Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Learn Build Service GitHub App

articles/active-directory-b2c/whats-new-docs.md

@@ -15,6 +15,29 @@ manager: CelesteDG
 
 Welcome to what's new in Azure Active Directory B2C documentation. This article lists new docs that have been added and those that have had significant updates in the last three months. To learn what's new with the B2C service, see [What's new in Azure Active Directory](../active-directory/fundamentals/whats-new.md) and [Azure AD B2C developer release notes](custom-policy-developer-notes.md)
 
+## March 2023
+
+### Updated articles
+
+- [Configure SAML identity provider options with Azure Active Directory B2C](identity-provider-generic-saml-options.md)
+- [Tutorial: Configure BioCatch with Azure Active Directory B2C](partner-biocatch.md)
+- [Tutorial: Configure Nok Nok Passport with Azure Active Directory B2C for passwordless FIDO2 authentication](partner-nok-nok.md)
+- [Pass an identity provider access token to your application in Azure Active Directory B2C](idp-pass-through-user-flow.md)
+- [Tutorial: Configure Haventec Authenticate with Azure Active Directory B2C for single-step, multi-factor passwordless authentication](partner-haventec.md)
+- [Configure Trusona Authentication Cloud with Azure Active Directory B2C](partner-trusona.md)
+- [Tutorial: Configure IDEMIA Mobile ID with Azure Active Directory B2C](partner-idemia.md)
+- [Configure Azure Active Directory B2C with Bluink eID-Me for identity verification](partner-eid-me.md)
+- [Tutorial: Configure Azure Active Directory B2C with BlokSec for passwordless authentication](partner-bloksec.md)
+- [Tutorial: Configure Azure Active Directory B2C with Azure Web Application Firewall](partner-azure-web-application-firewall.md)
+- [Tutorial to configure Saviynt with Azure Active Directory B2C](partner-saviynt.md)
+- [Tutorial: Configure Keyless with Azure Active Directory B2C](partner-keyless.md)
+- [Tutorial: Configure security analytics for Azure Active Directory B2C data with Microsoft Sentinel](azure-sentinel.md)
+- [Configure authentication in a sample Python web app by using Azure AD B2C](configure-authentication-sample-python-web-app.md)
+- [Billing model for Azure Active Directory B2C](billing.md)
+- [Azure Active Directory B2C: Region availability & data residency](data-residency.md)
+- ['Azure AD B2C: Frequently asked questions (FAQ)'](faq.yml)
+- [Tutorial: Create an Azure Active Directory B2C tenant](tutorial-create-tenant.md)
+ 
 ## February 2023
 
 ### Updated articles

articles/active-directory-domain-services/migrate-from-classic-vnet.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 01/29/2023
+ms.date: 04/17/2023
 
 ms.author: justinha
 author: justinha
@@ -44,7 +44,11 @@ Microsoft doesn't guarantee consistent SMS or voice-based Azure AD Multi-Factor
 
 ### Text message verification
 
-With text message verification during SSPR or Azure AD Multi-Factor Authentication, an SMS is sent to the mobile phone number containing a verification code. To complete the sign-in process, the verification code provided is entered into the sign-in interface.
+With text message verification during SSPR or Azure AD Multi-Factor Authentication, a Short Message Service (SMS) text is sent to the mobile phone number containing a verification code. To complete the sign-in process, the verification code provided is entered into the sign-in interface. 
+
+Android users can enable Rich Communication Services (RCS) on their devices. RCS offers encryption and other improvements over SMS. For Android, MFA text messages may be sent over RCS rather than SMS. The MFA text message is similar to SMS, but RCS messages have more Microsoft branding and a verified checkmark so users know they can trust the message.
+
+:::image type="content" source="media/concept-authentication-methods/brand.png" alt-text="Screenshot of Microsoft branding in RCS messages.":::
 
 ### Phone call verification
 

articles/active-directory/authentication/concept-authentication-phone-options.md

@@ -10,7 +10,7 @@ metadata:
   ms.subservice: app-mgmt
   ms.workload: identity
   ms.topic: landing-page
-  ms.date: 07/08/2021
+  ms.date: 04/17/2023
   author: CelesteDG
   ms.author: CelesteDG
 
@@ -89,6 +89,8 @@ landingContent:
         links:
           - text: Identity governance
             url: ../governance/identity-governance-overview.md
+          - text: User and admin consent
+            url: user-admin-consent-overview.md
       - linkListType: how-to-guide
         links:
           - text: Assign roles
@@ -139,6 +141,8 @@ landingContent:
             url: ../reports-monitoring/howto-download-logs.md
           - text: Set up access reviews
             url: ../governance/deploy-access-reviews.md
+          - text: Assign owners
+            url: assign-app-owners.md
   - title: Remote access to on-premises apps
     linkLists:
       - linkListType: concept
@@ -147,7 +151,7 @@ landingContent:
             url: ../app-proxy/application-proxy.md
       - linkListType: how-to-guide
         links:
-          - text: Application Proxy deployment
+          - text: Plan application Proxy deployment
             url: ../app-proxy/application-proxy-deployment-plan.md
           - text: Set up connectors
             url: ../app-proxy/application-proxy-connectors.md

articles/active-directory/authentication/media/concept-authentication-methods/brand.png

@@ -35,7 +35,7 @@ Administrators, users, or Microsoft security researchers may flag OAuth applicat
 When Azure AD disables an OAuth application, the following actions occur:
 
 - The malicious application and related service principals are placed into a fully disabled state. Any new token requests or requests for refresh tokens are denied, but existing access tokens are still valid until their expiration.
-- The disabled state is surfaced through an exposed property called *disabledByMicrosoftStatus* on the related [application](/graph/api/resources/application) and [service principal](/graph/api/resources/serviceprincipal) resource types in Microsoft Graph.
+- These applications will show `DisabledDueToViolationOfServicesAgreement` on the `disabledByMicrosoftStatus` property on the related [application](/graph/api/resources/application) and [service principal](/graph/api/resources/serviceprincipal) resource types in Microsoft Graph. To prevent them from being instantiated in your organization again in the future, you cannot delete these objects.
 - An email is sent to a global administrator when a user in an organization consented to an application before it was disabled. The email specifies the action taken and recommended steps they can do to investigate and improve their security posture.
 
 ## Recommended response and remediation
@@ -73,3 +73,4 @@ Administrators should be in control of application use by providing the right in
 - [Managing access to applications](./what-is-access-management.md)
 - [Restrict user consent operations in Azure AD](../../security/fundamentals/steps-secure-identity.md#restrict-user-consent-operations)
 - [Compromised and malicious applications investigation](/security/compass/incident-response-playbook-compromised-malicious-app)
+

articles/active-directory/manage-apps/index.yml

@@ -365,7 +365,7 @@
                   href: workload-identity-overview.md
                 - name: Deploy and configure cluster
                   href: workload-identity-deploy-cluster.md
-                - name: Modernize your app with workload identity
+                - name: Migrate your app from pod identity to workload identity
                   href: workload-identity-migrate-from-pod-identity.md
             - name: Use Azure AD pod identity (preview)
               href: use-azure-ad-pod-identity.md
@@ -411,6 +411,8 @@
               href: configure-azure-cni-dynamic-ip-allocation.md
             - name: Use Azure CNI Overlay
               href: azure-cni-overlay.md
+            - name: Deploy Isovalent Cilium Enterprise
+              href: cilium-enterprise-marketplace.md
         - name: DNS
           items:
             - name: Use a static IP address and DNS label

articles/active-directory/manage-apps/protect-against-consent-phishing.md

@@ -3,7 +3,7 @@ title: Provision Azure NetApp Files volumes on Azure Kubernetes Service
 description: Learn how to provision Azure NetApp Files volumes on an Azure Kubernetes Service cluster.
 ms.topic: article
 ms.custom: devx-track-azurecli
-ms.date: 02/08/2023
+ms.date: 04/18/2023
 ---
 
 # Provision Azure NetApp Files volumes on Azure Kubernetes Service
@@ -272,14 +272,7 @@ Before proceeding to the next section, you need to:
 
 This section walks you through the installation of Astra Trident using the operator.
 
-1. Download Astra Trident from its [GitHub repository](https://github.com/NetApp/trident/releases). Choose from the desired version and download the installer bundle.
-
-    ```bash
-    wget https://github.com/NetApp/trident/releases/download/v21.07.1/trident-installer-21.07.1.tar.gz
-    tar xzvf trident-installer-21.07.1.tar.gz
-    ```
-
-2. Run the [kubectl create][kubectl-create] command to create the *trident* namespace:
+1. Run the [kubectl create][kubectl-create] command to create the *trident* namespace:
 
     ```bash
     kubectl create ns trident
@@ -291,10 +284,15 @@ This section walks you through the installation of Astra Trident using the opera
     namespace/trident created
     ```
 
-3. Run the [kubectl apply][kubectl-apply] command to deploy the Trident operator using the bundle file:
+2. Run the [kubectl apply][kubectl-apply] command to deploy the Trident operator using the bundle file:
 
+ - For AKS cluster version less than 1.25, run following command:
+    ```bash
+    kubectl apply -f https://raw.githubusercontent.com/NetApp/trident/v23.01.1/deploy/bundle_pre_1_25.yaml -n trident
+    ```
+ - For AKS cluster 1.25+ version, run following command:
     ```bash
-    kubectl apply -f trident-installer/deploy/bundle.yaml -n trident
+    kubectl apply -f https://raw.githubusercontent.com/NetApp/trident/v23.01.1/deploy/bundle_post_1_25.yaml -n trident
     ```
 
    The output of the command resembles the following example:
@@ -307,10 +305,10 @@ This section walks you through the installation of Astra Trident using the opera
     podsecuritypolicy.policy/tridentoperatorpods created
     ```
 
-4. Run the following command to create a `TridentOrchestrator` to install Astra Trident.
+3. Run the following command to create a `TridentOrchestrator` to install Astra Trident.
 
     ```bash
-    kubectl apply -f trident-installer/deploy/crds/tridentorchestrator_cr.yaml
+    kubectl apply -f https://raw.githubusercontent.com/NetApp/trident/v23.01.1/deploy/crds/tridentorchestrator_cr.yaml
     ```
 
    The output of the command resembles the following example:
@@ -321,7 +319,7 @@ This section walks you through the installation of Astra Trident using the opera
 
     The operator installs by using the parameters provided in the `TridentOrchestrator` spec. You can learn about the configuration parameters and example backends from the [Trident install guide][trident-install-guide] and [backend guide][trident-backend-install-guide].
 
-5. To confirm Astra Trident was installed successfully, run the following [kubectl describe][kubectl-describe] command: 
+4. To confirm Astra Trident was installed successfully, run the following [kubectl describe][kubectl-describe] command: 
 
     ```bash
     kubectl describe torc trident
@@ -344,7 +342,7 @@ This section walks you through the installation of Astra Trident using the opera
       Current Installation Params:
         IPv6:                       false
         Autosupport Hostname:
-        Autosupport Image:          netapp/trident-autosupport:21.01
+        Autosupport Image:          netapp/trident-autosupport:23.01
         Autosupport Proxy:
         Autosupport Serial Number:
         Debug:                      true
@@ -355,11 +353,11 @@ This section walks you through the installation of Astra Trident using the opera
         Kubelet Dir:          /var/lib/kubelet
         Log Format:           text
         Silence Autosupport:  false
-        Trident Image:        netapp/trident:21.07.1
+        Trident Image:        netapp/trident:23.01.1
       Message:                Trident installed
       Namespace:              trident
       Status:                 Installed
-      Version:                v21.07.1
+      Version:                v23.01.1
     Events:
       Type    Reason      Age   From                        Message
       ----    ------      ----  ----                        -------
@@ -369,7 +367,7 @@ This section walks you through the installation of Astra Trident using the opera
 
 ### Create a backend
 
-1. Before creating a backend, you need to update `backend-anf.yaml` to include details about the Azure NetApp Files subscription, such as:
+1. Before creating a backend, you need to update [backend-anf.yaml][backend-anf.yaml] to include details about the Azure NetApp Files subscription, such as:
 
     * `subscriptionID` for the Azure subscription where Azure NetApp Files will be enabled.
     * `tenantID`, `clientID`, and `clientSecret` from an [App Registration][azure-ad-app-registration] in Azure Active Directory (AD) with sufficient permissions for the Azure NetApp Files service. The App Registration include the `Owner` or `Contributor` role that's predefined by Azure.
@@ -380,7 +378,7 @@ This section walks you through the installation of Astra Trident using the opera
 2. After Astra Trident is installed, create a backend that points to your Azure NetApp Files subscription by running the following command.
 
     ```bash
-    kubectl apply -f trident-installer/sample-input/backends-samples/azure-netapp-files/backend-anf.yaml -n trident
+    kubectl apply -f backend-anf.yaml -n trident
     ```
 
    The output of the command resembles the following example:
@@ -487,7 +485,7 @@ After the PVC is created, a pod can be spun up to access the Azure NetApp Files
     spec:
       containers:
       - name: nginx
-        image: mcr.microsoft.com/oss/nginx/nginx:latest1.15.5-alpine
+        image: mcr.microsoft.com/oss/nginx/nginx:1.15.5-alpine
         resources:
           requests:
             cpu: 100m
@@ -560,6 +558,7 @@ Astra Trident supports many features with Azure NetApp Files. For more informati
 
 <!-- EXTERNAL LINKS -->
 [astra-trident]: https://docs.netapp.com/us-en/trident/index.html
+[kubectl-create]: https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#create
 [kubectl-apply]: https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#apply
 [kubectl-describe]: https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#describe
 [kubectl-exec]: https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#exec
@@ -573,6 +572,7 @@ Astra Trident supports many features with Azure NetApp Files. For more informati
 [expand-trident-volumes]: https://docs.netapp.com/us-en/trident/trident-use/vol-expansion.html
 [on-demand-trident-volume-snapshots]: https://docs.netapp.com/us-en/trident/trident-use/vol-snapshots.html
 [importing-trident-volumes]: https://docs.netapp.com/us-en/trident/trident-use/vol-import.html
+[backend-anf.yaml]: https://raw.githubusercontent.com/NetApp/trident/v23.01.1/trident-installer/sample-input/backends-samples/azure-netapp-files/backend-anf.yaml
 
 <!-- INTERNAL LINKS -->
 [aks-quickstart-cli]: ./learn/quick-kubernetes-deploy-cli.md

articles/aks/TOC.yml

@@ -19,10 +19,6 @@ This article shows you how certificate rotation works in your AKS cluster.
 
 This article requires that you are running the Azure CLI version 2.0.77 or later. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI][azure-cli-install].
 
-## Limitation
-
-Certificate rotation is not supported for stopped AKS clusters. 
-
 ## AKS certificates, Certificate Authorities, and Service Accounts
 
 AKS generates and uses the following certificates, Certificate Authorities, and Service Accounts: