Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into virtual-networks-overview-and-faq

Author: ShawnJackson

.openpublishing.redirection.sentinel.json

@@ -179,6 +179,36 @@
             "source_path": "articles/sentinel/store-logs-in-azure-data-explorer.md",
             "redirect_url": "/azure/azure-monitor/logs/data-retention-archive",
             "redirect_document_id": true
+          },
+          {
+            "source_path": "articles/sentinel/data-connectors/box-using-azure-function.md",
+            "redirect_url": "/azure/sentinel/data-connectors/box-using-azure-functions",
+            "redirect_document_id": true
+          },
+          {
+            "source_path": "articles/sentinel/data-connectors/office-365.md",
+            "redirect_url": "/azure/sentinel/data-connectors/microsoft-365",
+            "redirect_document_id": true
+          },
+          {
+            "source_path": "articles/sentinel/data-connectors/sophos-endpoint-protection-using-azure-function.md",
+            "redirect_url": "/azure/sentinel/data-connectors/sophos-endpoint-protection-using-azure-functions",
+            "redirect_document_id": true
+          },
+          {
+            "source_path": "articles/sentinel/data-connectors/palo-alto-prisma-cloud-cspm-using-azure-function.md",
+            "redirect_url": "/azure/sentinel/data-connectors/palo-alto-prisma-cloud-cspm-using-azure-functions",
+            "redirect_document_id": true
+          },
+          {
+            "source_path": "articles/sentinel/data-connectors/proofpoint-tap-using-azure-function.md",
+            "redirect_url": "/azure/sentinel/data-connectors/proofpoint-tap-using-azure-functions",
+            "redirect_document_id": true
+          },
+          {
+            "source_path": "articles/sentinel/data-connectors/rubrik-security-cloud-data-connector-using-azure-function.md",
+            "redirect_url": "/azure/sentinel/data-connectors/rubrik-security-cloud-data-connector-using-azure-functions",
+            "redirect_document_id": true
           }
     ]
 }

articles/active-directory/authentication/concept-authentication-passwordless.md

@@ -122,6 +122,7 @@ The following providers offer FIDO2 security keys of different form factors that
 | [Feitian](https://shop.ftsafe.us/pages/microsoft) | ![y] | ![y]| ![y]| ![y]| ![y] |
 | [Fortinet](https://www.fortinet.com/) | ![n] | ![y]| ![n]| ![n]| ![n] |
 | [Giesecke + Devrient (G+D)](https://www.gi-de.com/en/identities/enterprise-security/hardware-based-authentication) | ![y] | ![y]| ![y]| ![y]| ![n] |
+| [Google](https://store.google.com/us/product/titan_security_key) | ![n] | ![y]| ![y]| ![n]| ![n] |
 | [GoTrustID Inc.](https://www.gotrustid.com/idem-key) | ![n] | ![y]| ![y]| ![y]| ![n] |
 | [HID](https://www.hidglobal.com/products/crescendo-key) | ![n] | ![y]| ![y]| ![n]| ![n] |
 | [HIDEEZ](https://hideez.com/products/hideez-key-4) | ![n] | ![y]| ![y]| ![y]| ![n] |
@@ -135,6 +136,7 @@ The following providers offer FIDO2 security keys of different form factors that
 | [Nymi](https://www.nymi.com/nymi-band) | ![y] | ![n]| ![y]| ![n]| ![n] |
 | [Octatco](https://octatco.com/) | ![y] | ![y]| ![n]| ![n]| ![n] |
 | [OneSpan Inc.](https://www.onespan.com/products/fido) | ![n] | ![y]| ![n]| ![y]| ![n] |
+| [PONE Biometrics](https://ponebiometrics.com/) | ![n] | ![n]| ![n]| ![y]| ![n] |
 | [Precision Biometric](https://www.innait.com/product/fido/) | ![n] | ![y]| ![n]| ![n]| ![n] |
 | [RSA](https://www.rsa.com/products/securid/) | ![n] | ![y]| ![n]| ![n]| ![n] |
 | [Sentry](https://sentryenterprises.com/) | ![n] | ![n]| ![y]| ![n]| ![n] |

articles/active-directory/authentication/concept-fido2-hardware-vendor.md

@@ -43,6 +43,7 @@ The following table lists partners who are Microsoft-compatible FIDO2 security k
 | [Feitian](https://shop.ftsafe.us/pages/microsoft) | ![y] | ![y]| ![y]| ![y]| ![y] |
 | [Fortinet](https://www.fortinet.com/) | ![n] | ![y]| ![n]| ![n]| ![n] |
 | [Giesecke + Devrient (G+D)](https://www.gi-de.com/en/identities/enterprise-security/hardware-based-authentication) | ![y] | ![y]| ![y]| ![y]| ![n] |
+| [Google](https://store.google.com/us/product/titan_security_key) | ![n] | ![y]| ![y]| ![n]| ![n] |
 | [GoTrustID Inc.](https://www.gotrustid.com/idem-key) | ![n] | ![y]| ![y]| ![y]| ![n] |
 | [HID](https://www.hidglobal.com/products/crescendo-key) | ![n] | ![y]| ![y]| ![n]| ![n] |
 | [HIDEEZ](https://hideez.com/products/hideez-key-4) | ![n] | ![y]| ![y]| ![y]| ![n] |
@@ -56,6 +57,7 @@ The following table lists partners who are Microsoft-compatible FIDO2 security k
 | [Nymi](https://www.nymi.com/nymi-band) | ![y] | ![n]| ![y]| ![n]| ![n] |
 | [Octatco](https://octatco.com/) | ![y] | ![y]| ![n]| ![n]| ![n] |
 | [OneSpan Inc.](https://www.onespan.com/products/fido) | ![n] | ![y]| ![n]| ![y]| ![n] |
+| [PONE Biometrics](https://ponebiometrics.com/) | ![n] | ![n]| ![n]| ![y]| ![n] |
 | [Precision Biometric](https://www.innait.com/product/fido/) | ![n] | ![y]| ![n]| ![n]| ![n] |
 | [RSA](https://www.rsa.com/products/securid/) | ![n] | ![y]| ![n]| ![n]| ![n] |
 | [Sentry](https://sentryenterprises.com/) | ![n] | ![n]| ![y]| ![n]| ![n] |

articles/active-directory/conditional-access/workload-identity.md

@@ -73,7 +73,7 @@ Create a risk-based Conditional Access policy that applies to service principals
    1. Set the **Configure** toggle to **Yes**.
    1. Select the levels of risk where you want this policy to trigger.
    1. Select **Done**.
-1. Under **Grant**, **Block access** is the only available option. Access is blocked when a token request is made from outside the allowed range.
+1. Under **Grant**, **Block access** is the only available option. Access is blocked when the specified risk levels are seen.
 1. Your policy can be saved in **Report-only** mode, allowing administrators to estimate the effects, or policy is enforced by turning policy **On**.
 1. Select **Create** to complete your policy.
 

articles/active-directory/develop/howto-call-a-web-api-with-postman.md

@@ -18,7 +18,7 @@ zone_pivot_groups: web-api-howto-prereq
 
 ::: zone pivot="no-api"
 
-This article shows you how to call a protected ASP.NET Core web API using [Postman](https://www.postman.com/). Postman is an application that lets you send HTTP requests to a web API to test its authorization and access control (authentication) policies. In this article, you'll register a web app and a web API in a tenant on the Azure portal. The web app is used to get an access token generated by the Microsoft identity platform. Next, you'll use the token to make an authorized call to the web API using Postman.
+This article shows you how to call a protected ASP.NET Core web API using [Postman](https://www.postman.com/). Postman is an application that lets you send HTTP requests to a web API to test its authorization and access control (authentication) policies. In this article, you'll register a web app and a web API in a tenant. The web app is used to get an access token generated by the Microsoft identity platform. Next, you'll use the token to make an authorized call to the web API using Postman.
 
 ::: zone-end
 
@@ -69,10 +69,10 @@ The Microsoft identity platform requires your application to be registered befor
 
 Follow these steps to create the web API registration:
 
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Application Developer](../roles/permissions-reference.md#application-developer).
 1. If access to multiple tenants is available, use the **Directories + subscriptions** filter :::image type="icon" source="media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to switch to the tenant in which you want to register the application.
-1. Search for and select **Azure Active Directory**.
-1. Under **Manage**, select **App registrations > New registration**.
+1. Browse to **Identity** > **Applications** > **Application registrations**.
+1. Select **New registration**.
 1. Enter a **Name** for the application, such as _NewWebAPI1_.
 1. For **Supported account types**, select **Accounts in this organizational directory only**. For information on different account types, select **Help me choose** option.
 1. Select **Register**.
@@ -116,8 +116,8 @@ Follow these steps to create the web app registration:
 
 ::: zone pivot="no-api"
 
-1. Select **Home** to return to the home page. Search for and select **Azure Active Directory**.
-1. Under **Manage**, select **App registrations** > **New registration**.
+Select **Home** to return to the home page. Browse to **Identity** > **Applications** > **Application registrations**.
+1. Select **New registration**.
 1. Enter a **Name** for the application, such as `web-app-calls-web-api`.
 1. For **Supported account types**, select **Accounts in this organizational directory only**. For information on different account types, select the **Help me choose** option.
 1. Under **Redirect URI (optional)**, select **Web**, and then enter `http://localhost` in the URL text box.
@@ -127,26 +127,26 @@ Follow these steps to create the web app registration:
 
 ::: zone pivot="api"
 
-1. Sign in to the [Azure portal](https://portal.azure.com).
-1. If access to multiple tenants is available, use the Directories + subscriptions filter :::image type="icon" source="media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to switch to the tenant in which you want to register the application.
-1. Search for and select **Azure Active Directory**.
-1. Under **Manage**, select **App registrations** > **New registration**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Application Developer](../roles/permissions-reference.md#application-developer).
+1. If access to multiple tenants is available, use the **Directories + subscriptions** filter :::image type="icon" source="media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to switch to the tenant in which you want to register the application.  
+1. Browse to **Identity** > **Applications** > **Application registrations**.
+1. Select **New registration**.
 1. Enter a Name for the application, such as `web-app-calls-web-api`.
 1. For **Supported account types**, select **Accounts in this organizational directory only**. For information on different account types, select the **Help me choose** option.
 1. Under **Redirect URI (optional)**, select **Web**, and then enter `http://localhost` in the URL text box.
 1. Select **Register**.
 
 ::: zone-end
 
-When registration is complete, the Azure portal displays the app registration's **Overview** pane. Record the **Directory (tenant) ID** and the **Application (client) ID** to be used in later steps.
+The application's **Overview** pane is displayed when registration is complete. Record the **Directory (tenant) ID** and the **Application (client) ID** to be used in later steps.
 
 #### Add a client secret
 
 A client secret is a string value your app can use to identity itself, and is sometimes referred to as an _application password_. The web app uses the client secret to prove its identity when it requests tokens.
 
 Follow these steps to configure a client secret:
 
-1. From the **Overview** pane in the Azure portal, under **Manage**, select **Certificates & secrets** > **Client secrets** > **New client secret**.
+1. From the **Overview** pane, under **Manage**, select **Certificates & secrets** > **Client secrets** > **New client secret**.
 1. Add a description for your client secret, for example _My client secret_.
 1. Select an expiration for the secret or specify a custom lifetime.
 
@@ -162,14 +162,14 @@ By specifying a web API's scopes, the web app can obtain an access token contain
 
 Follow these steps to configure client's permissions to the web API:
 
-1. From the **Overview** pane of your application in the Azure portal, under **Manage**, select **API permissions** > **Add a permission** > **My APIs**.
+1. From the **Overview** pane of your application, under **Manage**, select **API permissions** > **Add a permission** > **My APIs**.
 1. Select **NewWebAPI1** or the API that you wish to add permissions to.
 1. Under **Select permissions**, check the box next to **Forecast.Read**. You may need to expand the **Permission** list. This selects the permissions the client app should have on behalf of the signed-in user.
 1. Select **Add permissions** to complete the process.
 
 After adding these permissions to your API, you should see the selected permissions under **Configured permissions**.
 
-You may also notice the **User.Read** permission for the Microsoft Graph API. This permission is added automatically when you register an app in the Azure portal.
+You may also notice the **User.Read** permission for the Microsoft Graph API. This permission is added automatically when you register an app.
 
 ::: zone pivot="no-api"
 
@@ -183,8 +183,8 @@ You may also notice the **User.Read** permission for the Microsoft Graph API. Th
 
 1. Navigate to `ms-identity-docs-code-dotnet/web-api` folder and open `appsettings.json`, replace the `{APPLICATION_CLIENT_ID}` and `{DIRECTORY_TENANT_ID}` with:
 
-   - `{APPLICATION_CLIENT_ID}` is the web API **Application (client) ID** on the app's **Overview** pane **App registrations** in the Azure portal.
-   - `{DIRECTORY_TENANT_ID}` is the web API **Directory (tenant) ID** on the app's **Overview** pane **App registrations** in the Azure portal.
+   - `{APPLICATION_CLIENT_ID}` is the web API **Application (client) ID** on the app's **Overview** pane **App registrations**.
+   - `{DIRECTORY_TENANT_ID}` is the web API **Directory (tenant) ID** on the app's **Overview** pane **App registrations**.
 
 1. Execute the following command to start the app:
 

articles/active-directory/develop/howto-configure-app-instance-property-locks.md

@@ -34,19 +34,19 @@ The following property usage scenarios are considered as sensitive:
 
 [!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
 
-To configure an app instance lock using the Azure portal:
+To configure an app instance lock:
 
-1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal</a>.
-1. If you have access to multiple tenants, use the **Directories + subscriptions** filter :::image type="icon" source="./media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to switch to the tenant that contains the app registration you want to configure. 
-1. Search for and select **Azure Active Directory**.
-1. Under **Manage**, select **App registrations**, and then select the application you want to configure.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Cloud Application Administrator](../roles/permissions-reference.md#cloud-application-administrator).
+1. If access to multiple tenants is available, use the **Directories + subscriptions** filter :::image type="icon" source="media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to switch to the tenant in which you want to register the application.
+1. Browse to **Identity** > **Applications** > **Application registrations**.
+1. Select the application you want to configure.
 1. Select **Authentication**, and then select **Configure** under the *App instance property lock* section.
 
-   :::image type="content" source="media/howto-configure-app-instance-property-locks/app-instance-lock-configure-overview.png" alt-text="Screenshot of an app registration's app instance lock in the Azure portal.":::
+   :::image type="content" source="media/howto-configure-app-instance-property-locks/app-instance-lock-configure-overview.png" alt-text="Screenshot of an app registration's app instance lock.":::
 
 2. In the **App instance property lock** pane, enter the settings for the lock. The table following the image describes each setting and their parameters.
 
-   :::image type="content" source="media/howto-configure-app-instance-property-locks/app-instance-lock-configure-properties.png" alt-text="Screenshot of an app registration's app instance property lock context pane in the Azure portal.":::
+   :::image type="content" source="media/howto-configure-app-instance-property-locks/app-instance-lock-configure-properties.png" alt-text="Screenshot of an app registration's app instance property lock context pane.":::
 
    | Field                                    | Description                                                                                                                                                                                                                                                                                                       |
    | ---------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |

articles/active-directory/develop/msal-android-single-sign-on.md

@@ -27,7 +27,7 @@ In this how-to, you'll learn how to configure the SDKs used by your application
 
 This how-to assumes you know how to:
 
-- Provision your app using the Azure portal. For more information, see the instructions for creating an app in [the Android tutorial](./tutorial-v2-android.md#create-a-project)
+- Provision your app. For more information, see the instructions for creating an app in [the Android tutorial](./tutorial-v2-android.md#create-a-project)
 - Integrate your application with the [MSAL for Android](https://github.com/AzureAD/microsoft-authentication-library-for-android)
 
 ## Methods for SSO
@@ -98,7 +98,7 @@ You must register a redirect URI that is compatible with the broker. The redirec
 
 The format of the redirect URI is: `msauth://<yourpackagename>/<base64urlencodedsignature>`
 
-You can use [keytool](https://manpages.debian.org/buster/openjdk-11-jre-headless/keytool.1.en.html) to generate a Base64-encoded signature hash using your app's signing keys, and then use the Azure portal to generate your redirect URI using that hash.
+You can use [keytool](https://manpages.debian.org/buster/openjdk-11-jre-headless/keytool.1.en.html) to generate a Base64-encoded signature hash using your app's signing keys, and then generate your redirect URI using that hash.
 
 Linux and macOS:
 
@@ -114,16 +114,14 @@ keytool -exportcert -alias androiddebugkey -keystore %HOMEPATH%\.android\debug.k
 
 Once you've generated a signature hash with _keytool_, use the Azure portal to generate the redirect URI:
 
-1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal</a>.
-1. If you have access to multiple tenants, use the **Directories + subscriptions** filter :::image type="icon" source="/azure/active-directory/develop/media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to switch to the tenant in which you registered your application.
-1. Search for and select **Azure Active Directory**.
-1. Under **Manage**, select **App registrations**.
-1. Under **Manage**, select **App registrations**, then select your application.
-1. Under **Manage**, select **Authentication** > **Add a platform** > **Android**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Cloud Application Administrator](../roles/permissions-reference.md#cloud-application-administrator).
+1. If access to multiple tenants is available, use the **Directories + subscriptions** filter :::image type="icon" source="media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to switch to the tenant in which you want to register the application.
+1. Browse to **Identity** > **Applications** > **Application registrations**.
+1. Select your application, and then select **Authentication** > **Add a platform** > **Android**.
 1. In the **Configure your Android app** pane that opens, enter the **Signature hash** that you generated earlier and a **Package name**.
 1. Select the **Configure** button.
 
-The Azure portal generates the redirect URI for you and displays it in the **Android configuration** pane's **Redirect URI** field.
+The redirect URI is generated for you and is displayed in the **Android configuration** pane's **Redirect URI** field.
 
 For more information about signing your app, see [Sign your app](https://developer.android.com/studio/publish/app-signing) in the Android Studio User Guide.