Merge pull request #218500 from MicrosoftDocs/main

11/15 PM Publish

Author: huypub

.openpublishing.redirection.json

@@ -790,7 +790,7 @@
         },
         {
             "source_path_from_root": "/articles/aks/concepts-diagnostics.md",
-            "redirect_url": "/troubleshoot/azure/azure-kubernetes/welcome-azure-kubernetes",
+            "redirect_url": "/azure/aks/aks-diagnostics",
             "redirect_document_id": false
         },
         {

articles/active-directory-b2c/index.yml

@@ -244,7 +244,7 @@ conceptualContent:
             url: azure-sentinel.md
             itemType: how-to-guide             
           - text: Regulations
-            url: https://docs.microsoft.com/azure/compliance/
+            url: ../compliance/index.yml
             itemType: concept 
           #- text: 'Manage user access: Minors and parental consent'
            #  url: manage-user-access.md
@@ -364,4 +364,4 @@ tools:
   - title: MSAL React
     url: https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/tree/main/3-Authorization-II/2-call-api-b2c
     imageSrc: ../active-directory/develop/media/hub/react.svg
-## BAND 4 - TOOLS END #######################################################################################################################################
+## BAND 4 - TOOLS END #######################################################################################################################################

articles/active-directory/app-provisioning/on-premises-ecma-troubleshoot.md

@@ -7,7 +7,7 @@ manager: amycolannino
 ms.service: active-directory
 ms.workload: identity
 ms.topic: overview
-ms.date: 04/04/2022
+ms.date: 11/12/2022
 ms.subservice: hybrid
 ms.author: billmath
 ms.collection: M365-identity-device-management
@@ -16,7 +16,7 @@ ms.collection: M365-identity-device-management
 # Troubleshoot on-premises application provisioning
 
 ## Troubleshoot test connection issues
-After you configure the provisioning agent and ECMA host, it's time to test connectivity from the Azure Active Directory (Azure AD) provisioning service to the provisioning agent, the ECMA host, and the application. To perform this end-to-end test, select **Test connection** in the application in the Azure portal. When the test connection fails, try the following troubleshooting steps:
+After you configure the provisioning agent and ECMA host, it's time to test connectivity from the Azure Active Directory (Azure AD) provisioning service to the provisioning agent, the ECMA host, and the application. To perform this end-to-end test, select **Test connection** in the application in the Azure portal. Be sure to wait 10 to 20 minutes after assigning an initial agent or changing the agent before testing the connection. If after this time the test connection fails, try the following troubleshooting steps:
 
  1. Check that the agent and ECMA host are running:
      1. On the server with the agent installed, open **Services** by going to **Start** > **Run** > **Services.msc**.
@@ -31,7 +31,8 @@ After you configure the provisioning agent and ECMA host, it's time to test conn
  6. After you assign an agent, you need to wait 10 to 20 minutes for the registration to complete. The connectivity test won't work until the registration completes.
  7. Ensure that you're using a valid certificate. Go to the **Settings** tab of the ECMA host to generate a new certificate.
  8. Restart the provisioning agent by going to the taskbar on your VM by searching for the Microsoft Azure AD Connect provisioning agent. Right-click **Stop**, and then select **Start**.
- 9. When you provide the tenant URL in the Azure portal, ensure that it follows the following pattern. You can replace `localhost` with your host name, but it isn't required. Replace `connectorName` with the name of the connector you specified in the ECMA host. The error message 'invalid resource' generally indicates that the URL does not follow the expected format.
+ 1. If you continue to see `The ECMA host is currently importing data from the target application` even after restarting the ECMA Connector Host and the provisioning agent, and waiting for the initial import to complete, then you may need to cancel and re-start configuring provisioning to the application in the Azure portal.
+ 1. When you provide the tenant URL in the Azure portal, ensure that it follows the following pattern. You can replace `localhost` with your host name, but it isn't required. Replace `connectorName` with the name of the connector you specified in the ECMA host. The error message 'invalid resource' generally indicates that the URL does not follow the expected format.
 
     ```
     https://localhost:8585/ecma2host_connectorName/scim
@@ -142,7 +143,7 @@ After the ECMA Connector Host schema mapping has been configured, start the serv
 | Error      | Resolution |
 | ----------- | ----------- |
 | Could not load file or assembly 'file:///C:\Program Files\Microsoft ECMA2Host\Service\ECMA\Cache\8b514472-c18a-4641-9a44-732c296534e8\Microsoft.IAM.Connector.GenericSql.dll' or one of its dependencies. Access is denied.      | Ensure that the network service account has 'full control' permissions over the cache folder. |
-| Invalid LDAP style of object's DN. DN: [email protected]"   | Ensure the 'DN is Anchor' checkbox is not checked in the 'connectivity' page of the ECMA host. Ensure the 'autogenerated' checkbox is selected in the 'object types' page of the ECMA host.  See [About anchor attributes and distinguished names](on-premises-application-provisioning-architecture.md#about-anchor-attributes-and-distinguished-names) for more information.|
+| Invalid LDAP style of object's DN. DN: [email protected]" or `Target Site: ValidByLdapStyle`  | Ensure the 'DN is Anchor' checkbox is not checked in the 'connectivity' page of the ECMA host. Ensure the 'autogenerated' checkbox is selected in the 'object types' page of the ECMA host.  See [About anchor attributes and distinguished names](on-premises-application-provisioning-architecture.md#about-anchor-attributes-and-distinguished-names) for more information.|
 
 ## Understand incoming SCIM requests
 
@@ -232,7 +233,7 @@ By using Azure AD, you can monitor the provisioning service in the cloud and col
   ```
 
 ### I am getting an Invalid LDAP style DN error when trying to configure the ECMA Connector Host with SQL
-By default, the genericSQL connector expects the DN to be populated using the LDAP style (when the 'DN is anchor' attribute is left unchecked in the first connectivity page). In the error message above, you can see that the DN is a UPN, rather than an LDAP style DN that the connector expects. 
+By default, the generic SQL connector expects the DN to be populated using the LDAP style (when the 'DN is anchor' attribute is left unchecked in the first connectivity page). In the error message `Invalid LDAP style DN` or `Target Site: ValidByLdapStyle`, you may see that the DN field contains a user principal name (UPN), rather than an LDAP style DN that the connector expects.
 
 To resolve this, ensure that **Autogenerated** is selected on the object types page when you configure the connector.
 

articles/active-directory/authentication/concept-authentication-phone-options.md

@@ -52,7 +52,7 @@ With phone call verification during SSPR or Azure AD Multi-Factor Authentication
 
 ## Office phone verification
 
-With phone call verification during SSPR or Azure AD Multi-Factor Authentication, an automated voice call is made to the phone number registered by the user. To complete the sign-in process, the user is prompted to press # on their keypad. 
+With office phone call verification during SSPR or Azure AD Multi-Factor Authentication, an automated voice call is made to the phone number registered by the user. To complete the sign-in process, the user is prompted to press # on their keypad. 
 
 ## Troubleshooting phone options
 

articles/active-directory/authentication/overview-authentication.md

@@ -99,7 +99,7 @@ Persistent session tokens are stored as persistent cookies on the web browser's
 | ESTSAUTHPERSISTENT | Common | Contains user's session information to facilitate SSO. Persistent. |
 | ESTSAUTHLIGHT | Common  | Contains Session GUID Information. Lite session state cookie used exclusively by client-side JavaScript in order to facilitate OIDC sign-out. Security feature. |
 | SignInStateCookie | Common | Contains list of services accessed to facilitate sign-out. No user information. Security feature. |
-| CCState | Common | Contains session information state to be used between Azure AD and the [Azure AD Backup Authentication Service](/azure/active-directory/conditional-access/resilience-defaults). |
+| CCState | Common | Contains session information state to be used between Azure AD and the [Azure AD Backup Authentication Service](../conditional-access/resilience-defaults.md). |
 | buid | Common | Tracks browser related information. Used for service telemetry and protection mechanisms. |
 | fpc | Common | Tracks browser related information. Used for tracking requests and throttling. |
 | esctx | Common | Session context cookie information. For CSRF protection. Binds a request to a specific browser instance so the request can't be replayed outside the browser. No user information. |
@@ -116,15 +116,15 @@ Persistent session tokens are stored as persistent cookies on the web browser's
 | wlidperf | Common | Client-side cookie (set by JavaScript) that tracks local time for performance purposes. |
 | x-ms-gateway-slice | Common | Azure AD Gateway cookie used for tracking and load balance purposes. |
 | stsservicecookie | Common | Azure AD Gateway cookie also used for tracking purposes. |
-| x-ms-refreshtokencredential | Specific | Available when [Primary Refresh Token (PRT)](/azure/active-directory/devices/concept-primary-refresh-token) is in use. |
+| x-ms-refreshtokencredential | Specific | Available when [Primary Refresh Token (PRT)](../devices/concept-primary-refresh-token.md) is in use. |
 | estsStateTransient | Specific | Applicable to new session information model only. Transient. | 
 | estsStatePersistent | Specific | Same as estsStateTransient, but persistent. |
 | ESTSNCLOGIN | Specific | National Cloud Login related Cookie. | 
 | UsGovTraffic | Specific | US Gov Cloud Traffic Cookie. | 
 | ESTSWCTXFLOWTOKEN | Specific | Saves flowToken information when redirecting to ADFS. |
-| CcsNtv | Specific | To control when Azure AD Gateway will send requests to [Azure AD Backup Authentication Service](/azure/active-directory/conditional-access/resilience-defaults). Native flows. | 
-| CcsWeb | Specific | To control when Azure AD Gateway will send requests to [Azure AD Backup Authentication Service](/azure/active-directory/conditional-access/resilience-defaults). Web flows. | 
-| Ccs* | Specific | Cookies with prefix Ccs*, have the same purpose as the ones without prefix, but only apply when [Azure AD Backup Authentication Service](/azure/active-directory/conditional-access/resilience-defaults) is in use. | 
+| CcsNtv | Specific | To control when Azure AD Gateway will send requests to [Azure AD Backup Authentication Service](../conditional-access/resilience-defaults.md). Native flows. | 
+| CcsWeb | Specific | To control when Azure AD Gateway will send requests to [Azure AD Backup Authentication Service](../conditional-access/resilience-defaults.md). Web flows. | 
+| Ccs* | Specific | Cookies with prefix Ccs*, have the same purpose as the ones without prefix, but only apply when [Azure AD Backup Authentication Service](../conditional-access/resilience-defaults.md) is in use. | 
 | threxp | Specific | Used for throttling control. | 
 | rrc | Specific | Cookie used to identify a recent B2B invitation redemption. | 
 | debug | Specific | Cookie used to track if user's browser session is enabled for DebugMode. |
@@ -147,4 +147,4 @@ To learn more about multi-factor authentication concepts, see [How Azure AD Mult
 [tutorial-sspr]: tutorial-enable-sspr.md
 [tutorial-azure-mfa]: tutorial-enable-azure-mfa.md
 [concept-sspr]: concept-sspr-howitworks.md
-[concept-mfa]: concept-mfa-howitworks.md
+[concept-mfa]: concept-mfa-howitworks.md

articles/active-directory/conditional-access/concept-conditional-access-grant.md

@@ -144,6 +144,7 @@ Applications must have the Intune SDK with policy assurance implemented and must
 
 The following client apps are confirmed to support this setting, this list isn't exhaustive and is subject to change:
 
+- iAnnotate for Office 365
 - Microsoft Cortana
 - Microsoft Edge
 - Microsoft Excel
@@ -158,9 +159,11 @@ The following client apps are confirmed to support this setting, this list isn't
 - Microsoft PowerApps
 - Microsoft PowerPoint
 - Microsoft SharePoint
+- Microsoft Stream Mobile Native 2.0
 - Microsoft Teams
 - Microsoft To Do
 - Microsoft Word
+- Microsoft Whiteboard Services
 - Microsoft Field Service (Dynamics 365)
 - MultiLine for Intune
 - Nine Mail - Email and Calendar