Merge branch 'master' into kryalama/troubledocs

Author: kryalama

.acrolinx-config.edn

@@ -1,2 +1,2 @@
-{:allowed-branchname-matches ["master" "release-.*"]
+{:allowed-branchname-matches ["main" "master" "release-.*"]
  :allowed-filename-matches ["(?i)articles/(?:(?!active-directory/saas-apps/toc.yml))" "includes/"]}

.openpublishing.redirection.active-directory.json

@@ -7167,14 +7167,24 @@
         },
         {
             "source_path_from_root": "/articles/active-directory/users-groups-roles/roles-admin-units-add-manage-groups.md",
-            "redirect_url": "/azure/active-directory/roles/admin-units-add-manage-groups",
-            "redirect_document_id": true
+            "redirect_url": "/azure/active-directory/roles/admin-units-members-add",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/roles/admin-units-add-manage-groups.md",
+            "redirect_url": "/azure/active-directory/roles/admin-units-members-add",
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/active-directory/users-groups-roles/roles-admin-units-add-manage-users.md",
-            "redirect_url": "/azure/active-directory/roles/admin-units-add-manage-users",
+            "redirect_url": "/azure/active-directory/roles/admin-units-members-add",
             "redirect_document_id": true
         },
+        {
+            "source_path_from_root": "/articles/active-directory/roles/admin-units-add-manage-users.md",
+            "redirect_url": "/azure/active-directory/roles/admin-units-members-add",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/active-directory/users-groups-roles/roles-admin-units-assign-roles.md",
             "redirect_url": "/azure/active-directory/roles/admin-units-assign-roles",

.openpublishing.redirection.defender-for-iot.json

@@ -1,5 +1,10 @@
 {
     "redirections": [
+        {
+            "source_path_from_root": "/articles/defender-for-iot/organizations/how-to-configure-with-sentinel.md",
+            "redirect_url": "/azure/sentinel/iot-solution",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/defender-for-iot/device-builders/quickstart-building-the-defender-micro-agent-from-source.md",
             "redirect_url": "/azure/defender-for-iot/device-builders/overview",
@@ -539,6 +544,16 @@
             "source_path_from_root": "/articles/defender-for-iot/troubleshoot-defender-micro-agent.md",
             "redirect_url": "/azure/defender-for-iot/device-builders/troubleshoot-defender-micro-agent",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/defender-for-iot/device-builders/concept-security-posture.md",
+            "redirect_url": "/azure/defender-for-iot/device-builders/overview",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/defender-for-iot/device-builders/architecture-agent-based.md",
+            "redirect_url": "/azure/defender-for-iot/device-builders/overview",
+            "redirect_document_id": false
         }
     ]
 }

.openpublishing.redirection.json

@@ -2393,6 +2393,16 @@
       "redirect_url": "/azure/aks/windows-faq",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/aks/kubernetes-dashboard.md",
+      "redirect_url": "/azure/aks/kubernetes-portal",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/aks/egress.md",
+      "redirect_url": "/azure/aks/load-balancer-standard",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/analysis-services/analysis-services-create-model-portal.md",
       "redirect_url": "/azure/analysis-services/analysis-services-overview",
@@ -44498,6 +44508,11 @@
       "redirect_url": "/azure/communication-services/concepts/telephony/port-phone-number",
       "redirect_document_id": false
     },
+      {
+        "source_path_from_root": "/articles/communication-services/quickstarts/voice-video-calling/pstn-call.md",
+        "redirect_url": "/azure/communication-services/quickstarts/telephony/pstn-call",
+        "redirect_document_id": false
+      },
     {
       "source_path_from_root": "/articles/communication-services/concepts/telephony-sms/concepts.md",
       "redirect_url": "/azure/communication-services/concepts/sms/concepts",

articles/active-directory-b2c/service-limits.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 12/09/2021
+ms.date: 12/21/2021
 ms.author: mimart
 ms.subservice: B2C
 zone_pivot_groups: b2c-policy-type
@@ -38,13 +38,13 @@ The frequency of requests made to Azure AD B2C endpoints determine the overall t
 
 |Endpoint                 |Endpoint type     |Requests consumed |
 |-----------------------------|---------|------------------|
-|/oauth2/v2.0/authorize       |Dynamic  |Varies<sup>1</sup>|
+|/oauth2/v2.0/authorize       |Dynamic  |Varies <sup>1</sup>|
 |/oauth2/v2.0/token           |Static   |1                 |
 |/openid/v2.0/userinfo        |Static   |1                 |
 |/.well-known/openid-config   |Static   |1                 |
 |/discovery/v2.0/keys         |Static   |1                 |
 |/oauth2/v2.0/logout          |Static   |1                 |
-|/samlp/sso/login             |Dynamic  |Varies<sup>1</sup>|
+|/samlp/sso/login             |Dynamic  |Varies <sup>1</sup>|
 |/samlp/sso/logout            |Static   |1                 |
 
 ::: zone pivot="b2c-user-flow"
@@ -97,11 +97,13 @@ The token issuance rate of a Custom Policy is dependent on the number of request
 |Starter Pack |Scenario |User journey ID |Requests consumed|
 |---------|---------|---------|---------|
 |LocalAccounts| Sign-in| SignUpOrSignIn |2|
+|LocalAccounts SocialAndLocalAccounts | Sign-up| SignUpOrSignIn |6|
 |LocalAccounts|Profile edit| ProfileEdit |2|
-|LocalAccounts SocialAndLocalAccounts| PasswordReset| Password reset| 6|
+|LocalAccounts SocialAndLocalAccounts SocialAndLocalAccountsWithMfa| Password reset| PasswordReset| 6|
 |SocialAndLocalAccounts| Federated account sign-in|SignUpOrSignIn| 4|
 |SocialAndLocalAccounts| Federated account sign-up|SignUpOrSignIn| 6|
 |SocialAndLocalAccountsWithMfa| Local account sign-in with MFA|SignUpOrSignIn |6|
+|SocialAndLocalAccountsWithMfa| Local account sign-up with MFA|SignUpOrSignIn |10|
 |SocialAndLocalAccountsWithMfa| Federated account sign-in with MFA|SignUpOrSignIn| 8|
 |SocialAndLocalAccountsWithMfa| Federated account sign-up with MFA|SignUpOrSignIn |10|
 
@@ -115,9 +117,9 @@ To obtain the token issuance rate per second for a particular user journey:
 Tokens/sec = 200/requests-consumed
 ```
 
-## Calculate the token issuance capability of your Custom Policy
+## Calculate the token issuance rate of your Custom Policy
 
-When you create your own Custom Policy, the number of requests consumed at the dynamic endpoint depends on which features a user traverses through. The below table shows how many requests are consumed for each feature in your Custom Policy.
+You can craete your own Custom Policy to provide a unique authentication experience for your application. The number of requests consumed at the dynamic endpoint depends on which features a user traverses through your Custom Policy. The below table shows how many requests are consumed for each feature in a Custom Policy.
 
 |Feature                                          |Requests consumed|
 |-------------------------------------------------|-----------------|

articles/active-directory/app-provisioning/index.yml

@@ -22,6 +22,8 @@ landingContent:
         links:
           - text: What is application provisioning?
             url: user-provisioning.md
+          - text: What is HR-driven provisioning?
+            url: what-is-hr-driven-provisioning.md  
           - text: How provisioning works
             url: how-provisioning-works.md
       - linkListType: tutorial

articles/active-directory/app-provisioning/known-issues.md

@@ -91,6 +91,10 @@ When a group is in scope and a member is out of scope, the group will be provisi
 
 If a user and their manager are both in scope for provisioning, the service provisions the user and then updates the manager. If on day one the user is in scope and the manager is out of scope, we'll provision the user without the manager reference. When the manager comes into scope, the manager reference won't be updated until you restart provisioning and cause the service to reevaluate all the users again. 
 
+#### Global reader
+
+The global reader role is unable to read the provisioning configuration. Please create a custom role with the `microsoft.directory/applications/synchronization/standard/read` permission in order to read the provisioning configuration from the Azure Portal. 
+
 ## On-premises application provisioning
 The following information is a current list of known limitations with the Azure AD ECMA Connector Host and on-premises application provisioning.
 

articles/active-directory/app-proxy/application-proxy-faq.yml

@@ -9,7 +9,7 @@ metadata:
   ms.subservice: app-proxy
   ms.workload: identity
   ms.topic: reference
-  ms.date: 04/27/2021
+  ms.date: 12/17/2021
   ms.author: kenwith
   ms.reviewer: ashishj
 
@@ -270,11 +270,14 @@ sections:
   - name: WebSocket
     questions:
       - question: |
-         Does WebSocket support work for applications other than QlikSense and Remote Desktop Web Client (HTML5)?
+         Does Azure AD Application Proxy support the WebSocket protocol?
         answer: |
-              Currently, WebSocket protocol support is still in public preview and it may not work for other applications. Some customers have had mixed success using WebSocket protocol with other applications.
-          
-              Features (Eventlogs, PowerShell and Remote Desktop Services) in Windows Admin Center (WAC) do not work through Azure AD Application Proxy presently.
+              Applications that use the WebSocket protocol, for example QlikSense and Remote Desktop Web Client (HTML5), are now supported. The following are known limitations:
+              * Application proxy discards the cookie that is set on the server response while opening the WebSocket connection.
+              * There is no SSO applied to the WebSocket request.
+              * Features (Eventlogs, PowerShell and Remote Desktop Services) in the Windows Admin Center (WAC) do not work through Azure AD Application Proxy.
+              
+              The WebSocket application doesn't have any unique publishing requirements, and can be [published](application-proxy-add-on-premises-application.md) the same way as all your other Application Proxy applications. 
           
   - name: Link translation
     questions:

articles/active-directory/authentication/howto-mfa-nps-extension-errors.md

@@ -14,7 +14,7 @@ manager: daveba
 ms.reviewer: michmcla
 
 ms.collection: M365-identity-device-management
-ms.custom: has-adal-ref
+ms.custom: 
 ---
 # Resolve error messages from the NPS extension for Azure AD Multi-Factor Authentication
 
@@ -26,7 +26,7 @@ If you encounter errors with the NPS extension for Azure AD Multi-Factor Authent
 | ---------- | --------------------- |
 | **CONTACT_SUPPORT** | [Contact support](#contact-microsoft-support), and mention the list of steps for collecting logs. Provide as much information as you can about what happened before the error, including tenant ID, and user principal name (UPN). |
 | **CLIENT_CERT_INSTALL_ERROR** | There may be an issue with how the client certificate was installed or associated with your tenant. Follow the instructions in [Troubleshooting the MFA NPS extension](howto-mfa-nps-extension.md#troubleshooting) to investigate client cert problems. |
-| **ESTS_TOKEN_ERROR** | Follow the instructions in [Troubleshooting the MFA NPS extension](howto-mfa-nps-extension.md#troubleshooting) to investigate client cert and ADAL token problems. |
+| **ESTS_TOKEN_ERROR** | Follow the instructions in [Troubleshooting the MFA NPS extension](howto-mfa-nps-extension.md#troubleshooting) to investigate client cert and security token problems. |
 | **HTTPS_COMMUNICATION_ERROR** | The NPS server is unable to receive responses from Azure AD MFA. Verify that your firewalls are open bidirectionally for traffic to and from https://adnotifications.windowsazure.com |
 | **HTTP_CONNECT_ERROR** | On the server that runs the NPS extension, verify that you can reach  `https://adnotifications.windowsazure.com` and `https://login.microsoftonline.com/`. If those sites don't load, troubleshoot connectivity on that server. |
 | **NPS Extension for Azure AD MFA:** <br> NPS Extension for Azure AD MFA only performs Secondary Auth for Radius requests in AccessAccept State. Request received for User username with response state AccessReject, ignoring request. | This error usually reflects an authentication failure in AD or that the NPS server is unable to receive responses from Azure AD. Verify that your firewalls are open bidirectionally for traffic to and from `https://adnotifications.windowsazure.com` and `https://login.microsoftonline.com` using ports 80 and 443. It is also important to check that on the DIAL-IN tab of Network Access Permissions, the setting is set to "control access through NPS Network Policy". This error can also trigger if the user is not assigned a license. |
@@ -129,4 +129,4 @@ To collect debug logs for support diagnostics, use the following steps on the NP
    ```
 
 5. Open Registry Editor and browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureMfa set **VERBOSE_LOG** to **FALSE**
-6. Zip the contents of the C:\NPS folder and attach the zipped file to the support case.
+6. Zip the contents of the C:\NPS folder and attach the zipped file to the support case.

articles/active-directory/authentication/howto-mfa-nps-extension.md

@@ -14,7 +14,7 @@ manager: daveba
 ms.reviewer: michmcla
 
 ms.collection: M365-identity-device-management
-ms.custom: has-adal-ref
+ms.custom: 
 ---
 # Integrate your existing Network Policy Server (NPS) infrastructure with Azure AD Multi-Factor Authentication
 
@@ -361,7 +361,7 @@ After you run this command, go to the root of your *C:* drive, locate the file,
 
 Check that your password hasn't expired. The NPS extension doesn't support changing passwords as part of the sign-in workflow. Contact your organization's IT Staff for further assistance.
 
-### Why are my requests failing with ADAL token error?
+### Why are my requests failing with security token error?
 
 This error could be due to one of several reasons. Use the following steps to troubleshoot: