Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into alerts-metric-create-templates

Author: paulth1

.openpublishing.publish.config.json

@@ -287,19 +287,19 @@
     {
       "path_to_root": "azure-search-javascript-samples",
       "url": "https://github.com/Azure-Samples/azure-search-javascript-samples",
-      "branch": "master",
+      "branch": "main",
       "branch_mapping": {}
     },
     {
       "path_to_root": "azure-search-dotnet-samples",
       "url": "https://github.com/Azure-Samples/azure-search-dotnet-samples",
-      "branch": "master",
+      "branch": "main",
       "branch_mapping": {}
     },
     {
       "path_to_root": "azure-search-python-samples",
       "url": "https://github.com/Azure-Samples/azure-search-python-samples",
-      "branch": "master",
+      "branch": "main",
       "branch_mapping": {}
     },
     {
@@ -374,12 +374,6 @@
       "branch": "master",
       "branch_mapping": {}
     },
-    {
-      "path_to_root": "media-services-v3-dotnet-quickstarts",
-      "url": "https://github.com/Azure-Samples/media-services-v3-dotnet-quickstarts",
-      "branch": "master",
-      "branch_mapping": {}
-    },
     {
       "path_to_root": "media-services-v3-dotnet-tutorials",
       "url": "https://github.com/Azure-Samples/media-services-v3-dotnet-tutorials",

.openpublishing.redirection.json

@@ -5,6 +5,11 @@
     "redirect_url":  "/azure/availability-zones/migrate-api-mgt",
     "redirect_document_id":  false
 },
+{
+    "source_path":  "articles/api-management/breaking-changes/rp-source-ip-address-change-mar2023.md",
+    "redirect_url":  "/azure/api-management/breaking-changes/rp-source-ip-address-change-mar-2023",
+    "redirect_document_id":  false
+},
 {
     "source_path":  "articles/api-management/developer-portal-implement-widgets.md",
     "redirect_url":  "/azure/api-management/developer-portal-extend-custom-functionality",
@@ -34262,6 +34267,11 @@
   "source_path_from_root": "/articles/virtual-machines/linux/copy-files-to-linux-vm-using-scp.md",
   "redirect_url": "/azure/virtual-machines/copy-files-to-vm-using-scp",
   "redirect_document_id": false
+},
+{
+  "source_path_from_root": "/articles/web-application-firewall/afds/waf-front-door-rate-limit-powershell.md",
+  "redirect_url": "/azure/web-application-firewall/afds/waf-front-door-rate-limit-configure",
+  "redirect_document_id": true
 }
 	]
 }

articles/active-directory-domain-services/faqs.yml

@@ -164,6 +164,11 @@ sections:
           How are Windows Updates applied in Azure AD Domain Services?
         answer: |
           Domain controllers in a managed domain automatically apply required Windows updates. There's nothing for you to configure or administer here. Make sure you don't create network security group rules that block outbound traffic to Windows Updates. For your own VMs joined to the managed domain, you are responsible for configuring and applying any required OS and application updates.
+          
+      - question: |
+          Why do my domain controllers change names?
+        answer: |
+          It is possible that during the maintenance of domain controllers there is a change in their names. To avoid problems with this type of change, it is recommended to not use the names of the domain controllers hardcoded in applications and/or other domain resources, but the FQDN of the domain. This way, no matter what the names of the domain controllers are, you won't need to reconfigure anything after a name change.
 
   - name: Billing and availability
     questions:

articles/active-directory/authentication/TOC.yml

@@ -11,7 +11,7 @@
     href: tutorial-enable-sspr.md
   - name: Enable Azure AD Multi-Factor Authentication
     href: tutorial-enable-azure-mfa.md
-  - name: Enable cloud sync password writeback (preview)
+  - name: Enable cloud sync password writeback
     href: tutorial-enable-cloud-sync-sspr-writeback.md
   - name: Enable password writeback to on-premises
     href: tutorial-enable-sspr-writeback.md

articles/active-directory/authentication/active-directory-certificate-based-authentication-get-started.md

@@ -14,7 +14,7 @@ manager: amycolannino
 ms.reviewer: annaba
 
 ms.collection: M365-identity-device-management
-ms.custom: has-adal-ref
+
 ---
 # Get started with certificate-based authentication in Azure Active Directory with federation
 
@@ -37,7 +37,7 @@ This topic:
 
 To configure CBA with federation, the following statements must be true:
 
-- CBA with federation is only supported for Federated environments for browser applications, native clients using modern authentication (ADAL), or MSAL libraries. The one exception is Exchange Active Sync (EAS) for Exchange Online (EXO), which can be used for federated and managed accounts. To configure Azure AD CBA without needing federation, see [How to configure Azure AD certificate-based authentication](how-to-certificate-based-authentication.md).
+- CBA with federation is only supported for Federated environments for browser applications, native clients using modern authentication, or MSAL libraries. The one exception is Exchange Active Sync (EAS) for Exchange Online (EXO), which can be used for federated and managed accounts. To configure Azure AD CBA without needing federation, see [How to configure Azure AD certificate-based authentication](how-to-certificate-based-authentication.md).
 - The root certificate authority and any intermediate certificate authorities must be configured in Azure Active Directory.
 - Each certificate authority must have a certificate revocation list (CRL) that can be referenced via an internet-facing URL.
 - You must have at least one certificate authority configured in Azure Active Directory. You can find related steps in the [Configure the certificate authorities](#step-2-configure-the-certificate-authorities) section.

articles/active-directory/authentication/concept-authentication-methods.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 08/17/2022
+ms.date: 09/17/2022
 
 ms.author: justinha
 author: justinha
@@ -21,7 +21,7 @@ ms.custom: contperf-fy20q4
 
 Microsoft recommends passwordless authentication methods such as Windows Hello, FIDO2 security keys, and the Microsoft Authenticator app because they provide the most secure sign-in experience. Although a user can sign-in using other common methods such as a username and password, passwords should be replaced with more secure authentication methods.
 
-![Table of the strengths and preferred authentication methods in Azure AD](media/concept-authentication-methods/authentication-methods.png)
+:::image type="content" border="true" source="media/concept-authentication-methods/authentication-methods.png" alt-text="Illustration of the strengths and preferred authentication methods in Azure AD." :::
 
 Azure AD Multi-Factor Authentication (MFA) adds additional security over only using a password when a user signs in. The user can be prompted for additional forms of authentication, such as to respond to a push notification, enter a code from a software or hardware token, or respond to an SMS or phone call.
 
@@ -40,6 +40,7 @@ The following table outlines the security considerations for the available authe
 | Windows Hello for Business     | High     | High      | High         |
 | Microsoft Authenticator app    | High     | High      | High         |
 | FIDO2 security key             | High     | High      | High         |
+| Certificate-based authentication (preview)| High | High | High       |
 | OATH hardware tokens (preview) | Medium   | Medium    | High         |
 | OATH software tokens           | Medium   | Medium    | High         |
 | SMS                            | Medium   | High      | Medium       |
@@ -65,13 +66,14 @@ The following table outlines when an authentication method can be used during a
 | Windows Hello for Business     | Yes                    | MFA\*                      |
 | Microsoft Authenticator app    | Yes                    | MFA and SSPR              |
 | FIDO2 security key             | Yes                    | MFA                       |
+| Certificate-based authentication (preview) | Yes        | No              |
 | OATH hardware tokens (preview) | No                     | MFA and SSPR              |
 | OATH software tokens           | No                     | MFA and SSPR              |
 | SMS                            | Yes                    | MFA and SSPR              |
 | Voice call                     | No                     | MFA and SSPR              |
 | Password                       | Yes                    |                           |
 
-> \* Windows Hello for Business, by itself, does not serve as a step-up MFA credential. For example, an MFA Challenge from Sign-in Frequency or SAML Request containing forceAuthn=true. Windows Hello for Business can serve as a step-up MFA credential by being used in FIDO2 authentication. This requires users to be enabled for FIDO2 authentication to work sucessfully.
+> \* Windows Hello for Business, by itself, does not serve as a step-up MFA credential. For example, an MFA Challenge from Sign-in Frequency or SAML Request containing forceAuthn=true. Windows Hello for Business can serve as a step-up MFA credential by being used in FIDO2 authentication. This requires users to be enabled for FIDO2 authentication to work successfully.
 
 All of these authentication methods can be configured in the Azure portal, and increasingly using the [Microsoft Graph REST API](/graph/api/resources/authenticationmethods-overview).
 
@@ -80,6 +82,7 @@ To learn more about how each authentication method works, see the following sepa
 * [Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-overview)
 * [Microsoft Authenticator app](concept-authentication-authenticator-app.md)
 * [FIDO2 security key](concept-authentication-passwordless.md#fido2-security-keys)
+* [Certificate-based authentication](concept-certificate-based-authentication.md)
 * [OATH hardware tokens (preview)](concept-authentication-oath-tokens.md#oath-hardware-tokens-preview)
 * [OATH software tokens](concept-authentication-oath-tokens.md#oath-software-tokens)
 * [SMS sign-in](howto-authentication-sms-signin.md) and [verification](concept-authentication-phone-options.md#mobile-phone-verification)

articles/active-directory/authentication/concept-fido2-hardware-vendor.md

@@ -5,8 +5,8 @@ ms.date: 08/02/2021
 services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
-author: knicholasa
-ms.author: nichola
+author: martincoetzer
+ms.author: martinco
 ms.topic: conceptual
 ms.collection: M365-identity-device-management
 ---