Bold'],
-
-            //Anchor the center of the icon image to the coordinate.
-            anchor: 'center',
-
-            //Allow the icons to overlap.
-            allowOverlap: true
-        },
-
-        filter: ['!', ['has', 'point_count']] //Filter out clustered points from this layer.
-    });
-
-    map.layers.add(iconLayer);
-
-    //When the mouse is over the cluster and icon layers, change the cursor to a pointer.
-    map.events.add('mouseover', [clusterBubbleLayer, iconLayer], function() {
-        map.getCanvasContainer().style.cursor = 'pointer';
-    });
-
-    //When the mouse leaves the item on the cluster and icon layers, change the cursor back to the default (grab).
-    map.events.add('mouseout', [clusterBubbleLayer, iconLayer], function() {
-        map.getCanvasContainer().style.cursor = 'grab';
-    });
-
-    //Add a click event to the cluster layer. When the user selects a cluster, zoom into it by two levels.  
-    map.events.add('click', clusterBubbleLayer, function(e) {
-        map.setCamera({
-            center: e.position,
-            zoom: map.getCamera().zoom + 2
-        });
-    });
-
-    //Add a click event to the icon layer and show the shape that was selected.
-    map.events.add('click', iconLayer, function(e) {
-        showPopup(e.shapes[0]);
-    });
-
-    //Add an event to monitor when the map is finished rendering the map after it has moved.
-    map.events.add('render', function() {
-        //Update the data in the list.
-        updateListItems();
+       //Create a layer to render a coffee cup symbol above each bubble for an individual location.
+       iconLayer = new atlas.layer.SymbolLayer(datasource, null, {
+           iconOptions: {
+               //Pass in the ID of the custom icon that was loaded into the map resources.
+               image: 'myCustomIcon',
+
+               //Optionally, scale the size of the icon.
+               font: ['SegoeUi-Bold'],
+
+               //Anchor the center of the icon image to the coordinate.
+               anchor: 'center',
+
+               //Allow the icons to overlap.
+               allowOverlap: true
+           },
+
+           filter: ['!', ['has', 'point_count']] //Filter out clustered points from this layer.
+       });
+
+       map.layers.add(iconLayer);
+
+       //When the mouse is over the cluster and icon layers, change the cursor to a pointer.
+       map.events.add('mouseover', [clusterBubbleLayer, iconLayer], function() {
+           map.getCanvasContainer().style.cursor = 'pointer';
+       });
+
+       //When the mouse leaves the item on the cluster and icon layers, change the cursor back to the default (grab).
+       map.events.add('mouseout', [clusterBubbleLayer, iconLayer], function() {
+           map.getCanvasContainer().style.cursor = 'grab';
+       });
+
+       //Add a click event to the cluster layer. When the user selects a cluster, zoom into it by two levels.  
+       map.events.add('click', clusterBubbleLayer, function(e) {
+           map.setCamera({
+               center: e.position,
+               zoom: map.getCamera().zoom + 2
+           });
+       });
+
+       //Add a click event to the icon layer and show the shape that was selected.
+       map.events.add('click', iconLayer, function(e) {
+           showPopup(e.shapes[0]);
+       });
+
+       //Add an event to monitor when the map is finished rendering the map after it has moved.
+       map.events.add('render', function() {
+           //Update the data in the list.
+           updateListItems();
+       });
     });
     ```
 

articles/azure-maps/tutorial-create-store-locator.md

@@ -3,6 +3,7 @@ title: What is Azure Relay? | Microsoft Docs
 description: This article provides an overview of the Azure Relay service, which allows you to develop cloud applications that consume on-premises services running in your corporate network without opening a firewall connection or making intrusive changes to your network infrastructure.  
 ms.topic: conceptual
 ms.date: 09/02/2021
+ms.custom: contperf-fy22q1
 ---
 
 # What is Azure Relay?