MicrosoftDocs
diff --git a/‎.github/policies/disallow-edits.yml
Lines changed: 138 additions & 0 deletions b/‎.github/policies/disallow-edits.yml
Lines changed: 138 additions & 0 deletions
diff --git a/‎articles/active-directory-b2c/force-password-reset.md
Lines changed: 4 additions & 10 deletions b/‎articles/active-directory-b2c/force-password-reset.md
Lines changed: 4 additions & 10 deletions
diff --git a/‎articles/api-management/api-management-subscriptions.md
Lines changed: 7 additions & 5 deletions b/‎articles/api-management/api-management-subscriptions.md
Lines changed: 7 additions & 5 deletions
diff --git a/‎articles/api-management/developer-portal-wordpress-plugin.md
Lines changed: 2 additions & 1 deletion b/‎articles/api-management/developer-portal-wordpress-plugin.md
Lines changed: 2 additions & 1 deletion
diff --git a/‎articles/api-management/quota-by-key-policy.md
Lines changed: 3 additions & 1 deletion b/‎articles/api-management/quota-by-key-policy.md
Lines changed: 3 additions & 1 deletion
diff --git a/‎articles/api-management/xml-to-json-policy.md
Lines changed: 3 additions & 2 deletions b/‎articles/api-management/xml-to-json-policy.md
Lines changed: 3 additions & 2 deletions
diff --git a/‎articles/app-service/environment/media/app-service-app-service-environment-geo-distributed-scale/cname-custom-domain.png
104 KB b/‎articles/app-service/environment/media/app-service-app-service-environment-geo-distributed-scale/cname-custom-domain.png
104 KB
diff --git a/‎articles/app-service/environment/media/app-service-app-service-environment-geo-distributed-scale/dns-lookup.png
26.4 KB b/‎articles/app-service/environment/media/app-service-app-service-environment-geo-distributed-scale/dns-lookup.png
26.4 KB
diff --git a/‎articles/app-service/environment/media/custom-domain-suffix/custom-domain-suffix-dns-configuration.png
18.5 KB b/‎articles/app-service/environment/media/custom-domain-suffix/custom-domain-suffix-dns-configuration.png
18.5 KB
diff --git a/‎articles/app-service/environment/media/custom-domain-suffix/platform-outbound-ip.png
11.3 KB b/‎articles/app-service/environment/media/custom-domain-suffix/platform-outbound-ip.png
11.3 KB
@@ -0,0 +1,138 @@
+name: GitOps.PullRequestIssueManagement
+description: GitOps.PullRequestIssueManagement primitive
+resource: repository
+
+configuration:
+  resourceManagementConfiguration:
+    eventResponderTasks:
+      - description: Close PRs that contain content for services that have been migrated out of the azure-docs-pr repository.
+        if:
+          - payloadType: Pull_Request
+          - isAction:
+              action: Opened
+          - or:
+              - includesModifiedFiles:
+                  files:
+                    - articles/aks/*
+              - includesModifiedFiles:
+                  files:
+                    - articles/defender-for-cloud/*
+              - includesModifiedFiles:
+                  files: 
+                    - articles/attestation/*
+              - includesModifiedFiles:
+                  files: 
+                    - articles/confidential-ledger/*
+              - includesModifiedFiles:
+                  files: 
+                    - articles/dedicated-hsm/*
+              - includesModifiedFiles:
+                  files:
+                    - articles/key-vault/*
+              - includesModifiedFiles:
+                  files: 
+                    - articles/payment-hsm/*
+              - includesModifiedFiles:
+                  files: 
+                    - articles/postgresql/*
+              - includesModifiedFiles:
+                  files: 
+                    - articles/cosmos-db/*
+              - includesModifiedFiles:
+                  files: 
+                    - articles/dms/*
+              - includesModifiedFiles:
+                  files: 
+                    - articles/mariadb/*
+              - includesModifiedFiles:
+                  files: 
+                    - articles/mysql/*
+              - includesModifiedFiles:
+                  files:   
+                    - articles/managed-instance-apache-cassandra/*
+              - includesModifiedFiles:
+                  files:   
+                    - articles/virtual-machines/*
+              - includesModifiedFiles:
+                  files:   
+                    - articles/virtual-machines-scale-sets/*
+              - includesModifiedFiles:
+                  files:   
+                    - articles/container-instances/*
+              - includesModifiedFiles:
+                  files:   
+                    - articles/service-fabric/*
+              - includesModifiedFiles:
+                  files:   
+                    - articles/machine-learning/*
+              - includesModifiedFiles:
+                  files:   
+                    - articles/ai-studio/*
+              - includesModifiedFiles:
+                  files:   
+                    - articles/ai-services/*
+              - includesModifiedFiles:
+                  files:   
+                    - articles/genomics/*
+              - includesModifiedFiles:
+                  files:   
+                    - articles/open-datasets/*
+              - includesModifiedFiles:
+                  files:   
+                    - articles/search/*
+              - includesModifiedFiles:
+                  files:   
+                    - articles/azure-monitor/*
+              - includesModifiedFiles:
+                  files:  
+                    - articles/advisor/*
+              - includesModifiedFiles:
+                  files:   
+                    - articles/chaos-studio/*
+              - includesModifiedFiles:
+                  files:  
+                    - articles/service-health/*
+              - includesModifiedFiles:
+                  files:  
+                    - articles/azure-arc/*
+              - includesModifiedFiles:
+                  files:   
+                    - articles/azure-linux/*
+              - includesModifiedFiles:
+                  files:   
+                    - articles/azure-portal/*
+              - includesModifiedFiles:
+                  files:   
+                    - articles/copilot/*
+              - includesModifiedFiles:
+                  files:   
+                    - articles/lighthouse/*
+              - includesModifiedFiles:
+                  files:  
+                    - articles/quotas/*
+              - includesModifiedFiles:
+                  files:   
+                    - articles/container-registry/*
+              - includesModifiedFiles:
+                  files:  
+                    - articles/kubernetes-fleet/*
+        then:
+          - addReply:
+              reply: >-
+                @${issueAuthor} - You tried to add content to a folder path that has been removed from this repository. Your pull request will be automatically closed. Submit your changes to the updated repository, which can be identified by clicking the Edit this Document link at the top of any published article for that product or service. 
+          - if:
+              - or:
+                  - activitySenderHasPermission:
+                      permission: None
+                  - activitySenderHasPermission:
+                      permission: Read
+                  - activitySenderHasPermission:
+                      permission: Write
+                  - activitySenderHasPermission:
+                      permission: Triage
+                  - activitySenderHasPermission:
+                      permission: Maintain
+                  - activitySenderHasPermission:
+                      permission: Admin
+            then:
+              - closePullRequest
@@ -2,14 +2,11 @@
 title: Configure a force password reset flow in Azure AD B2C
 titleSuffix: Azure AD B2C
 description: Learn how to set up a forced password reset flow in Azure Active Directory B2C.
-
 author: kengaderdus
 manager: CelesteDG
-
 ms.service: azure-active-directory
-
 ms.topic: how-to
-ms.date: 01/11/2024
+ms.date: 10/11/2024
 ms.author: kengaderdus
 ms.subservice: b2c
 ms.custom: b2c-support, has-azure-ad-ps-ref,azure-ad-ref-level-one-done
@@ -160,16 +157,13 @@ Connect-MgGraph  -Scopes 'Domain.ReadWrite.All'
 $domainId = "contoso.com"
 $params = @{
 	passwordValidityPeriodInDays = 90
-	passwordNotificationWindowInDays = 15
 }
 
 Update-MgDomain -DomainId $domainId -BodyParameter $params
 ```
 
-> [!NOTE] 
-> `passwordValidityPeriodInDays` indicates the length of time in days that a password remains valid before it must be changed. `passwordNotificationWindowInDays` indicates the length of time in days before the password expiration date when users receive their first notification to indicate that their password is about to expire.
-
-## Next steps
+- `passwordValidityPeriodInDays` is the length of time in days that a password remains valid before it must be changed. 
 
-Set up a [self-service password reset](add-password-reset-policy.md).
+## Related content
 
+Set up a [self-service password reset](add-password-reset-policy.md).
@@ -6,7 +6,7 @@ author: dlepow
 
 ms.service: azure-api-management
 ms.topic: conceptual
-ms.date: 08/02/2023
+ms.date: 09/03/2024
 ms.author: danlep
 ms.custom: engagement-fy23
 ---
@@ -133,7 +133,7 @@ After the subscription requirement is disabled, the selected API or APIs can be
 
 When API Management receives an API request from a client with a subscription key, it handles the request according to these rules: 
 
-1. Check if it's a valid key associated with an active subscription, either:
+1. Check first if it's a valid key associated with an active subscription, either:
 
     * A subscription scoped to the API
     * A subscription scoped to a product that's assigned to the API
@@ -142,13 +142,15 @@ When API Management receives an API request from a client with a subscription ke
 
     If a valid key for an active subscription at an appropriate scope is provided, access is allowed. Policies are applied depending on the configuration of the policy definition at that scope.
 
+1. If the key isn't valid but a product exists that includes the API but doesn't require a subscription (an *open* product), ignore the key and handle as an API request without a subscription key (see below). 
+
 1. Otherwise, access is denied (401 Access denied error).
 
 ### API request without a subscription key
 
 When API Management receives an API request from a client without a subscription key, it handles the request according to these rules: 
 
-1. Check first for the existence of a product that includes the API but doesn't require a subscription (an *open* product). If the open product exists, handle the request in the context of the APIs, policies, and access rules configured for the product. An API can be associated with at most one open product.
+1. Check first for the existence of a product that includes the API but doesn't require a subscription (an *open* product). If the open product exists, handle the request in the context of the APIs, policies, and access rules configured for the open product. An API can be associated with at most one open product.
 1. If an open product including the API isn't found, check whether the API requires a subscription. If a subscription isn't required, handle the request in the context of that API and operation.
 1. If no configured product or API is found, then access is denied (401 Access denied error).
 
@@ -162,14 +164,14 @@ The following table summarizes how the gateway handles API requests with or with
 |✔️     | ✔️     | Access allowed:<br/><br/>• Product-scoped key<br/>• API-scoped key<br/>• All APIs-scoped key<br/>• Service-scoped key<br/><br/>Access denied:<br/><br/>• Other key not scoped to applicable product or API        | Access denied        | Protected API access using product-scoped or API-scoped subscription  |
 |✔️     |  ❌    | Access allowed:<br/><br/>• Product-scoped key<br/>• API-scoped key<br/>• All APIs-scoped key<br/>• Service-scoped key<br/><br/>Access denied:<br/><br/>• Other key not scoped to applicable product or API        |  Access allowed (API context)   | • Protected API access with product-scoped subscription<br/><br/>• Anonymous access to API. If anonymous access isn’t intended, configure API-level policies to enforce authentication and authorization. |
 |❌<sup>1</sup>     | ✔️    | Access allowed:<br/><br/>• Product-scoped key<br/>• API-scoped key<br/>• All APIs-scoped key<br/>• Service-scoped key<br/><br/>Access denied:<br/><br/>• Other key not scoped to applicable product or API        |    Access allowed (open product context)     | •	Protected API access with API-scoped subscription<br/><br/>•	Anonymous access to API. If anonymous access isn’t intended, configure with product policies to enforce authentication and authorization  |
-|❌<sup>1</sup>     |  ❌      | Access allowed:<br/><br/>• Product-scoped key<br/>• API-scoped key<br/>• All APIs-scoped key<br/>• Service-scoped key<br/><br/>Access denied:<br/><br/>• Other key not scoped to applicable product or API        | Access allowed (open product context)        | Anonymous access to API. If anonymous access isn’t intended, configure with product policies to enforce authentication and authorization  |
+|❌<sup>1</sup>     |  ❌      | Access allowed:<br/><br/>• Product-scoped key<br/>• API-scoped key<br/>• All APIs-scoped key<br/>• Service-scoped key<br/>• Other key not scoped to applicable product or API        | Access allowed (open product context)        | Anonymous access to API. If anonymous access isn’t intended, configure with product policies to enforce authentication and authorization  |
 
 <sup>1</sup> An open product exists that's associated with the API. 
 
 ### Considerations
 
 -	API access in a product context is the same, whether the product is published or not. Unpublishing the product hides it from the developer portal, but it doesn’t invalidate new or existing subscription keys.
--	Even if a product or API doesn't require a subscription, a valid key from an active subscription that enables access to the product or API can still be used.
+-   If an API doesn't require subscription authentication, any API request that includes a subscription key is treated the same as a request without a subscription key. The subscription key is ignored.
 -	API access "context" means the policies and access controls that are applied at a particular scope (for example, API or product).
 
 ## Next steps
 
@@ -69,7 +69,8 @@ In this step, create a new Microsoft Entra app. In later steps, you configure th
 
     `https://<apim-instance-name>.developer.azure-api.net/signin`
 
-1. On the **Authentication** page, under **Single-page application**, select **Add URI** and enter the following URI, substituting the name of your API Management instance:
+1. Select **+ Add a platform** again. Select **Single-page application** agaain.
+1. On the **Configure single-page application** page, enter the following redirect URI, substituting the name of your API Management instance, and select **Configure**:
 
     `https://<apim-instance-name>.developer.azure-api.net/`
 
 
@@ -6,7 +6,7 @@ author: dlepow
 
 ms.service: azure-api-management
 ms.topic: article
-ms.date: 07/23/2024
+ms.date: 09/16/2024
 ms.author: danlep
 ---
 # Set usage quota by key
@@ -29,6 +29,7 @@ To understand the difference between rate limits and quotas, [see Rate limits an
               bandwidth="kilobytes"
               renewal-period="seconds"
               increment-condition="condition"
+              increment-count="number"
               counter-key="key value"
               first-period-start="date-time" />
 ```
@@ -41,6 +42,7 @@ To understand the difference between rate limits and quotas, [see Rate limits an
 | calls               | The maximum total number of calls allowed during the time interval specified in the `renewal-period`. Policy expressions aren't allowed.    | Either `calls`, `bandwidth`, or both together must be specified. | N/A     |
 | counter-key         | The key to use for the `quota policy`. For each key value, a single counter is used for all scopes at which the policy is configured. Policy expressions are allowed.             | Yes                                                              | N/A     |
 | increment-condition | The Boolean expression specifying if the request should be counted towards the quota (`true`). Policy expressions are allowed.             | No                                                               | N/A     |
+| increment-count | The number by which the counter is increased per request. Policy expressions are allowed. | No | 1 |
 | renewal-period      | The length in seconds of the fixed window after which the quota resets. The start of each period is calculated relative to `first-period-start`. Minimum period: 300 seconds. When `renewal-period` is set to 0, the period is set to infinite. Policy expressions aren't allowed.                                                  | Yes                                                              | N/A     |
 | first-period-start      | The starting date and time for quota renewal periods, in the following format: `yyyy-MM-ddTHH:mm:ssZ` as specified by the ISO 8601 standard. Policy expressions aren't allowed.   | No                                                              | `0001-01-01T00:00:00Z`     |
 
 
@@ -6,7 +6,7 @@ author: dlepow
 
 ms.service: azure-api-management
 ms.topic: article
-ms.date: 07/23/2024
+ms.date: 09/06/2024
 ms.author: danlep
 ---
 
@@ -21,7 +21,7 @@ The `xml-to-json` policy converts a request or response body from XML to JSON. T
 ## Policy statement
 
 ```xml
-<xml-to-json kind="javascript-friendly | direct" apply="always | content-type-xml" consider-accept-header="true | false"/>
+<xml-to-json kind="javascript-friendly | direct" apply="always | content-type-xml" consider-accept-header="true | false" always-array-children="true | false"/>
 ```
 
 
@@ -32,6 +32,7 @@ The `xml-to-json` policy converts a request or response body from XML to JSON. T
 |kind|The attribute must be set to one of the following values.<br /><br /> -   `javascript-friendly` - the converted JSON has a form friendly to JavaScript developers.<br />-   `direct` - the converted JSON reflects the original XML document's structure.<br/><br/>Policy expressions are allowed.|Yes|N/A|
 |apply|The attribute must be set to one of the following values.<br /><br /> -   `always` - convert always.<br />-   `content-type-xml` - convert only if response Content-Type header indicates presence of XML.<br/><br/>Policy expressions are allowed.|Yes|N/A|
 |consider-accept-header|The attribute must be set to one of the following values.<br /><br /> -   `true` - apply conversion if JSON is requested in request Accept header.<br />-   `false` -always apply conversion.<br/><br/>Policy expressions are allowed.|No|`true`|
+|always-array-children|The attribute must be set to one of the following values.<br /><br /> -   `true` - Always convert child elements into a JSON array.<br />-   `false` - Only convert multiple child elements into a JSON array. Convert a single child element into a JSON object.<br/><br/>Policy expressions are allowed.|No|`false`|
 
 ## Usage