Merge pull request #247285 from MicrosoftDocs/main

8/3/2023 PM Publish

Author: Taojunshen

.openpublishing.redirection.active-directory.json

@@ -10,6 +10,11 @@
       "redirect_url": "/azure/active-directory/develop/enterprise-app-role-management",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/active-directory/governance/tutorial-prepare-azure-ad-user-accounts.md",
+      "redirect_url": "/azure/active-directory/governance/tutorial-prepare-user-accounts",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/active-directory/develop/active-directory-schema-extensions.md",
       "redirect_url": "/azure/active-directory/develop/schema-extensions",

.openpublishing.redirection.sentinel.json

@@ -174,6 +174,11 @@
             "source_path": "articles/sentinel/data-connectors/zoom-reports-using-azure-function.md",
             "redirect_url": "/azure/sentinel/data-connectors/zoom-reports-using-azure-functions",
             "redirect_document_id": true
+          },
+          {
+            "source_path": "articles/sentinel/store-logs-in-azure-data-explorer.md",
+            "redirect_url": "/azure/azure-monitor/logs/data-retention-archive",
+            "redirect_document_id": true
           }
     ]
 }

articles/active-directory-b2c/enable-authentication-python-web-app.md

@@ -190,7 +190,7 @@ In the root folder of your web app, create the `templates` folder. In the templa
 
 Add the following templates under the templates folder. These templates extend the `base.html` template:
 
-- **index.html**: the home page of the web app. The templates use the following logic: if a user doesn't sign-in, it renders the sing-in button. If users sings-in, it renders the access token's claims, link to edit profile, and call a Graph API.
+- **index.html**: the home page of the web app. The templates use the following logic: if a user doesn't sign in, it renders the sign-in button. If a user signs in, it renders the access token's claims, link to edit profile, and call a Graph API.
 
     ```html
     {% extends "base.html" %}

articles/active-directory/app-provisioning/on-premises-sap-connector-configure.md

@@ -14,7 +14,7 @@ ms.reviewer: arvinh
 ---
 
 # Configuring Azure AD to provision users into SAP ECC 7.0
-The following documentation provides configuration and tutorial information demonstrating how to provision users from Azure AD into SAP ERP Central Component (SAP ECC) 7.0.  
+The following documentation provides configuration and tutorial information demonstrating how to provision users from Azure AD into SAP ERP Central Component (SAP ECC) 7.0. If you are using other versions such as SAP R/3, you can still use the guides provided in the [download center](https://www.microsoft.com/download/details.aspx?id=51495) as a reference to build your own template and configure provisioning.   
 
 
 [!INCLUDE [app-provisioning-sap.md](../../../includes/app-provisioning-sap.md)]

articles/active-directory/architecture/5-secure-access-b2b.md

@@ -76,7 +76,7 @@ Some organizations have a blocklist of bad-actor domains from a managed security
 
 You can control inbound and outbound access using cross tenant access settings. In addition, you can trust multi-factor authentication (MFA), a compliant device, and hybrid Azure Active Directory joined device (HAAJD) claims from external Azure AD tenants. When you configure an organizational policy, it applies to the Azure AD tenant and applies to users in that tenant, regardless of domain suffix. 
 
-You can enable collaboration across Microsoft clouds, such as Microsoft Azure operated by 21Vianet (Azure China) or Azure Government. Determine if your collaboration partners reside in a different Microsoft cloud. 
+You can enable collaboration across Microsoft clouds, such as Microsoft Azure operated by 21Vianet or Azure Government. Determine if your collaboration partners reside in a different Microsoft cloud. 
 
 Learn more: 
 

articles/active-directory/architecture/backup-authentication-system.md

@@ -84,15 +84,15 @@ In addition to user authentication, the backup authentication system provides re
 
 ## Cloud environments that support the backup authentication system
 
-The backup authentication system is supported in all cloud environments except Azure China 21vianet. The types of identities supported vary by cloud, as described in the following table. 
+The backup authentication system is supported in all cloud environments except Microsoft Azure operated by 21Vianet. The types of identities supported vary by cloud, as described in the following table. 
 
 | Azure environment | Identities protected |
 | --- | --- |
 | Azure Commercial | Users, managed identities |
 | Azure Government | Users, managed identities |
 | Azure Government Secret | managed identities |
 | Azure Government Top Secret | managed identities |
-| Azure China | Not available |
+| Azure operated by 21Vianet | Not available |
 
 ## Appendix
 

articles/active-directory/authentication/concept-mfa-data-residency.md

@@ -115,7 +115,7 @@ The following table shows the location for service logs for sovereign clouds.
 
 | Sovereign cloud                      | Sign-in logs                         | Multifactor authentication activity report | Multifactor authentication service logs |
 |--------------------------------------|--------------------------------------|--------------------------------------------|-----------------------------------------|
-| Azure China 21Vianet                 | China                                | United States                              | United States                           |
+| Microsoft Azure operated by 21Vianet                 | China                                | United States                              | United States                           |
 | Microsoft Government Cloud           | United States                        | United States                              | United States                           |
 
 ## Next steps

articles/active-directory/authentication/concept-registration-mfa-sspr-combined.md

@@ -24,7 +24,7 @@ Before combined registration, users registered authentication methods for Azure
 
 Before enabling the new experience, review this administrator-focused documentation and the user-focused documentation to ensure you understand the functionality and effect of this feature. Base your training on the [user documentation](https://support.microsoft.com/account-billing/set-up-your-security-info-from-a-sign-in-prompt-28180870-c256-4ebf-8bd7-5335571bf9a8) to prepare your users for the new experience and help to ensure a successful rollout.
 
-Azure AD combined security information registration is available for Azure US Government but not Azure China 21Vianet.
+Azure AD combined security information registration is available for Azure US Government but not Microsoft Azure operated by 21Vianet.
 
 *My Account* pages are localized based on the language settings of the computer accessing the page. Microsoft stores the most recent language used in the browser cache, so subsequent attempts to access the pages continue to render in the last language used. If you clear the cache, the pages re-render.
 

articles/active-directory/authentication/howto-mfa-nps-extension.md

@@ -113,14 +113,14 @@ The NPS server must be able to communicate with the following URLs over TCP port
 
 * `https://login.microsoftonline.com`
 * `https://login.microsoftonline.us (Azure Government)`
-* `https://login.chinacloudapi.cn (Azure China 21Vianet)`
+* `https://login.chinacloudapi.cn (Microsoft Azure operated by 21Vianet)`
 * `https://credentials.azure.com`
 * `https://strongauthenticationservice.auth.microsoft.com`
 * `https://strongauthenticationservice.auth.microsoft.us (Azure Government)`
-* `https://strongauthenticationservice.auth.microsoft.cn (Azure China 21Vianet)`
+* `https://strongauthenticationservice.auth.microsoft.cn (Microsoft Azure operated by 21Vianet)`
 * `https://adnotifications.windowsazure.com`
 * `https://adnotifications.windowsazure.us (Azure Government)`
-* `https://adnotifications.windowsazure.cn (Azure China 21Vianet)`
+* `https://adnotifications.windowsazure.cn (Microsoft Azure operated by 21Vianet)`
 
 Additionally, connectivity to the following URLs is required to complete the [setup of the adapter using the provided PowerShell script](#run-the-powershell-script):
 
@@ -246,7 +246,7 @@ To provide load-balancing capabilities or for redundancy, repeat these steps on
    `[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12`
 
    > [!IMPORTANT]
-   > For customers that use the Azure Government or Azure China 21Vianet clouds, first edit the `Connect-MsolService` cmdlets in the *AzureMfaNpsExtnConfigSetup.ps1* script to include the *AzureEnvironment* parameters for the required cloud. For example, specify *-AzureEnvironment USGovernment* or *-AzureEnvironment AzureChinaCloud*.
+   > For customers that use the Azure Government or Microsoft Azure operated by 21Vianet clouds, first edit the `Connect-MsolService` cmdlets in the *AzureMfaNpsExtnConfigSetup.ps1* script to include the *AzureEnvironment* parameters for the required cloud. For example, specify *-AzureEnvironment USGovernment* or *-AzureEnvironment AzureChinaCloud*.
    >
    > For more information, see [Connect-MsolService parameter reference](/powershell/module/msonline/connect-msolservice#parameters).
 
@@ -263,14 +263,14 @@ If your previous computer certificate has expired, and a new certificate has bee
 > [!NOTE]
 > If you use your own certificates instead of generating certificates with the PowerShell script, make sure that they align to the NPS naming convention. The subject name must be **CN=\<TenantID\>,OU=Microsoft NPS Extension**.
 
-### Microsoft Azure Government or Azure China 21Vianet additional steps
+### Microsoft Azure Government or Microsoft Azure operated by 21Vianet additional steps
 
-For customers that use the Azure Government or Azure China 21Vianet clouds, the following additional configuration steps are required on each NPS server.
+For customers that use the Azure Government or Azure operated by 21Vianet clouds, the following additional configuration steps are required on each NPS server.
 
 > [!IMPORTANT]
-> Only configure these registry settings if you're an Azure Government or Azure China 21Vianet customer.
+> Only configure these registry settings if you're an Azure Government or Azure operated by 21Vianet customer.
 
-1. If you're an Azure Government or Azure China 21Vianet customer, open **Registry Editor** on the NPS server.
+1. If you're an Azure Government or Azure operated by 21Vianet customer, open **Registry Editor** on the NPS server.
 1. Navigate to `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureMfa`.
 1. For Azure Government customers, set the following key values.:
 
@@ -280,7 +280,7 @@ For customers that use the Azure Government or Azure China 21Vianet clouds, the
     | AZURE_MFA_RESOURCE_HOSTNAME | adnotifications.windowsazure.us |
     | STS_URL            | https://login.microsoftonline.us/ |
 
-1. For Azure China 21Vianet customers, set the following key values:
+1. For Microsoft Azure operated by 21Vianet customers, set the following key values:
 
     | Registry key       | Value |
     |--------------------|-----------------------------------|

articles/active-directory/authentication/howto-password-smart-lockout.md

@@ -21,7 +21,7 @@ Smart lockout helps lock out bad actors that try to guess your users' passwords
 
 ## How smart lockout works
 
-By default, smart lockout locks the account from sign-in attempts for one minute after 10 failed attempts for Azure Public and Azure China 21Vianet tenants and 3 for Azure US Government tenants. The account locks again after each subsequent failed sign-in attempt, for one minute at first and longer in subsequent attempts. To minimize the ways an attacker could work around this behavior, we don't disclose the rate at which the lockout period grows over additional unsuccessful sign-in attempts.
+By default, smart lockout locks the account from sign-in attempts for one minute after 10 failed attempts for Azure Public and Microsoft Azure operated by 21Vianet tenants and 3 for Azure US Government tenants. The account locks again after each subsequent failed sign-in attempt, for one minute at first and longer in subsequent attempts. To minimize the ways an attacker could work around this behavior, we don't disclose the rate at which the lockout period grows over additional unsuccessful sign-in attempts.
 
 Smart lockout tracks the last three bad password hashes to avoid incrementing the lockout counter for the same password. If someone enters the same bad password multiple times, this behavior won't cause the account to lock out.
 
@@ -62,7 +62,7 @@ To verify your on-premises AD DS account lockout policy, complete the following
 
 ## Manage Azure AD smart lockout values
 
-Based on your organizational requirements, you can customize the Azure AD smart lockout values. Customization of the smart lockout settings, with values specific to your organization, requires Azure AD Premium P1 or higher licenses for your users. Customization of the smart lockout settings is not available for Azure China 21Vianet tenants.
+Based on your organizational requirements, you can customize the Azure AD smart lockout values. Customization of the smart lockout settings, with values specific to your organization, requires Azure AD Premium P1 or higher licenses for your users. Customization of the smart lockout settings is not available for Microsoft Azure operated by 21Vianet tenants.
 
 To check or modify the smart lockout values for your organization, complete the following steps: