Merge branch 'main' of https://github.com/amsliu/azure-docs-pr into pim-powershell-updates

Author: amsliu

.openpublishing.redirection.azure-monitor.json

@@ -45,6 +45,26 @@
             "redirect_url": "/azure/azure-monitor/app/app-insights-overview",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/azure-monitor/app/tutorial-runtime-exceptions.md",
+            "redirect_url": "/previous-versions/azure/azure-monitor/app/tutorial-runtime-exceptions",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/app/tutorial-performance.md",
+            "redirect_url": "/previous-versions/azure/azure-monitor/app/tutorial-performance",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/app/tutorial-users.md",
+            "redirect_url": "/previous-versions/azure/azure-monitor/app/tutorial-users",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/app/custom-data-correlation.md",
+            "redirect_url": "/previous-versions/azure/azure-monitor/app/custom-data-correlation",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/azure-monitor/app/correlation.md",
             "redirect_url": "/previous-versions/azure/azure-monitor/app/distributed-tracing-telemetry-correlation",

articles/active-directory-b2c/media/azure-ad-b2c-global-identity-regional-design/traveling-user-sign-in.png

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 04/11/2023
+ms.date: 04/13/2023
 ms.author: kenwith
 ms.reviewer: arvinh
 ---
@@ -57,7 +57,7 @@ This article uses the following terms:
 
 * Target system - The repository of users that the Azure AD provisions to. The Target system is typically a SaaS application such as ServiceNow, Zscaler, and Slack. The target system can also be an on-premises system such as AD.
 
-* [System for Cross-domain Identity Management (SCIM)](https://aka.ms/scimoverview) -  An open standard that allows for the automation of user provisioning. SCIM communicates user identity data between identity providers such as Microsoft, and service providers like Salesforce or other SaaS apps that require user identity information.
+* [System for Cross-domain Identity Management (SCIM)](https://aka.ms/scimoverview) -  An open standard that allows for the automation of user provisioning. SCIM communicates user identity data between identity providers and service providers. Microsoft is an example of an identity provider. Salesforce is an example of a service provider. Service providers require user identity information and an identity provider fulfills that need. SCIM is the mechanism the identity provider and service provider use to send information back and forth.
 
 ### Training resources
 
@@ -128,7 +128,7 @@ When technology projects fail, it's typically because of mismatched expectations
 
 ### Plan communications
 
-Communication is critical to the success of any new service. Proactively communicate with your users how their experience will change, when it will change, and how to gain support if they experience issues.
+Communication is critical to the success of any new service. Proactively communicate to your users about their experience, how the experience is changing, when to expect any change, and how to gain support if they experience issues.
 
 ### Plan a pilot
 
@@ -140,7 +140,7 @@ A pilot allows you to test with a small group before deploying a capability for
 
 In your first wave, target IT, usability, and other appropriate users who can test and provide feedback. Use this feedback to further develop the communications and instructions you send to your users, and to give insights into the types of issues your support staff may see.
 
-Widen the rollout to larger groups of users by increasing the scope of the group(s) targeted. This can be done through [dynamic group membership](../enterprise-users/groups-dynamic-membership.md), or by manually adding users to the targeted group(s).
+Widen the rollout to larger groups of users by increasing the scope of the group(s) targeted. Increasing the scope of the group(s) is done through [dynamic group membership](../enterprise-users/groups-dynamic-membership.md), or by manually adding users to the targeted group(s).
 
 ## Plan application connections and administration
 
@@ -150,11 +150,11 @@ Use the Azure portal to view and manage all the applications that support provis
 
 The actual steps required to enable and configure automatic provisioning vary depending on the application. If the application you wish to automatically provision is listed in the [Azure AD SaaS app gallery](../saas-apps/tutorial-list.md), then you should select the [app-specific integration tutorial](../saas-apps/tutorial-list.md) to configure its pre-integrated user provisioning connector.
 
-If not, follow the steps below:
+If not, follow the steps:
 
-1. [Create a request](../manage-apps/v2-howto-app-gallery-listing.md) for a pre-integrated user provisioning connector. Our team will work with you and the application developer to onboard your application to our platform if it supports SCIM.
+1. [Create a request](../manage-apps/v2-howto-app-gallery-listing.md) for a pre-integrated user provisioning connector. Our team works with you and the application developer to onboard your application to our platform if it supports SCIM.
 
-1. Use the [BYOA SCIM](../app-provisioning/use-scim-to-provision-users-and-groups.md) generic user provisioning support for the app. This is a requirement for Azure AD to provision users to the app without a pre-integrated provisioning connector.
+1. Use the [BYOA SCIM](../app-provisioning/use-scim-to-provision-users-and-groups.md) generic user provisioning support for the app. Using SCIM is a requirement for Azure AD to provision users to the app without a pre-integrated provisioning connector.
 
 1. If the application is able to utilize the BYOA SCIM connector, then refer to [BYOA SCIM integration tutorial](../app-provisioning/use-scim-to-provision-users-and-groups.md) to configure the BYOA SCIM connector for the application.
 
@@ -164,7 +164,7 @@ For more information, see [What applications and systems can I use with Azure AD
 
 Setting up automatic user provisioning is a per-application process. For each application, you need to provide [administrator credentials](../app-provisioning/configure-automatic-user-provisioning-portal.md) to connect to the target system’s user management endpoint.
 
-The image below shows one version of the required admin credentials:
+The image shows one version of the required admin credentials:
 
 ![Provisioning screen to manage user account provisioning settings](./media/plan-auto-user-provisioning/userprovisioning-admincredentials.png)
 
@@ -194,13 +194,13 @@ Before implementing automatic user provisioning, you must determine the users an
 
 * Use [scoping filters](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md) to define attribute-based rules that determine which users are provisioned to an application.
 
-* Next, use [user and group assignments](../manage-apps/assign-user-or-group-access-portal.md) as needed for additional filtering.
+* Next, use [user and group assignments](../manage-apps/assign-user-or-group-access-portal.md) as needed for more filtering.
 
 ### Define user and group attribute mapping
 
 To implement automatic user provisioning, you need to define the user and group attributes that are needed for the application. There's a pre-configured set of attributes and [attribute-mappings](../app-provisioning/configure-automatic-user-provisioning-portal.md) between Azure AD user objects, and each SaaS application’s user objects. Not all SaaS apps enable group attributes.
 
-Azure AD supports by direct attribute-to-attribute mapping, providing constant values, or [writing expressions for attribute mappings](../app-provisioning/functions-for-customizing-application-data.md). This flexibility gives you fine control of what will be populated in the targeted system's attribute. You can use [Microsoft Graph API](../app-provisioning/export-import-provisioning-configuration.md) and Graph Explorer to export your user provisioning attribute mappings and schema to a JSON file and import it back into Azure AD.
+Azure AD supports by direct attribute-to-attribute mapping, providing constant values, or [writing expressions for attribute mappings](../app-provisioning/functions-for-customizing-application-data.md). This flexibility gives you fine control over what is populated in the targeted system's attribute. You can use [Microsoft Graph API](../app-provisioning/export-import-provisioning-configuration.md) and Graph Explorer to export your user provisioning attribute mappings and schema to a JSON file and import it back into Azure AD.
 
 For more information, see [Customizing User Provisioning Attribute-Mappings for SaaS Applications in Azure Active Directory](../app-provisioning/customize-application-attributes.md).
 
@@ -220,7 +220,7 @@ At each stage of your deployment ensure that you’re testing that results are a
 
 ### Plan testing
 
-Once you have configured automatic user provisioning for the application, you'll run test cases to verify this solution meets your organization’s requirements.
+First, configure automatic user provisioning for the application. Then run test cases to verify the solution meets your organization’s requirements.
 
 | Scenarios| Expected results |
 | - | - |
@@ -235,7 +235,7 @@ It's common for a security review to be required as part of a deployment. If you
 
 ### Plan rollback
 
-If the automatic user provisioning implementation fails to work as desired in the production environment, the following rollback steps below can assist you in reverting to a previous known good state:
+If the automatic user provisioning implementation fails to work as desired in the production environment, the following rollback steps can assist you in reverting to a previous known good state:
 
 1. Review the [provisioning logs](../app-provisioning/check-status-user-account-provisioning.md) to determine what incorrect operations occurred on the affected users and/or groups.
 
@@ -273,7 +273,7 @@ After a successful [initial cycle](../app-provisioning/user-provisioning.md), th
 
 * A new initial cycle is triggered by a change in attribute mappings or scoping filters.
 
-* The provisioning process goes into quarantine due to a high error rate and stays in quarantine for more than four weeks when it will be automatically disabled.
+* The provisioning process goes into quarantine due to a high error rate and stays in quarantine for more than four weeks then it is automatically disabled.
 
 To review these events, and all other activities performed by the provisioning service, refer to Azure AD [provisioning logs](../reports-monitoring/concept-provisioning-logs.md?context=azure/active-directory/manage-apps/context/manage-apps-context).
 

articles/active-directory/app-provisioning/plan-auto-user-provisioning.md

@@ -6,7 +6,7 @@ services: multi-factor-authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 01/29/2023
+ms.date: 04/13/2023
 
 
 ms.author: justinha
@@ -44,7 +44,6 @@ This following tables list Azure AD feature availability in Azure Government.
 || Session lifetime management | ✅ | 
 || Identity Protection (vulnerabilities and risky accounts) | See [Identity protection](#identity-protection) below. | 
 || Identity Protection (risk events investigation, SIEM connectivity) | See [Identity protection](#identity-protection) below. | 
-|| Entra permissions management | ❌ | 
 |**Administration and hybrid identity**|User and group management | ✅ | 
 || Advanced group management (Dynamic groups, naming policies, expiration, default classification) | ✅ | 
 || Directory synchronization—Azure AD Connect (sync and cloud sync) | ✅ | 
@@ -53,7 +52,6 @@ This following tables list Azure AD feature availability in Azure Government.
 || Global password protection and management – cloud-only users | ✅ | 
 || Global password protection and management – custom banned passwords, users synchronized from on-premises Active Directory | ✅ | 
 || Microsoft Identity Manager user client access license (CAL) | ✅ | 
-|| Entra workload identities | ❌ | 
 |**End-user self-service**|Application launch portal (My Apps) | ✅ | 
 || User application collections in My Apps | ✅ |
 || Self-service account management portal (My Account) | ✅ |
@@ -69,7 +67,6 @@ This following tables list Azure AD feature availability in Azure Government.
 || Access certifications and reviews | ✅ |
 || Entitlement management | ✅ |
 || Privileged Identity Management (PIM), just-in-time access |  ✅ |
-|| Entra governance | ❌ |
 |**Event logging and reporting**|Basic security and usage reports | ✅ |
 || Advanced security and usage reports | ✅ |
 || Identity Protection: vulnerabilities and risky accounts | ✅ |

articles/active-directory/authentication/feature-availability.md

@@ -107,9 +107,10 @@ As part of enrolling users to use Microsoft Authenticator as a second factor, we
 Microsoft Identity Manager (MIM) SSPR can use MFA Server to invoke SMS one-time passcodes as part of the password reset flow. 
 MIM can't be configured to use Azure AD Multi-Factor Authentication. 
 We recommend you evaluate moving your SSPR service to Azure AD SSPR.
-
 You can use the opportunity of users registering for Azure AD Multi-Factor Authentication to use the combined registration experience to register for Azure AD SSPR.
 
+If you can't move your SSPR service, or you leverage MFA Server to invoke MFA requests for Privileged Access Management (PAM) scenarios, we recommend you update to an [alternate 3rd party MFA option](https://learn.microsoft.com/microsoft-identity-manager/working-with-custommfaserver-for-mim).
+
 ### RADIUS clients and Azure AD Multi-Factor Authentication
 
 MFA Server supports RADIUS to invoke multifactor authentication for applications and network devices that support the protocol. 

articles/active-directory/authentication/how-to-migrate-mfa-server-to-azure-mfa.md

@@ -0,0 +1,45 @@
+---
+title: "Quickstart: Add sign in to a React SPA"
+description: Learn how to run a sample React SPA to sign in users
+services: active-directory
+author: kengaderdus
+manager: mwongerapk
+ms.author: kengaderdus
+ms.service: active-directory
+ms.workload: identity
+ROBOTS: NOINDEX
+ms.subservice: ciam
+ms.topic: portal
+ms.date: 04/12/2023
+---
+
+# Portal quickstart for React SPA
+
+> [!div renderon="portal" class="sxs-lookup"]
+> In this quickstart, you download and run a code sample that demonstrates how a React single-page application (SPA) can sign in users with Azure AD CIAM.
+>
+> ## Prerequisites
+>
+> * Azure subscription - [Create an Azure subscription for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F)
+> * [Node.js](https://nodejs.org/en/download/)
+> * [Visual Studio Code](https://code.visualstudio.com/download) or another code editor
+>
+> ## Download the code
+>
+> > [!div class="nextstepaction"]
+> > [Download the code sample](https://github.com/Azure-Samples/ms-identity-ciam-javascript-tutorial/archive/react-quickstart.zip)
+>
+> ## Run the sample
+>
+> 1. Unzip the downloaded file.
+>
+> 1. Locate the folder that contains the `package.json` file in your terminal, then run the following command:
+>
+>     ```console
+>     npm install && npm start
+>     ```
+>
+> 1. Open your browser and visit `http://locahost:3000`.
+>
+> 1. Select the **Sign-in** link on the navigation bar.
+>

articles/active-directory/develop/web-app-quickstart-portal-node-js-ciam.md

@@ -93,6 +93,8 @@ items:
       href: whats-new-sovereign-clouds.md  
     - name: Archive for What's new? in Azure AD
       href: whats-new-archive.md
+    - name: Archive for What's new in sovereign clouds? in Azure AD
+      href: whats-new-sovereign-clouds-archive.md  
   - name: Frequently asked questions
     href: active-directory-faq.yml
   - name: Company branding CSS template reference guide