Merge branch 'main' into release-restorepoints-ga

Author: v-alje

.openpublishing.redirection.azure-monitor.json

@@ -360,6 +360,11 @@
             "source_path_from_root": "/articles/azure-monitor/insights/azure-cli-application-insights-component.md" ,
             "redirect_url": "/cli/azure/monitor/app-insights",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/insights/redis-cache-insights-overview.md" ,
+            "redirect_url": "/azure/azure-cache-for-redis/redis-cache-insights-overview",
+            "redirect_document_id": false
         }
     ]
 }

articles/active-directory/authentication/howto-authentication-passwordless-phone.md

@@ -2,11 +2,12 @@
 title: Passwordless sign-in with Microsoft Authenticator - Azure Active Directory
 description: Enable passwordless sign-in to Azure AD using Microsoft Authenticator
 
+
 services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 06/23/2022
+ms.date: 07/14/2022
 
 
 ms.author: justinha
@@ -20,38 +21,54 @@ ms.collection: M365-identity-device-management
 
 Microsoft Authenticator can be used to sign in to any Azure AD account without using a password. Microsoft Authenticator uses key-based authentication to enable a user credential that is tied to a device, where the device uses a PIN or biometric. [Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-identity-verification) uses a similar technology.
 
+
 This authentication technology can be used on any device platform, including mobile. This technology can also be used with any app or website that integrates with Microsoft Authentication Libraries.
 
-:::image type="content" border="false" source="./media/howto-authentication-passwordless-phone/phone-sign-in-microsoft-authenticator-app.png" alt-text="Example of a browser sign-in asking for the user to approve the sign-in.":::
+:::image type="content" border="false" source="./media/howto-authentication-passwordless-phone/phone-sign-in-microsoft-authenticator-app-next.png" alt-text="Screenshot that shows an example of a browser sign-in asking for the user to approve the sign-in.":::
 
 People who enabled phone sign-in from Microsoft Authenticator see a message that asks them to tap a number in their app. No username or password is asked for. To complete the sign-in process in the app, a user must next take the following actions:
 
 1. Enter the number they see on the login screen into Microsoft Authenticator dialog.
 1. Choose **Approve**.
 1. Provide their PIN or biometric.
 
-## Prerequisites
+## Multiple accounts on iOS (preview)
 
-To use passwordless phone sign in with Microsoft Authenticator, the following prerequisites must be met:
+You can enable passwordless phone sign-in for multiple accounts in Microsoft Authenticator on any supported iOS device. Consultants, students, and others with multiple accounts in Azure AD can add each account to Microsoft Authenticator and use passwordless phone sign-in for all of them from the same iOS device. 
 
-- Recommended: Azure AD Multi-Factor Authentication, with push notifications allowed as a verification method. Push notifications to your smartphone or tablet help Microsoft Authenticator to prevent unauthorized access to accounts and stop fraudulent transactions. Microsoft Authenticator can either perform traditional MFA push notifications to a device that a user must approve or deny, or it can perform passwordless authentication that requires a user to type a matching number. Microsoft Authenticator automatically generates codes when set up to do push notifications so a user has a backup sign-in method even if their device doesn't have connectivity. 
-- Latest version of Authenticator installed on devices running iOS 8.0 or greater, or Android 6.0 or greater.
-- The device on which Microsoft Authenticator is installed must be registered within the Azure AD tenant to an individual user. 
+Previously, admins might not require passwordless sign-in for users with multiple accounts because it requires them to carry more devices for sign-in. By removing the limitation of one user sign-in from a device, admins can more confidently encourage users to register passwordless phone sign-in and use it as their default sign-in method.
 
-> [!NOTE]
-> If you enabled Microsoft Authenticator for passwordless sign-in using Azure AD PowerShell, it was enabled for your entire directory. If you enable using this new method, it supercedes the PowerShell policy. We recommend you enable for all users in your tenant via the new *Authentication Methods* menu, otherwise users not in the new policy are no longer be able to sign in without a password.
+The Azure AD accounts can be in the same tenant or different tenants. Guest accounts aren't supported for multiple account sign-in from one device.
+
+>[!NOTE]
+>Multiple accounts on iOS is currently in public preview. Some features might not be supported or have limited capabilities. For more information about previews, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). 
+
+## Prerequisites
+
+To use passwordless phone sign-in with Microsoft Authenticator, the following prerequisites must be met:
 
-## Enable passwordless authentication methods
+- Recommended: Azure AD Multi-Factor Authentication, with push notifications allowed as a verification method. Push notifications to your smartphone or tablet help the Authenticator app to prevent unauthorized access to accounts and stop fraudulent transactions. The Authenticator app automatically generates codes when set up to do push notifications so a user has a backup sign-in method even if their device doesn't have connectivity. 
+- Latest version of Microsoft Authenticator installed on devices running iOS 12.0 or greater, or Android 6.0 or greater.
+- For Android, the device that runs Microsoft Authenticator must be registered to an individual user. We're actively working to enable multiple accounts on Android. 
+- For iOS, the device must be registered with each tenant where it's used to sign in. For example, the following device must be registered with Contoso and Wingtiptoys to allow all accounts to sign in:
+  - [email protected]
+  - [email protected] and bsandhu@wingtiptoys
+- For iOS, the option in Microsoft Authenticator to allow Microsoft to gather usage data must be enabled. It's not enabled by default. To enable it in Microsoft Authenticator, go to **Settings** > **Usage Data**.
+  
+  :::image type="content" border="true" source="./media/howto-authentication-passwordless-phone/telemetry.png" alt-text="Screenshot os Usage Data in Microsoft Authenticator.":::
 
 To use passwordless authentication in Azure AD, first enable the combined registration experience, then enable users for the passwordless method.
 
-### Enable passwordless phone sign-in authentication methods
+## Enable passwordless phone sign-in authentication methods
 
 Azure AD lets you choose which authentication methods can be used during the sign-in process. Users then register for the methods they'd like to use. The **Microsoft Authenticator** authentication method policy manages both the traditional push MFA method, as well as the passwordless authentication method. 
 
+> [!NOTE]
+> If you enabled Microsoft Authenticator passwordless sign-in using Azure AD PowerShell, it was enabled for your entire directory. If you enable using this new method, it supersedes the PowerShell policy. We recommend you enable for all users in your tenant via the new **Authentication Methods** menu, otherwise users who aren't in the new policy can't sign in without a password.
+
 To enable the authentication method for passwordless phone sign-in, complete the following steps:
 
-1. Sign in to the [Azure portal](https://portal.azure.com) with an *authentication policy administrator* account.
+1. Sign in to the [Azure portal](https://portal.azure.com) with an *Authentication Policy Administrator* account.
 1. Search for and select *Azure Active Directory*, then browse to **Security** > **Authentication methods** > **Policies**.
 1. Under **Microsoft Authenticator**, choose the following options:
    1. **Enable** - Yes or No
@@ -87,6 +104,7 @@ A user can start to utilize passwordless sign-in after all the following actions
 - An admin has enabled the user's tenant.
 - The user has added Microsoft Authenticator as a sign-in method.
 
+
 The first time a user starts the phone sign-in process, the user performs the following steps:
 
 1. Enters their name at the sign-in page.
@@ -98,7 +116,7 @@ The user is then presented with a number. The app prompts the user to authentica
 
 After the user has utilized passwordless phone sign-in, the app continues to guide the user through this method. However, the user will see the option to choose another method.
 
-:::image type="content" border="true" source="./media/howto-authentication-passwordless-phone/web-sign-in-microsoft-authenticator-app.png" alt-text="Example of a browser sign-in using Microsoft Authenticator.":::
+:::image type="content" border="true" source="./media/howto-authentication-passwordless-phone/number.png" alt-text="Screenshot that shows an example of a browser sign-in using the Microsoft Authenticator app.":::
 
 ## Known Issues
 
@@ -127,14 +145,6 @@ An end user can be enabled for multifactor authentication (MFA) through an on-pr
 
 If the user attempts to upgrade multiple installations (5+) of Microsoft Authenticator with the passwordless phone sign-in credential, this change might result in an error.
 
-### Device registration
-
-Before you can create this new strong credential, there are prerequisites. One prerequisite is that the device on which Microsoft Authenticator is installed must be registered within the Azure AD tenant to an individual user.
-
-Currently, a device can only be enabled for passwordless sign-in in a single tenant. This limit means that only one work or school account in Microsoft Authenticator can be enabled for phone sign-in.
-
-> [!NOTE]
-> Device registration is not the same as device management or mobile device management (MDM). Device registration only associates a device ID and a user ID together, in the Azure AD directory.
 
 ## Next steps
 

articles/active-directory/authentication/media/howto-authentication-passwordless-phone/match.png

@@ -108,7 +108,7 @@ Filters can be applied in one, two, or all three categories depending on the typ
 
 1. From the **Authorization System Type** dropdown, select the authorization system you want to use: **AWS**, **Azure**, or **GCP**.
 1. From the **Authorization System** dropdown, select from a **List** of accounts and **Folders**.
-1. From the **Identity Subtype**, select the type of user: **All**, **ED**, **Local**, or **Cross Account**.
+1. From the **Identity Subtype**, select the type of user: **All**, **ED** (Enterprise Directory), **Local**, or **Cross Account**.
 1. Select **Apply** to run your query and display the information you selected.
 
     Select **Reset filter** to discard your changes.
@@ -158,4 +158,4 @@ You can filter user details by type of user, user role, app, or service used, or
 - To view assigned permissions and usage of the group and the group members, see [View analytic information about groups](usage-analytics-groups.md).
 - To view active resources, see [View analytic information about active resources](usage-analytics-active-resources.md).
 - To view the permission usage of access keys for a given user, see [View analytic information about access keys](usage-analytics-access-keys.md).
-- To view assigned permissions and usage of the serverless functions, see [View analytic information about serverless functions](usage-analytics-serverless-functions.md).
+- To view assigned permissions and usage of the serverless functions, see [View analytic information about serverless functions](usage-analytics-serverless-functions.md).

articles/active-directory/authentication/media/howto-authentication-passwordless-phone/number-sent.png

@@ -21,7 +21,7 @@ ms.custom: has-adal-ref
 
 ## Prerequisites
 
-- Node version 10, 12 or 14. See the [note on version support](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-node#node-version-support)
+- Node version 10, 12, 14, 16 or 18. See the [note on version support](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-node#node-version-support)
 
 ## Update app registration settings
 
@@ -373,16 +373,19 @@ const cca = new msal.ConfidentialClientApplication(config);
 
 const refreshTokenRequest = {
     refreshToken: "", // your previous refresh token here
-    scopes: ["user.read"],
+    scopes: ["https://graph.microsoft.com/.default"],
+    forceCache: true,
 };
 
 cca.acquireTokenByRefreshToken(refreshTokenRequest).then((response) => {
-    console.log(JSON.stringify(response));
+    console.log(response);
 }).catch((error) => {
-    console.log(JSON.stringify(error));
+    console.log(error);
 });
 ```
 
+For more information, please refer to the [ADAL Node to MSAL Node migration sample](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/samples/msal-node-samples/refresh-token).
+
 > [!NOTE]
 > We recommend you to destroy the older ADAL Node token cache once you utilize the still valid refresh tokens to get a new set of tokens using the MSAL Node's `acquireTokenByRefreshToken` method as shown above.
 
@@ -419,7 +422,7 @@ var adal = require('adal-node');
 // Authentication parameters
 var clientId = 'Enter_the_Application_Id_Here';
 var clientSecret = 'Enter_the_Client_Secret_Here';
-var tenant = 'common';
+var tenant = 'Enter_the_Tenant_Info_Here';
 var authorityUrl = 'https://login.microsoftonline.com/' + tenant;
 var redirectUri = 'http://localhost:3000/redirect';
 var resource = 'https://graph.microsoft.com';
@@ -501,7 +504,7 @@ const msal = require('@azure/msal-node');
 const config = {
     auth: {
         clientId: "Enter_the_Application_Id_Here",
-        authority: "https://login.microsoftonline.com/common",
+        authority: "https://login.microsoftonline.com/Enter_the_Tenant_Info_Here",
         clientSecret: "Enter_the_Client_Secret_Here"
     },
     system: {

articles/active-directory/authentication/media/howto-authentication-passwordless-phone/number.png

@@ -2,14 +2,14 @@
 title: Quickstart - Access & create new tenant - Azure AD
 description: Instructions about how to find Azure Active Directory and how to create a new tenant for your organization.
 services: active-directory
-author: ajburnle
-manager: karenhoran
+author: barclayn
+manager: rkarlin
 ms.service: active-directory
 ms.subservice: fundamentals
 ms.workload: identity
 ms.topic: quickstart
 ms.date: 12/22/2021
-ms.author: ajburnle
+ms.author: barclayn
 ms.custom: it-pro, seodec18, fasttrack-edit, mode-other
 ms.collection: M365-identity-device-management
 ---