Merge pull request #224938 from MicrosoftDocs/main

1/24 PM Publish

Author: huypub

.openpublishing.redirection.azure-monitor.json

@@ -5671,6 +5671,16 @@
             "source_path_from_root": "/articles/azure-monitor/logs/azure-data-explorer-monitor-cross-service-query.md",
             "redirect_url": "/azure/azure-monitor/logs/azure-monitor-data-explorer-proxy",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/app/mobile-center-quickstart.md",
+            "redirect_url": "https://github.com/Microsoft/appcenter",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/app/windows-desktop.md",
+            "redirect_url": "https://github.com/Microsoft/appcenter",
+            "redirect_document_id": false
         }
     ]
 }

.openpublishing.redirection.json

@@ -27970,6 +27970,11 @@
           "redirect_url": "/azure/azure-cache-for-redis/cache-insights-overview",
           "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/aks/uptime-sla.md",
+            "redirect_url": "/azure/aks/free-standard-pricing-tiers",
+            "redirect_document_id": "false"
+        },
         {
           "source_path": "articles/dotnet-develop-multitenant-applications.md",
           "redirect_URL": "/azure/architecture/guide/multitenant/overview",

articles/active-directory-b2c/partner-datawiza.md

@@ -9,7 +9,7 @@ ms.reviewer: kengaderdus
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 12/12/2022
+ms.date: 01/23/2023
 ms.author: gasinh
 ms.subservice: B2C
 ---

articles/active-directory/cloud-sync/index.yml

@@ -12,7 +12,7 @@ metadata:
   ms.collection: na
   ms.date: 09/05/2019
   ms.service: active-directory
-  ms.subservice: na
+  ms.subservice: hybrid
   ms.topic: landing-page
   services: active-directory
 

articles/active-directory/conditional-access/concept-conditional-access-conditions.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
-ms.date: 09/12/2022
+ms.date: 01/24/2023
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -47,6 +47,8 @@ Azure AD Conditional Access supports the following device platforms:
 
 If you block legacy authentication using the **Other clients** condition, you can also set the device platform condition.
 
+We don't support selecting macOS or Linux device platforms when selecting **Require approved client app** or **Require app protection policy** as the only grant controls or when you choose **Require all the selected controls**.
+
 > [!IMPORTANT]
 > Microsoft recommends that you have a Conditional Access policy for unsupported device platforms. As an example, if you want to block access to your corporate resources from **Chrome OS** or any other unsupported clients, you should configure a policy with a Device platforms condition that includes any device and excludes supported device platforms and Grant control set to Block access.
 

articles/active-directory/conditional-access/concept-conditional-access-report-only.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
-ms.date: 05/01/2020
+ms.date: 01/24/2023
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -17,11 +17,11 @@ ms.collection: M365-identity-device-management
 ---
 # What is Conditional Access report-only mode?
 
-Conditional Access is widely used by our customers to stay secure by applying the right access controls in the right circumstances. However one of the challenges with deploying a Conditional Access policy in your organization is determining the impact to end users. It can be difficult to anticipate the number and names of users impacted by common deployment initiatives such as blocking legacy authentication, requiring multi-factor authentication for a population of users, or implementing sign-in risk policies. 
+Conditional Access is widely used by our customers to stay secure by applying the right access controls in the right circumstances. However one of the challenges with deploying a Conditional Access policy in your organization is determining the impact to end users. It can be difficult to anticipate the number and names of users impacted by common deployment initiatives such as blocking legacy authentication, requiring multifactor authentication for a population of users, or implementing sign-in risk policies. 
 
 Report-only mode is a new Conditional Access policy state that allows administrators to evaluate the impact of Conditional Access policies before enabling them in their environment.  With the release of report-only mode:
 
-- Conditional Access policies can be enabled in report-only mode, this is not applicable with the "User Actions" scope.
+- Conditional Access policies can be enabled in report-only mode, this isn't applicable with the "User Actions" scope.
 - During sign-in, policies in report-only mode are evaluated but not enforced.
 - Results are logged in the **Conditional Access** and **Report-only** tabs of the Sign-in log details.
 - Customers with an Azure Monitor subscription can monitor the impact of their Conditional Access policies using the Conditional Access insights workbook.
@@ -39,14 +39,14 @@ When a policy in report-only mode is evaluated for a given sign-in, there are fo
 
 | Result | Description |
 | --- | --- |
-| Report-only: Success | All configured policy conditions, required non-interactive grant controls, and session controls were satisfied. For example, a multi-factor authentication requirement is satisfied by an MFA claim already present in the token, or a compliant device policy is satisfied by performing a device check on a compliant device. |
+| Report-only: Success | All configured policy conditions, required non-interactive grant controls, and session controls were satisfied. For example, a multifactor authentication requirement is satisfied by an MFA claim already present in the token, or a compliant device policy is satisfied by performing a device check on a compliant device. |
 | Report-only: Failure | All configured policy conditions were satisfied but not all the required non-interactive grant controls or session controls were satisfied. For example, a policy applies to a user where a block control is configured, or a device fails a compliant device policy. |
-| Report-only: User action required | All configured policy conditions were satisfied but user action would be required to satisfy the required grant controls or session controls. With report-only mode, the user is not prompted to satisfy the required controls. For example, users are not prompted for multi-factor authentication challenges or terms of use.   |
+| Report-only: User action required | All configured policy conditions were satisfied but user action would be required to satisfy the required grant controls or session controls. With report-only mode, the user isn't prompted to satisfy the required controls. For example, users aren't prompted for multifactor authentication challenges or terms of use.   |
 | Report-only: Not applied | Not all configured policy conditions were satisfied. For example, the user is excluded from the policy or the policy only applies to certain trusted named locations. |
 
 ## Conditional Access Insights workbook
 
-Administrators have the capability to create multiple policies in report-only mode, so it is necessary to understand both the individual impact of each policy and the combined impact of multiple policies evaluated together. The new Conditional Access Insights workbook enables administrators to visualize Conditional Access queries and monitor the impact of a policy for a given time range, set of applications, and users. 
+Administrators have the capability to create multiple policies in report-only mode, so it's necessary to understand both the individual impact of each policy and the combined impact of multiple policies evaluated together. The new Conditional Access Insights workbook enables administrators to visualize Conditional Access queries and monitor the impact of a policy for a given time range, set of applications, and users. 
 
 ## Next steps
 

articles/active-directory/conditional-access/controls.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
-ms.date: 08/26/2020
+ms.date: 01/24/2023
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -58,7 +58,5 @@ Custom controls can't be used with Identity Protection's automation requiring Az
 ## Next steps
 
 - [Conditional Access common policies](concept-conditional-access-policy-common.md)
-
 - [Report-only mode](concept-conditional-access-report-only.md)
-
 - [Simulate sign in behavior using the Conditional Access What If tool](troubleshoot-conditional-access-what-if.md)

articles/active-directory/conditional-access/howto-conditional-access-insights-reporting.md

@@ -38,7 +38,7 @@ Users also need one of the following Log Analytics workspace roles:
 
 ### Stream sign-in logs from Azure AD to Azure Monitor logs 
 
-If you have not integrated Azure AD logs with Azure Monitor logs, you will need to take the following steps before the workbook will load:  
+If you haven't integrated Azure AD logs with Azure Monitor logs, you'll need to take the following steps before the workbook will load:  
 
 1. [Create a Log Analytics workspace in Azure Monitor](../../azure-monitor/logs/quick-create-workspace.md).
 1. [Integrate Azure AD logs with Azure Monitor logs](../reports-monitoring/howto-integrate-activity-logs-with-log-analytics.md).
@@ -78,7 +78,7 @@ Once the parameters have been set, the impact summary loads. The summary shows h
 
 **Failure**: The number of users or sign-ins during the time period where the result of at least one of the selected policies was “Failure” or “Report-only: Failure”.
 
-**User action required**: The number of users or sign-ins during the time period where the combined result of the selected policies was “Report-only: User action required”. User action is required when an interactive grant control, such as multi-factor authentication is required by a report-only Conditional Access policy. Since interactive grant controls are not enforced by report-only policies, success or failure cannot be determined.  
+**User action required**: The number of users or sign-ins during the time period where the combined result of the selected policies was “Report-only: User action required”. User action is required when an interactive grant control, such as multifactor authentication is required by a report-only Conditional Access policy. Since interactive grant controls aren't enforced by report-only policies, success or failure can't be determined.  
 
 **Not applied**: The number of users or sign-ins during the time period where none of the selected policies applied.
 
@@ -114,20 +114,20 @@ To configure a Conditional Access policy in report-only mode:
 
 ### Why are queries failing due to a permissions error?
 
-In order to access the workbook, you need the proper Azure AD permissions as well as Log Analytics workspace permissions. To test whether you have the proper workspace permissions by running a sample log analytics query:
+In order to access the workbook, you need the proper Azure AD permissions and Log Analytics workspace permissions. To test whether you have the proper workspace permissions by running a sample log analytics query:
 
 1. Sign in to the **Azure portal**.
 1. Browse to **Azure Active Directory** > **Log Analytics**.
 1. Type `SigninLogs` into the query box and select **Run**.
-1. If the query does not return any results, your workspace may not have been configured correctly. 
+1. If the query doesn't return any results, your workspace may not have been configured correctly. 
 
 ![Troubleshoot failing queries](./media/howto-conditional-access-insights-reporting/query-troubleshoot-sign-in-logs.png)
 
 For more information about how to stream Azure AD sign-in logs to a Log Analytics workspace, see the article [Integrate Azure AD logs with Azure Monitor logs](../reports-monitoring/howto-integrate-activity-logs-with-log-analytics.md).
 
 ### Why are the queries in the workbook failing?
 
-Customers have noticed that queries sometimes fail if the wrong or multiple workspaces are associated with the workbook. To fix this problem, click **Edit** at the top of the workbook and then the Settings gear. Select and then remove workspaces that are not associated with the workbook. There should be only one workspace associated with each workbook.
+Customers have noticed that queries sometimes fail if the wrong or multiple workspaces are associated with the workbook. To fix this problem, click **Edit** at the top of the workbook and then the Settings gear. Select and then remove workspaces that aren't associated with the workbook. There should be only one workspace associated with each workbook.
 
 ### Why is the Conditional Access policies parameter is empty?
 
@@ -143,11 +143,11 @@ When the volume of sign-ins exceeds the query capacity of Log Analytics, the wor
 
 ### Can I save my parameter selections?  
 
-You can save your parameter selections at the top of the workbook by going to **Azure Active Directory** > **Workbooks** > **Conditional Access Insights and reporting**. Here you will find the workbook template, where you can edit the workbook and save a copy to your workspace, including the parameter selections, in **My reports** or **Shared reports**. 
+You can save your parameter selections at the top of the workbook by going to **Azure Active Directory** > **Workbooks** > **Conditional Access Insights and reporting**. Here you'll find the workbook template, where you can edit the workbook and save a copy to your workspace, including the parameter selections, in **My reports** or **Shared reports**. 
 
 ### Can I edit and customize the workbook with additional queries? 
 
-You can edit and customize the workbook by going to **Azure Active Directory** > **Workbooks** > **Conditional Access Insights and reporting**. Here you will find the workbook template, where you can edit the workbook and save a copy to your workspace, including the parameter selections, in **My reports** or **Shared reports**. To start editing the queries, click **Edit** at the top of the workbook.  
+You can edit and customize the workbook by going to **Azure Active Directory** > **Workbooks** > **Conditional Access Insights and reporting**. Here you'll find the workbook template, where you can edit the workbook and save a copy to your workspace, including the parameter selections, in **My reports** or **Shared reports**. To start editing the queries, click **Edit** at the top of the workbook.  
 
 ## Next steps
 

articles/active-directory/devices/azuread-join-sso.md

@@ -29,11 +29,11 @@ This article explains how this works.
 
 ## How it works 
 
-With an Azure AD joined device, your users already have an SSO experience to the cloud apps in your environment. If your environment has an Azure AD and an on-premises AD, you may want to expand the scope of your SSO experience to your on-premises Line Of Business (LOB) apps, file shares, and printers.
+With an Azure AD joined device, your users already have an SSO experience to the cloud apps in your environment. If your environment has Azure AD and on-premises AD DS, you may want to expand the scope of your SSO experience to your on-premises Line Of Business (LOB) apps, file shares, and printers.
 
-Azure AD joined devices have no knowledge about your on-premises AD environment because they aren't joined to it. However, you can provide additional information about your on-premises AD to these devices with Azure AD Connect.
+Azure AD joined devices have no knowledge about your on-premises AD DS environment because they aren't joined to it. However, you can provide additional information about your on-premises AD to these devices with Azure AD Connect.
 
-If you have a hybrid environment, with both Azure AD and on-premises AD, it's likely that you already have Azure AD Connect or Azure AD Connect cloud sync deployed to synchronize your on-premises identity information to the cloud. As part of the synchronization process, on-premises user and domain information is synchronized to Azure AD. When a user signs in to an Azure AD joined device in a hybrid environment:
+If you have a hybrid environment, with both Azure AD and on-premises AD DS, it's likely that you already have Azure AD Connect or Azure AD Connect cloud sync deployed to synchronize your on-premises identity information to the cloud. As part of the synchronization process, on-premises user and domain information is synchronized to Azure AD. When a user signs in to an Azure AD joined device in a hybrid environment:
 
 1. Azure AD sends the details of the user's on-premises domain back to the device, along with the [Primary Refresh Token](concept-primary-refresh-token.md)
 1. The local security authority (LSA) service enables Kerberos and NTLM authentication on the device.
@@ -59,7 +59,7 @@ All apps that are configured for **Windows-Integrated authentication** seamlessl
 With SSO, on an Azure AD joined device you can: 
 
 - Access a UNC path on an AD member server
-- Access an AD member web server configured for Windows-integrated security 
+- Access an AD DS member web server configured for Windows-integrated security 
 
 If you want to manage your on-premises AD from a Windows device, install the [Remote Server Administration Tools](https://www.microsoft.com/download/details.aspx?id=45520).
 
@@ -71,10 +71,10 @@ You can use:
 ## What you should know
 
 - You may have to adjust your [domain-based filtering](../hybrid/how-to-connect-sync-configure-filtering.md#domain-based-filtering) in Azure AD Connect to ensure that the data about the required domains is synchronized if you have multiple domains.
-- Apps and resources that depend on Active Directory machine authentication don't work because Azure AD joined devices don't have a computer object in AD. 
+- Apps and resources that depend on Active Directory machine authentication don't work because Azure AD joined devices don't have a computer object in AD DS. 
 - You can't share files with other users on an Azure AD-joined device.
 - Applications running on your Azure AD joined device may authenticate users. They must use the implicit UPN or the NT4 type syntax with the domain FQDN name as the domain part, for example: [email protected] or contoso.corp.com\user.
-   - If applications use the NETBIOS or legacy name like contoso\user, the errors the application gets would be either, NT error STATUS_BAD_VALIDATION_CLASS - 0xc00000a7, or Windows error ERROR_BAD_VALIDATION_CLASS - 1348 “The validation information class requested was invalid.” This happens even if you can resolve the legacy domain name.
+   - If applications use the NETBIOS or legacy name like contoso\user, the errors the application gets would be either, NT error STATUS_BAD_VALIDATION_CLASS - 0xc00000a7, or Windows error ERROR_BAD_VALIDATION_CLASS - 1348 “The validation information class requested was invalid.” This error happens even if you can resolve the legacy domain name.
 
 ## Next steps
 

articles/active-directory/devices/azureadjoin-plan.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: devices
 ms.topic: how-to
-ms.date: 02/15/2022
+ms.date: 01/24/2023
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -230,11 +230,11 @@ Choose **Selected** and selects the users you want to add to the local administr
 
 ![Additional local administrators on Azure AD joined devices](./media/azureadjoin-plan/02.png)
 
-### Require multi-factor authentication (MFA) to join devices
+### Require multifactor authentication (MFA) to join devices
 
 Select **“Yes** if you require users to do MFA while joining devices to Azure AD.
 
-![Require multi-factor Auth to join devices](./media/azureadjoin-plan/03.png)
+![Require multifactor Auth to join devices](./media/azureadjoin-plan/03.png)
 
 **Recommendation:** Use the user action [Register or join devices](../conditional-access/concept-conditional-access-cloud-apps.md#user-actions) in Conditional Access for enforcing MFA for joining devices.